“To know your Enemy, you must become your Enemy.”
― Sun Tzu
Reports surfaced this week of fraudulent emails imitating the Center for Disease Control and Prevention. The emails informed the recipient of the coronavirus, attempting to elicit a fearful, thoughtless response. Some tried to steal email login credentials while others preyed upon your humanity and asked that you donate to a vaccination research fund. Both attempts, like all phishing scams, appeared legitimate if skimmed, but fail to convince hold up under scrutinous study.
Kaspersky published an article with screenshots of two of the emails. One of the links took you to a website that displayed as a Microsoft Outlook login, and the other provided a bitcoin donation link. The emails came from domains with subtle changes from the actual CDC domain (cdc-gov.org and cdcgov.org). The real domain for the CDC is cdc.gov. The average person forgets that .gov serves as a domain, and nothing seems suspicious when they receive an email from cdcgov.org.
This most recent attempt provides insight into the minds’ of cybercriminals. They thrive in crises because humans make impulsive decisions rather than logical decisions. Cybercriminals take advantage of situations that create fear or sorrow; they exploit vulnerabilities.
Whether knowingly or not, cybercriminals follow many of the principles of The Art of War, a famous book by Sun Tzu on the principles of war.
“So in war, the way is to avoid what is strong and strike at what is weak.”
― Sun Tzu, The Art of War
As mentioned above, cybercriminals select targets in a frightened or weakened state. Sending a message about donating for the research of a new vaccination works because you are frightened of contracting the coronavirus and want protection from it. The fear distracts you from considering all the facts, and in your weakness, you make an emotional decision to click on the donation link. If they targeted during times of non-crisis, your brain might see the red flags and encourage you to investigate the email further, bringing you to the conclusion that the email is a fraudulent scheme.
“The supreme art of war is to subdue the enemy without fighting.”
― Sun Tzu, The Art of War
By attacking during times of crisis, cybercriminals avoid dirtying their own hands. Crisis provides the attack, the state of weakness, the impulsive decision making, and allows the cybercriminals to sweep in like vultures for the leftovers. Before you realize the scam, they already accessed your data, or you made an untraceable bitcoin donation, and you suffer the consequences while they escape justice.
“Be extremely subtle, even to the point of formlessness. Be extremely mysterious, even to the point of soundlessness. Thereby you can be the director of the opponent’s fate.”
― Sun Tzu, The Art of War
Cybercriminals use subtleties and vagueness to avoid attracting suspicion. Using domain names that barely vary from the real one or unspecific details about the research for a vaccine appear legitimate if not read thoroughly. They manipulate you into making decisions based on actual circumstances with mysterious and subtle fake solutions.
“To know your Enemy; you must become your Enemy.”
― Sun Tzu, The Art of War
Luckily, if we incorporate some of Sun Tzu’s advice ourselves, we prevent ourselves from falling for cybercriminals’ schemes. We must know our enemy to defeat our enemy. Sun Tzu says to know your enemy; you must become your enemy. Or we need to approach the solution from their point of view. We know they prey on times of crisis or fear because of our tendency to be vulnerable during those times. So when we receive emails asking for immediate action, we must thoroughly examine the email for details inconsistent with what we know. Run through this checklist.
- Is the domain legitimate? – Double-check that it is from the correct web domain. (www.exampledomain.com vs. www.example-domain.com). Although similar in appearance, they are two different domains and easily mistaken.
Are they asking for personal information? – Most legitimate companies will never ask for the transmission of personal data over unsecured communication methods. - Read the entire email. – Phishing emails tend to be vague or filled with extremes to convince you to make a rash decision, but if you read carefully, their fraudulence becomes apparent quickly.
- Know your cyber enemy, so you prepare your defense accordingly! If you have any questions about other types of cybercrimes, reach out to us at info@origamitg.com. Thanks for reading, and make sure to follow us on social media so you can keep up with our weekly content.
Linkedin: Origami Technology Group
Facebook: Origami Technology Group
Twitter: @0rigamiTG
Recent Comments