Story image

Malaysians urged to watch out for clickbait and 'fake news' as election season approaches

27 Mar 18

Quann Malaysia is warning Malaysians to be vigilant and watch for clickbait phishing links as the 14th Malaysian General Elections approach.

The security firm believes that there will be an increase in ‘fake news’ this year. This will result from clickbait phishing websites or emails with attachments that feature ‘exclusive’ or ‘shocking’ stories, used to bait users into providing personal information

Quann Malaysia general manager Ivan Wen says that when news sounds too good to be true, it is likely fake news.

“Once clicked, users are led to a phishing site that tricks victims into giving their personal data such as email addresses, identity card numbers, and even credit card information. These could compromise critical financial information. These phishing emails can also launch ransomware attacks that encrypt important information on the device. In a worst-case scenario, this can become a national threat.”

Wen says that the phishing links could automatically be shared with people’s contacts if attackers get access to a device, which means contacts may be put in harm’s way as well.

Quann says there have been two major country elections that spawned clickbait links and cybersecurity threats.

The first was the 2016 United States Election. According to Quann, a phishing campaign by a Russian intelligence agency was launched against a US company that was involved in developing election systems.

“Fake Google alert emails were send to employees which when clicked took them to a legitimate looking Google site where hackers were able to steal their data,” Quann states.

“Using information obtained in the attack, the hackers sent 122 phishing emails containing Microsoft Word document attachments to local government agencies offering ‘election related products and services’. These documents had been ‘trojanized’ with a Visual Basic script that once connected to the internet, downloaded an unknown payload to the device, to steal and access the victim’s information.”

 In 2017, threat actors also targeted several UK parliament MPs that compromised personal emails, Quann adds.

“Juicy news is hard to resist, but the possibility of losing your critical data, or worse, your money is not worth succumbing to curiosity conjured by the unbelievable clickbait news or offer titles,” Wen says.

Wen advises people to be wary of clickbait and take the following precautions:

  • Key in the address of a legitimate news site instead of directly clicking links sent to you. This avoids being tricked and misdirected to a fake website. 
  • Before clicking, hover your mouse pointer over the link to view the link address. Do not click website links that are unfamiliar, even if they came from someone you know. Their accounts could have been compromised. 
  • Install an anti-phishing toolbar and antivirus that run quick checks on sites you visit to ensure they are safe to visit 
  • Only access secure sites that begin with “https” with a closed lock icon near the address bar.
  • Regularly monitor your online accounts to ensure they have not been hacked. Use strong passwords and regularly change them.
  • Regularly update your browsers with the necessary security patches 
  • Beware of pop-up windows masquerading as legitimate extensions of a website. Often they are used to target users visiting a website that has been compromised.
Hillstone CTO's 2019 security predictions
Hillstone Networks CTO Tim Liu shares what key developments could be expected in the areas of security compliance, cloud, security, AI and IoT.
Can it be trusted? Huawei’s founder speaks out
Ren Zhengfei spoke candidly in a recent media roundtable about security, 5G, his daughter’s detainment, the USA, and the West’s perception of Huawei.
Oracle Java Card update boosts security for IoT devices
"Java Card 3.1 is very significant to the Internet of Things, bringing interoperability, security and flexibility to a fast-growing market currently lacking high-security and flexible edge security solutions."
Sophos hires ex-McAfee SVP Gavin Struther
After 16 years as the APAC senior vice president and president for McAfee, Struthers is now heading the APJ arm of Sophos.
Half of companies unable to detect IoT device breaches
A Gemalto study also shows that the of blockchain technology to help secure IoT data, services and devices has doubled in a year.
Huawei founder publically denies spying allegations
“After all the evidence is made public, we will rely on the justice system.”
Malware downloader on the rise in Check Point’s latest Threat Index
Organisations continue to be targeted by cryptominers, despite an overall drop in value across all cryptocurrencies in 2018.
IoT breaches: Nearly half of businesses still can’t detect them
The Internet of Thing’s (IoT’s) rapid rise to prominence may have compromised its security, if a new report from Gemalto is anything to go by.