If you don’t already know, phishing attacks are not a technology exploit, they are a human exploit. Phishing technology itself is usually not that clever. A fake email, a fake website, and you have all the makings of a phishing attack.

The real trick to successful phishing attacks is the way they exploit human weaknesses. And there’s no greater human weakness than greed. People have been known to make some really dumb decisions when they let greed get the better of them. Hackers know it, and they use it in social engineering, which is a precursor to most phishing attacks.

The latest example of this comes from the world of video gaming. According to an article on SC Magazine, “Cybercriminals are reportedly attempting to trick users of the Steam video game digital distribution service into visiting a phishing site that pretends to give away new game skins, but actually steals login credentials. The malicious site further perpetuates the scam by showing what appears to be a $30,000 giveaway promotion featuring 26 days’ worth of free skins for the multiplayer first-person shooter game.”

After doing some research, Bleeping Computer discovered the “scam is being promoted through comments made to Steam profiles. These comments state ‘Dear winner! Your SteamID is selected as a winner of Weekly giveaway. Get your Karambit | Doppler on giveavvay.com.'”.

The hackers didn’t even need to take over the Steam website. All they had to do was post some bogus comments in the comments section to lure in their victims. And, if you were paying close attention, you noticed the exploit.

Domain name spoofing is a phishing tactic where hackers give you a link to a website that looks like one thing, but is really another. In this case, the website “give away dot com” is malicious because the “w” in the word “away” is actually two “v”s. Would you have caught that?

One of the rules of thumb for identifying potential threats is pretty simple: free stuff = scam.

Would you fall for an exploit like this in the comments section? How about if it showed up in your inbox?

It only takes a moment to fall for a phishing scam based on greed, or any other human weakness. And the only way to combat human weaknesses is with technology.

Technology that sees two “v”s and not a “w”. Technology that isn’t greedy. Technology that’s specifically designed to stop phishing attacks. Technology like DuoCircle.

DuoCircle is cloud-based phishing protection software designed specifically to keep you safe from phishing attacks like the one against the Steam distribution service. And because it’s cloud based, it requires no hardware, no software, no maintenance and sets up in 10 minutes.

Protect you and your greedy employees from phishing attacks with Phishing Protection from DuoCircle. It costs pennies per employee per month, comes with live 24/7 phone support and is backed by a 30 money-back guarantee. When it comes to phishing  protection, it’s no time to be greedy.

Pin It on Pinterest

Share This