OPEN APP
Home / Opinion / Columns /  Opinion | New spam on the block: Cybercriminals use clickbait to spread malware

Eat This Superfood to Shed 10kg in 10 Days. The Results Will Shock You!" Intrigued by the headline, you click on the link. You’ve scrolled through the entire article only to realize it’s a bunch of baloney, meant to waste your time. You hate yourself a little and get back to work, swearing to not be fooled again.

Compelling headlines such as these, known as ‘clickbait’, entice readers with content that is hard to resist. These usually have provocative and catchy headlines, which use exaggeration to make someone interested enough to click on the link. However, the actual content behind the headline turns out to be misleading and nothing that you did not already know!

A relative to traditional spam, clickbait has flooded search engines and social media platforms. Bouncing around your computer frame, clickbait may also present itself in the form of a catchy quiz or survey. ‘Spin the wheel to win a free iPhone 11 Pro!’, and aren’t we all guilty of clicking the link and spinning a wheel in the hope of winning a freebie? Reality check—you’re probably reading this article because of the headline!

Playing on human curiosity

Almost 90% of the traffic clickbait draws is because of the headline. Typically latching onto people’s insecurities, such as skin complexion, body weight or the greed for instant money, the motive is to invoke emotion and trigger interest.

‘You won’t believe it’. ‘You’ll never guess who did this’, are examples of captivating headlines. Threat actors (hackers or others with malicious intent) often capitalize on our interest in Bollywood gossip, celebrity breakups, movie releases, and so on. The tell-tale sign of a clickbait is its failure to display all content on the same page.

In the form of a contest or survey, they will ask you for personal information or access to your social media account. Unfortunately, the success behind these attacks does not rely on only exploiting security vulnerabilities but exploiting the human psyche in tandem.

Attackers trust the process

Clickbait may eventually lead you into a chain of other malicious links, a process referred to as clickjacking, an old trick in the hacker’s handbook. This involves clicking on a link that seemingly takes you to one place but instead, routes you to the attacker’s desired destination, which contain malicious code, including ransomware, viruses or trojans, that allow bad actors to access your system.

Typically, dubious clickbait sites will ask users who fall into the trap to register, by entering their personal information such as name, address, mobile number, and date of birth, to riskier information such as bank account number or credit card details. Once in their possession, your information can be used to execute financial fraud or even identity theft.

In addition to often being a disappointment, some serve a greater, more sinister purpose. ‘Malvertising’, as the name suggests, is malicious advertising, designed to deliver malware to devices displaying the ad.

Cybercriminals find ways to hijack ads or ad-distribution services to deliver malware without the legitimate advertisers even knowing it’s happening! Once installed, it has the potential to redirect the user to a malicious website, while some are even designed to seize and use the machine’s computing power to mine cryptocurrencies.

Beat the bait

From security woes to the deliberate and contentious promotion of misinformation, the threats posed by clickbait require serious attention. So, mind your permissions! Don’t allow third-party apps access to any personal information. It doesn’t matter how much you want to know which celebrity you most resemble. Always steer clear of it.

While not all quizzes are malicious, it is a common and successful way to lure you into clicking and, subsequently, hijacking your account. Protect yourself ahead of time by installing a comprehensive security solution. Ensure that you download all software updates, as these often include critical vulnerability patches.

It is hard not to check out those cute baby pandas once in a while. However, you increase your risk with every click.

As with all things security, a healthy dose of alertness and scepticism comes at zero cost, but holds most value. Always question the legitimacy of a link before clicking, as on the internet not everything is what it appears.

In the internet of today, the value of information is determined by popularity, rather than accuracy or quality. In the virtual world, trust is a good thing, but control is better.

Venkat Krishnapur is vice-president of engineering and managing director at McAfee India.

Subscribe to Mint Newsletters
* Enter a valid email
* Thank you for subscribing to our newsletter.

Never miss a story! Stay connected and informed with Mint. Download our App Now!!

Close
×
Edit Profile
My ReadsRedeem a Gift CardLogout