A local cyber-security firm have warned voters to be prepared for a rise in clickbait phishing links that could potentially be a cybersecurity threat in the upcoming 14th General Election (GE14).
Quann Malaysia general manager, Ivan Wen, said in a statement that the internet could see a rise in clickbait phishing sites or emails with attachments and sensational titles that trick users to click links for “Exclusive” or “Shocking” stories.
“When a news sounds too good to be true, it is likely fake news,” he said.
Phishing sites are used to trick victims into giving their personal data such as email addresses, identity card numbers, and even credit card information.
These phishing emails can also launch ransomware attacks that encrypt important information on the device.
In a worst-case scenario, this can become a national threat, the firm said.
“Besides that, these phishing links could automatically be shared with your contacts once they have access to your device,” Wen said.
According to a report by Dynamic Business Technologies, 48 per cent of IT providers reported that phishing emails were behind ransomware attacks.
Quann cites two country elections where clickbait links resulted in cyber security threats.
In the 2016 US Elections, a phishing campaign by Russian Intelligence Agency was allegedly launched against a US company involved in developing election systems. Fake Google alert emails were sent to employees which when clicked took them to a legitimate looking Google site where hackers were able to steal their data.
Using information obtained in the attack, the hackers sent 122 phishing emails containing Microsoft Word document attachments to local government agencies offering ‘election related products and services’.
These documents had been ‘trojanised’ with a Visual Basic script that once connected to the internet, downloaded an unknown payload to the device, to steal and access the victim’s information, the company said.
Wen said in UK last year, several parliament MPs were targeted in a phishing campaign. While the report said parliament sites and addresses were not compromised, several individual’s personal emails were being compromised with key information leaks.
To prevent being infected by malware via clickbait links, the company advised users to take the following precautions:
• Key in the address of a legitimate news site instead of directly clicking links sent to you
• Before clicking, hover your mouse pointer over the link to view the link address. Do not click website links that are unfamiliar, even if they came from someone you know. Their accounts could have been compromised.
• Install an Anti-Phishing Toolbar and Antivirus that run quick checks on sites you visit to ensure they are safe to visit.
• Only access secure sites that begin with “https” with a closed lock icon near the address bar.
• Regularly monitor your online accounts to ensure they have not been hacked. Use strong passwords and regularly change them.
• Regularly update your browsers with the necessary security patches.
• Beware of pop-up windows masquadering as legitimate extensions of a website as they are often used to target users visiting a website that has been compromised.