Understanding Spams

Spam Email

Spam Email is often disguised in an attempt to fool any anti-spam software you may have installed. Spammers try to find ways to modify or conceal their messages to achieve this, such as putting spaces between letters or replacing key letters with numbers or characters so that spam filters will not be triggered. While your anti-spam software may not always be able to catch this, you should be able to identify it fairly easily. Spam may be used to bombard you with unsolicited messages, which may include inappropriate or offensive adult content. Spam may also contain malware or be part of a “phishing” scam (see the Online Scams section below).

Instant Messaging (IM) Spam

Instant Messaging spam (IM Spam) is similar to spam email. The main difference is that rather than focusing their efforts on bombarding your email inbox, spammers attempt to fool you on an instant messaging service such as BlackBerry Messenger or Apple’s iMessage. While not as common as spam email, IM spam is more difficult to block out because no particular software exists specifically for spam received while using instant messaging services. A good way to avoid most of it is to create a closed list of friends from whom instant messages are accepted. Even then, it is always possible that a computer belonging to someone within your “safe” list could become infected, so any strange link you receive via IM should be verified before you click on it.

Forum and Comment Spam

Spam is also often found in online forums and discussion boards and in the comments sections of online newspaper and magazine articles Spammers can attack these by posting spam messages as comments. These may be simple ads but can also include links leading to malicious websites.

Mobile Phone Spam

It is possible to receive spam messages through email, text messages or even phone calls on your mobile phone. On top of the usual issues with spam, you may be charged for these unsolicited text messages or pay valuable minutes for the intrusive phone calls.

SPIT (Spam in VoIP Sessions)

SPIT (Spam over Internet telephony), or VoIP

(Voice over Internet Protocol) spam, comes as a phone call using VoIP. While it is not yet very common, the biggest problem surrounding SPIT is that on average, voice messages are 10 times larger than email messages and therefore consume a lot of bandwidth. This could lead to significantly decreased call clarity and quality. The prevalence of SPIT is expected to rise as the same sources that produce large amounts of spam email can easily modify their messages into VoIP spam calls.

CONTACT US FOR ANY SUPPORT

By

Spam, Scams, Frauds and Identity Theft

Spam refers to unsolicited bulk messages being sent through email, instant messaging or other digital communication tools. It is generally used by advertisers because there are no operating costs beyond that of managing their mailing lists. It could also take place in chat rooms, in blogs and more recently within voice over internet conversation (such as Skype). Beyond being a simple nuisance, spam can also be used to collect sensitive information from users and has also been used to spread viruses and other malware.

Online identity theft is the theft of personal information in order to commit fraud. This can happen through your email account but it can also be a result of online purchases or other situations where you give out sensitive information such as your credit card information or your social insurance number.

A related concern is identity spoofing, in which the victim is impersonated on social networking sites such as Facebook or Twitter. Identity spoofing may also involve spoofing someone’s IP address (the unique number associated to your computer as you surf the internet). The purpose of identity spoofing on social networking sites can range from a simple prank to more serious attacks aimed at shaming or hurting someone’s social networks. Internet Protocol spoofing is used by hackers to cover their tracks or to gain access to places normally closed to them.

Risks relating to online shopping can include overspending or receiving items that do not match their description once you have already paid for them (or not having received any item at all). Because of the distance between the buyer and seller online, shopping on the Internet puts consumers particularly at risk of receiving shoddy goods.

The best defenses to these online scams and frauds generally rely on caution and skepticism when using the Internet. For example:

  • You should only open email from trusted senders and use spam filters or anti-spam software (some anti-spam software is available online free of charge, such as Spamfence).
  • Verify any request for your personal information online before responding. For example, no reputable financial institution will ever ask you for highly personal information via email: to find out if a request is legitimate, call your bank or navigate to their website (do not follow links in an email claiming to be from a bank or credit card company).
  • Don’t give out personally identifiable information (your full name, your age, your address, your social insurance number, etc.) without a good reason.
  • Turn any device that uses the Internet to offline mode when they are not in use (most mobile devices have an “Airplane mode” that turns off their Internet functions).
  • You can also help to minimize your risk by visiting only trusted sites.

The sections that follow give more detail on these threats and more detailed security tips for each.

CONTACT US FOR ANY SUPPORT

By

Fake check scams

If someone you don’t know wants to pay you by check but wants you to wire some of the money back, beware! It’s a scam that could cost you thousands of dollars.

Stay safe. Be Informed.

  • There are many variations of the fake check scam. It could start with someone offering to buy something you advertised, pay you to do work at home, give you an “advance” on a sweepstakes you’ve supposedly won, or pay the first installment on the millions that you’ll receive for agreeing to have money in a foreign country transferred to your bank account for safekeeping. Whatever the pitch, the person may sound quite believable.

  • Fake check scammers hunt for victims.

    They scan newspaper and online advertisements for people listing items for sale, and check postings on online job sites from people seeking employment. They place their own ads with phone numbers or email addresses for people to contact them. They buy “sucker lists” on the black market which has sensitive information of people who have been previously scammed. And they call or send emails or faxes to people randomly, knowing that some will take the bait.

  • They often claim to be in another country. The scammers say it’s too difficult and complicated to send you the money directly from their country, so they’ll arrange for someone in the U.S. to send you a check.

  • They tell you to wire money to them after you’ve deposited the check. If you’re selling something, they say they’ll pay you by having someone in the U.S. who owes them money send you a check. It will be for more than the sale price; you deposit the check, keep what you’re owed, and wire the rest to them. If it’s part of a work-at-home scheme, they may claim that you’ll be processing checks from their “clients.” You deposit the checks and then wire them the money minus your “pay.” Or they may send you a check for more than your pay “by mistake” and ask you to wire them the excess. In the sweepstakes and foreign money offer variations of the scam, they tell you to wire them money for taxes, customs, bonding, processing, legal fees, or other expenses that must be paid before you can get the rest of the money.

  • The checks are fake but they look real. In fact, they look so real that even bank tellers may be fooled. Some are phony cashiers checks, others look like they’re from legitimate business accounts. The companies whose names appear may be real, but someone has dummied up the checks without their knowledge.

  • You don’t have to wait long to use the money, but that doesn’t mean the check is good.Under federal law, banks have to make the funds you deposit available quickly–usually within one to five days, depending on the type of check. But just because you can withdraw the money doesn’t mean the check is good, even if it’s a cashier’s check. It can take weeks for the forgery to be discovered and the check to bounce.

  • You are responsible for the checks you deposit. 

    That’s because you’re in the best position to determine the risk–you’re the one dealing directly with the person who is arranging for the check to be sent to you. When a check bounces, the bank deducts the amount that was originally credited to your account. If there isn’t enough to cover it, the bank may be able to take money from other accounts you have at that institution, or sue you to recover the funds. In some cases, law enforcement authorities could bring charges against the victims because it may look like they were involved in the scam and knew the check was counterfeit.


  • There is no legitimate reason for someone who is giving you money to ask you to wire money back.

    If a stranger wants to pay you for something, insist on a cashiers check for the exact amount, preferably from a local bank or a bank that has a branch in your area.

CONTACT US FOR ANY SUPPORT

By

Types of Advance Fee Fraud

Types of Advance Fee Fraud 

Since the evolution of the “419 Fraud” letters from the 80’s, scammers have evolved and updated their tactics. Today, the types of advance fee fraud schemes are limited only by the imagination of the perpetrators who create them. They may involve the sale of products or services, offering of investments, lottery winnings, “found money”, or other opportunities. Some fraudsters will offer to find financing arrangements for clients who pay a “finder’s fee” in advance. Soon after the contract is signed and the finder’s fee is paid, the victim finds out that they are not eligible for financing and the perpetrator has made off with their money. The following are some common examples of advance fee fraud scams:

  • Beneficiary fund scam

    The scammers often present some type of story about needing your help to get money from a bank in another country. The story will usually involve someone who has died and the perpetrator alleges that if they do not act quickly, the money will be turned over to the government.

  • Lottery scam

    Scam claims that you have won money in an overseas lottery. The letter or e-mail will usually ask for personal information to confirm your identity so you can collect your winnings.

  • Investment scam

    An investment company contacts you and needs your assistance in investing money overseas. The letter or e-mail will look as though it is coming from a reputable investment firm or government official. The letter will ask you to contact the company, where you will be asked to pay some sort of fee up front in return for a hefty profit that does not exist.

  • Romance scam

    Scammers pull at the heart strings of those on internet dating websites and chat rooms by asking for money for sick relatives, or money for a plane ticket to meet you in person.

An article recently published in the New York Times described an advance fee fraud scheme that carried on for years, claiming almost 2,000 victims and $26 million. The Company appealed to people looking for investors for their businesses. During a time when job insecurity was high, bank requirements for loans were strict, the Company provided high hopes for those just trying to make a living by making them believe they would invest in their business or find investors for them. The hopeful entrepreneurs only needed to pay up-front fees of between $10,000 and $40,000. Unfortunately, the Company did nothing with the money. When clients started complaining and asking for their money back, phone calls were not returned and files were transferred to someone else. One victim, who felt as though he was fairly business savvy, looked to the Company to help him find investors for a multi-use development project. After paying $15,000 in “due diligence” fees and over $1,000,000 in pre-development costs, the victim was forced to declare bankruptcy on one of his businesses. Because the Company worked diligently to make their business appear legitimate, they were able to de-fraud even the smartest of business owners. Sadly, the money lost by victims is generally very difficult to recover. Companies like this word their contracts to make it almost impossible for victims to sue for fraud. Therefore, it is imperative to understand the warning signs of a suspicious business opportunity.

CONTACT US FOR ANY SUPPORT

By

What is Pagejacking?

Definition

Theft of a page from the original site and publication of a copy (or near-copy) at another site.

Information

Pagejacking does not mean taking over a page on the original site. In fact, the original site can be completely unaware that the theft has occurred.

Pagejackers siphon off traffic indirectly though the search engines. The stolen pages are copies or near-copies of the original pages. The stolen pages are then submitted to the search engines in an attempt to duplicate the rankings of the original pages. After the pages are submitted, the stolen pages are switched in favor of pages which earn revenue for the thieves. To further complicate matters, sometimes cloaking is involved.

While very large, elaborate schemes have been uncovered, pagejacking is not the sole province of the technically proficient. Many would-be-thieves are of a decidedly low-tech variety.

Tips To Protect Against Pagejacking

For people with the time and expertise, cloaking is one way to protect your source code. Like most tools, cloaking can be used for wrongdoing, but also for legitimate purposes. Using cloaking to protect your source code is a preventative measure.

Unfortunately, sometimes corrective actions are needed; cases where your people (lawyers) need to talk to their people (webhosts). Before that happens, however, you need to determine if anyone is using your pages without your consent. One way is to search for phrases that should uniquely identify your site. This can be done by searching for large blocks of text using an “exact phrase” option. The odds of finding multiple occurrences of an exact phrase decrease as the size and complexity of the phrase increases.

CONTACT US FOR ANY SUPPORT

By

How to Protect Yourself From Wire Transfer Fraud

But you need to understand that most wire fraud issues are really email hacks. So let’s try to see what happened in your situation from what we know of other, similar situations we’ve heard about.

The most frequent way hackers get wind that a person is about to wire a large sum of money is by hacking the closing agent’s, real estate attorney’s, settlement agent’s or real estate broker’s email accounts.

Once they hack into any of these email accounts, they monitor the emails, waiting for the right time to copy or mimic the owner of the email account to send out fraudulent wire instructions to an unsuspecting homebuyer. When these hackers send you an email, they will instruct you to wire the funds to their bank account. They may even give you a phone number to call to confirm the wire, but that phone number will be a phony number to a person that is an accomplice to the fraud.

The other way this happens is that the criminals will learn about you through their prior hack and then hack into your email account and monitor the many hacked email accounts they have looking for active real estate transactions. They will then send them a fake email telling them where to wire the money. Again, the information will be fraudulent and any information on the email is there to entice you to fall into the scam.

In the first case, if the settlement agent, lender, broker or other person’s email was hacked, they may have some responsibility for the fraud, and the company or its insurance coverage, may reimburse you. But if your email was hacked, you won’t be able to blame anybody else other than yourself.

Recently Sam had a person who called him with a situation similar to yours. In that instance, the homebuyer’s email had been hacked. The hackers had monitored his email, knew he was buying a home, knew when to send him wire instructions and what to say. And, like you, he lost a considerable amount of money.

No system is completely secure. In fact, the Pentagon hosts hackathons in order to have talented coders and programmers search for ways criminals can break into their systems. But the entire wire system is at risk the way it is handled now and the financial world needs to create a two-step authentication method to safeguard people and their money in these sorts of transactions.

Two-step authentication might look the way it does on your Gmail account; you can activate two-step authentication, so when you login to an account, there is a second security step to make sure that the sender and the receiver are in agreement as to what will transpire in the transaction. We’re not sure what the system would look like, but title companies, escrow companies and settlement agents should come up with a more secure way to set up the system so we safeguard these transactions in a better, smarter and hopefully hack-proof way.

In the meantime, here are a few steps to take to protect yourself: (1) Never wire funds to anybody or any institution unless you have checked the wire instructions independently with your title company, settlement or closing agent. (2) If you can’t or won’t confirm the information over the phone, most title companies, settlement companies and closing agents post their wire instructions online, so be sure you check their official websites. If they do, you can compare those instructions with the instructions you received. (3) Some agents will confirm the instructions you received over the phone if you give them the information you received. Just make sure you are talking to the right person at the right place.

The system is far from perfect now, but we tell our readers to be vigilant and when it comes to wire transfers and to verify and reverify the information from trusted sources. As you found out, if you receive an email, you need to make sure it’s from a trusted source. If you receive a text, you must make sure it’s from a trusted source. If you receive a call, you need to make sure it’s from a trusted source.

In the end, you need to have a good working relationship with your settlement agent to make sure that you know that “trusted” source. We can see the day when you go to see the closing or settlement agent in person and then go to the bank to initiate the wire transfer. That way, you have face to face information with your trusted source.

CONTACT US FOR ANY SUPPORT

By

6 Common Phishing Attacks and How to Protect Against Them

Phishing scams is the attempt to obtain sensitive information such as usernames, passwords, and credit card details (and money), often for malicious reasons, by disguising as a trustworthy entity in an electronic communication.

At this year’s RSA Conference, Tripwire conducted a survey where it asked 200 security professionals to weigh in on the state of phishing attacks.

More than half (58 percent) of respondents stated their organizations had seen an increase in phishing attacks in the past year. Despite that increase, most companies didn’t feel prepared to protect themselves against phishing scams. Indeed, a slight majority (52 percent) stated they were “not confident” in their executives’ ability to successfully spot a phishing scam.

The growth of phishing attacks in both frequency and sophistication, as noted by Verizon in its 2016 Data Breach Investigations Report, poses a significant threat to all organizations. It’s important that all companies know how to spot some of the most common phishing scams if they are to protect their corporate information.

With that in mind, I will use a guide developed by CloudPages to discuss six common phishing attacks: deceptive phishing, spear phishing, CEO fraud, pharming, Dropbox phishing, and Google Docs phishing. I will then provide some useful tips on how organizations can protect themselves against these phishing scams.

1. Deceptive Phishing

The most common type of phishing scam, deceptive phishing refers to any attack by which fraudsters impersonate a legitimate company and attempt to steal people’s personal information or login credentials. Those emails frequently use threats and a sense of urgency to scare users into doing the attackers’ bidding.

For example, PayPal scammers might send out an attack email that instructs them to click on a link in order to rectify a discrepancy with their account. In actuality, the link leads to a fake PayPal login page that collects a user’s login credentials and delivers them to the attackers.

The success of a deceptive phish hinges on how closely the attack email resembles a legitimate company’s official correspondence. As a result, users should inspect all URLs carefully to see if they redirect to an unknown website. They should also look out for generic salutations, grammar mistakes, and spelling errors scattered throughout the email.

2. Spear Phishing

Not all phishing scams lack personalization – some use it quite heavily.

For instance, in spear phishing scams, fraudsters customize their attack emails with the target’s name, position, company, work phone number and other information in an attempt to trick the recipient into believing that they have a connection with the sender.

The goal is the same as deceptive phishing: lure the victim into clicking on a malicious URL or email attachment, so that they will hand over their personal data.

Spear-phishing is especially commonplace on social media sites like LinkedIn, where attackers can use multiple sources of information to craft a targeted attack email.

To protect against this type of scam, organizations should conduct ongoing employee security awareness training that, among other things, discourages users from publishing sensitive personal or corporate information on social media. Companies should also invest in solutions that are capable of analyzing inbound emails for known malicious links/email attachments.

3. CEO Fraud

Spear phishers can target anyone in an organization, even top executives. That’s the logic behind a “whaling” attack, where fraudsters attempt to harpoon an executive and steal their login credentials.

In the event their attack proves successful, fraudsters can choose to conduct CEO fraud, the second phase of a business email compromise (BEC) scam where attackers impersonate an executive and abuse that individual’s email to authorize fraudulent wire transfers to a financial institution of their choice.

Whaling attacks work because executives often don’t participate in security awareness training with their employees. To counter that threat, as well as the risk of CEO fraud, all company personnel – including executives – should undergo ongoing security awareness training.

Organizations should also consider amending their financial policies, so that no one can authorize a financial transaction via email.

4. Pharming

As users become more savvy to traditional phishing scams, some fraudsters are abandoning the idea of “baiting” their victims entirely. Instead, they are resorting to pharming – a method of attack which stems from domain name system (DNS) cache poisoning.

The Internet’s naming system uses DNS servers to convert alphabetical website names, such as “www.microsoft.com,” to numerical IP addresses used for locating computer services and devices.

Under a DNS cache poisoning attack, a pharmer targets a DNS server and changes the IP address associated with an alphabetical website name. That means an attacker can redirect users to a malicious website of their choice even if the victims entered in the correct website name.

To protect against pharming attacks, organizations should encourage employees to enter in login credentials only on HTTPS-protected sites. Companies should also implement anti-virus software on all corporate devices and implement virus database updates, along with security upgrades issued by a trusted Internet Service Provider (ISP), on a regular basis.

5. Dropbox Phishing

While some phishers no longer bait their victims, others have specialized their attack emails according to an individual company or service.

Take Dropbox, for example. Millions of people use Dropbox every day to back up, access and share their files. It’s no wonder, therefore, that attackers would try to capitalize on the platform’s popularity by targeting users with phishing emails.

One attack campaign, for example, tried to lure users into entering their login credentials on a fake Dropbox sign-in page hosted on Dropbox itself.

To protect against Dropbox phishing attacks, users should consider implementing two-step verification (2SV) on their accounts.

6. Google Docs Phishing

Fraudsters could choose to target Google Drive similar to the way they might prey upon Dropbox users.

Specifically, as Google Drive supports documents, spreadsheets, presentations, photos and even entire websites, phishers can abuse the service to create a web page that mimics the Google account log-in screen and harvests user credentials.

A group of attackers did just that back in July of 2015. To add insult to injury, not only did Google unknowingly host that fake login page, but a Google SSL certificate also protected the page with a secure connection.

Once again, users should consider implementing 2SV to protect themselves against this type of threat. They can enable the security feature via either SMS messaging or the Google Authenticator app.

CONTACT US FOR ANY SUPPORT

By

What is an Internet Crime

Cyber crime is crime committed on the Internet, using the Internet and by means of the Internet.

Computer crime is a general term that embraces such crimes as phishing, credit card frauds, bank robbery, illegal downloading, industrial espionage, child pornography, kidnapping children via chat rooms, scams, cyberterrorism, creation and/or distribution of viruses, Spam and so on. All such crimes are computer related and facilitated crimes.

With the evolution of the Internet, along came another revolution of crime where the perpetrators commit acts of crime and wrongdoing on the World Wide Web. Cyber crime takes many faces and is committed in diverse fashions. The number of users and their diversity in their makeup has exposed the Internet to everyone. Some criminals in the Internet have grown up understanding this superhighway of information, unlike the older generation of users. This is why Cyber crime has now become a growing problem in the United States. Some crimes committed on the Internet have been exposed to the world and some remain a mystery up until they are perpetrated against someone or some company.

The different types of Cyber crime vary in their design and how easily they are able to be committed. Internet crimes can be separated into two different categories. There are crimes that are only committed while being on the Internet and are created exclusively because of the World Wide Web. The typical crimes in criminal history are now being brought to a whole different level of innovation and ingenuity. Such new crimes devoted to the Internet are email “phishing”, hijacking domain names, virus immistion, and cyber vandalism. A couple of these crimes are activities that have been exposed and introduced into the world. People have been trying to solve virus problems by installing virus protection software and other software that can protect their computers. Other crimes such as email “phishing” are not as known to the public until an individual receives one of these fraudulent emails. These emails are cover faced by the illusion that the email is from your bank or another bank. When a person reads the email he/she is informed of a problem with he/she personal account or another individual wants to send the person some of their money and deposit it directly into their account. The email asks for your personal account information and when a person gives this information away, they are financing the work of a criminal

Statistics

The statistics that have been obtained and reported about demonstrate the seriousness Internet crimes in the world. Just the “phishing” emails mentioned in a previous paragraph produce one billion dollars for their perpetrators (Dalton 1). In a FBI survey in early 2004, 90 percent of the 500 companies surveyed reported a security breach and 80 percent of those suffered a financial loss (Fisher 22). A national statistic in 2003 stated that four billion dollars in credit card fraud are lost each year. Only two percent of credit card transactions take place over the Internet but fifty percent of the four billion, mentioned before, are from the transaction online (Burden and Palmer 5). All these finding are just an illustration of the misuse of the Internet and a reason why Cyber crime has to be slowed down.

Stopping the problem

The question about how to police these crimes has already been constructed, but this task is turning out to be an uphill battle. Since the first computer crime law, the Counterfeit Access Device and Computer Fraud and Abuse Act of 1984, the government has been trying to track down and stop online criminals. The FBI has tried many programs and investigations in order to deter Internet crime, like creating an online crime registry for employers (Metchik 29). The reality is that Internet criminals are rarely caught. One reason is that hackers will use one computer in one country to hack another computer in another country. Another eluding technique used is the changing of the emails, which are involved in virus attacks and “phishing” emails so that a pattern cannot be recognized. An individual can do their best to protect themselves simply by being cautious and careful. Internet users need to watch suspicious emails, use unique passwords, and run anti-virus and anti-spyware software. Do not open any email or run programs from unknown sources.

CONTACT US FOR ANY SUPPORT

By

BLACK HAT HACKERS

A black hat hacker is a person who compromises the security of a computer system without permission from an authorized party, typically with malicious intent. The term white hat is used for a person who is ethically opposed to the abuse of computer systems, but is frequently no less skilled. The term cracker was coined by Richard Stallman to provide an alternative to using the existing word hacker for this meaning.[1] The somewhat similar activity of defeating copy prevention devices in software which may or may not be legal in a country’s laws is actually software cracking.
Terminology

Use of the term “cracker” is mostly limited (as is “black hat”) to some areas of the computer and security field and even there, it is considered controversial. Until the 1980s, all people with a high level of skills at computing were known as “hackers”. A group that calls themselves hackers refers to “a group that consists of skilled computer enthusiasts”. The other, and currently more common usage, refers to those who attempt to gain unauthorized access to computer systems. Over time, the distinction between those perceived to use such skills with social responsibility and those who used them maliciously or criminally, became perceived as an important divide. Many members of the first group attempt to convince people that intruders should be called crackers rather than hackers, but the common usage remains ingrained. The former became known as “hackers” or (within the computer security industry) as white hats, and the latter as “crackers” or “black hats”. The general public tends to use the term “hackers” for both types, a source of some conflict when the word is perceived to be used incorrectly; for example Linux has been criticised as “written by hackers”. In computer jargon the meaning of “hacker” can be much broader.

Usually, a black hat Hacker is a person who uses their knowledge of vulnerabilities and exploits for private gain, rather than revealing them either to the general public or the manufacturer for correction. Many black hat hacker hack networks and web pages solely for financial gain. Black hat hacker may seek to expand holes in systems; any attempts made to patch software are generally done to prevent others from also compromising a system they have already obtained secure control over. A black hat hacker may write their own zero-day exploits (private software that exploits security vulnerabilities; 0-day exploits have not been distributed to the public). In the most extreme cases, black hat Hacker may work to cause damage maliciously, and/or make threats to do so as extortion.

Methods

Techniques for breaking into systems can involve advanced programming skills and social engineering, but more commonly will simply be the use of semi-automatic software. Common software weaknesses exploited include buffer overflow, integer overflow, memory corruption, format string attacks, race conditions, cross-site scripting, cross-site request forgery, code injection and SQL injection bugs

CONTACT US FOR ANY SUPPORT

By

GREY HAT HACKERS

Grey hat hacker are a blend of both black hat and white hat activities. Grey hat hackers are the individuals who finds vulnerabilities in a system without the owner’s permission or knowledge. A Grey Hat in the computer security community, refers to a skilled hacker who sometimes acts legally, sometimes in good will, and sometimes not. They are a hybrid between white and black hat hackers. They usually do not hack for personal gain or have malicious intentions, but may or may not occasionally commit crimes during the course of their technological exploits.
Disambiguation

One reason a grey hat might consider himself to be grey is to disambiguate from the other two extremes: black and white. It might be a little misleading to say that grey hat hackers do not hack for personal gain. While they do not necessarily hack for malicious purposes, grey hats do hack for a reason, a reason which more often than not remains undisclosed. A grey hat will not necessarily notify the system admin of a penetrated system of their penetration. Such a hacker will prefer anonymity at almost all cost, carrying out their penetration undetected and then exiting said system still undetected with minimal damages. Consequently, grey hat penetrations of systems tend to be for far more passive activities such as testing, monitoring, or less destructive forms of data transfer and retrieval.

A person who breaks into a computer system and simply puts their name there whilst doing no damage (such as in wargaming – see) can also be classified as a grey hat.

CONTACT US FOR ANY SUPPORT

By