Brainsfeed News & Insights

Stay up to date on the world of knowledge, insights, & applied research on-demand. The Brainsfeed blog was written to answer questions asked by curious humans.

    Did You Get Phished?

    Posted by Aurelien Vasinis on Apr 3, 2020 10:00:00 AM

    Hacker attacking a computer

    Here are some words you do not expect to come across a Slack channel at work, especially something shared by your CTO. Well, it quickly caught my eye: ‘I saw you masturbate, send $1000.’

     

    You need to read this…

     

    Phishing threat

     

     

    Think about it, would you be worried if someone sent you that? No? Are you sure?

     

    I would say most humans would have something to worry about, and like me, you would have been sweating your pants off.

     

    It seems like it was scam season at the office. A few days later, a colleague from Kenya received another scam message.

     

     

    Phishing soldier scam

     

     

     

    He admitted that it was flattering to think that an American soldier was pursuing him romantically. That's the thing, scammers have no code, and no moral spine. They go for the most vulnerable situations, privacy violations, and matters of the heart. In our colleague’s case, the irony is that in most cases, these scams are the opposite way around. It is usually a ‘Nigerian prince’ who has no access to his gold, trying to scam someone from the West- this particular scammer posed as an American soldier with romantic interest in a Kenyan man- the value proposition being a potential green card.

    Is the Internet Scam industry re-strategizing?

     

     

    Internet Fraud

     

    The internet is a very valuable resource for all organizations, but when it comes to scams, the bad guys are the winners.Cybercriminals are bold. It all comes down to what you see as a trusted source, so don’t just trust your first glance.


    Interpol has warned people of scammers using their name to defraud people. Scammers are even bold enough to pose as the International Police! Imagine that.

     

     

     

     

    International Police scam

     

     

     

    What is Internet fraud?

    According to the FBI, internet fraud is the use of internet services or software with internet access to defraud victims or to otherwise take advantage of them.There are a number of known internet fraud schemes that you may have come across. Cybercriminals are becoming more and more sophisticated. They seem to evolve just as fast as the internet space.

     

    The FBI has classified internet fraud into the following categories:

     

    Business E-Mail Compromise (BEC): If you are a business working with foreign suppliers, then you should be very aware of this. This scam involves compromising legitimate business emails and attempting to carry out an unauthorized transfer of funds.

    Business E-mail Compromise the 12 Billion Dollar Scam.

     

     

    Data Breach: This involves leaking or spilling of information both at a corporate level or personal level to an untrusted environment.

     

    Denial of Service: An interruption of an authorized user's access to any system or network, typically one caused with malicious intent.

     

    E-Mail Account Compromise (EAC): Similar to BEC, this scam targets the general public and professionals to request for payments fraudulently.

     

    Malware/Scareware: examples include computer viruses, worms, Trojan horses, ransomware, spyware, and adware. Once this gets into your system, you might end up having to pay to get rid of it.

     

    And finally ladies and gentlemen, Phishing, also referred to as vishing, smishing, or pharming, are often used in conjunction with a spoofed e-mail. It involves sending an e-mail falsely claiming to be an established legitimate business so as to deceive the unsuspecting recipient into giving out personal, sensitive information such as passwords, credit card numbers, and bank account information after directing the user to visit a specific website that is set up to steal information.

     

    These attempts at fraud should not be taken lightly, people need to be sensitive about them. One easy thing to spot is that someone with a legitimate reason for contacting you will at least use your first name.

     

     

     

    Illegitimate sender scam

     

     

    Here you’ll see the same thing, no name. Even annoying but legitimate cold email senders at least try and get it more personalized.

     

     

     

    Superglobal-scam

     

    How to Spot Phishing?

    Your email service provider might be able to help you identify a phishing attempt. Google does a fair job at this. But, what if something slips into your mailbox?

     

    1. A corporate contact will never send you an email using their personal address. They usually have an address that is associated with their domain name. For example, an email from Paypal will always have the domain name “Paypal” attached to the email address.
    2. Another thing that we should note is that anyone can buy a domain name. Scammers can buy one that is almost similar to a contact that you might have had interactions with, so always be sure to double-check the domain name.
    3. Poorly written emails are a dead giveaway. These guys are not who they say they are. They are not Company directors and they are for sure not going to make their emails look corporate. If you took a close look at the email from Sergeant Miss Ann, you’ll see mistakes right from the first line. Here is another example from lonely lady with just a generic greeting and trust me, she/he/it sent this to many addresses.

     

    This, however, should implore you to check the email address and not just the sender’s name, because when setting up your email address you may have the option of selecting what should appear as the display name. Take a look at an example shared by We Live Security below.

     

     

    Paypal phishing scam

     

     

    The email has been well crafted, it can almost pass for an official PayPal email, but the one thing that they were not able to fake is the domain name, -access-273.com, any communication from PayPal would have their actual domain name attached to the email address, secondly unless you are paying for something online, no legit company is going to ask you to confirm your financial information online.

     

    relationship scam

     

     

    Hilarious Scams from the Wild Wild Web.

     

    See the 20 Best Funny Internet Scams that mention a number of downright hilarious scams ranging from wedding scams, Russian bank fraud, Disney, the Soprano’s show on HBO and killer bananas.

     

    Kaspersky has a collection of Nigerian spam. The reason why such emails end up in the spam folder is that the sender usually sends a blast of emails, casting their net wide so to say. It only makes sense, send thousands of emails and reel in one unsuspecting victim. It works and a lot of people lose their fortunes.

     

     

     

    Scammers are the Scum of the Earth

     

    The whole world is taking a toll due to the Covid-19 crisis, but unfortunately, it has opened an opportunity for Cybercriminals, Interpol has asked the public to be cautious when buying drugs online during the current health crisis. Check out this article about Criminals taking advantage of coronavirus anxiety to defraud victims online.

     

    ‘Info’ Has Some Inheritance Coming His Way

    Apparently, the ‘info’ email addresses get scammed too! Scammers send an email claiming that the person named ‘Info’ has been left a large inheritance- scammers can be extremely careless, so keep an eye out for the ways that scammers fail to pay attention to what they are sending. You have to see for yourself to believe it! Here are 23 of the worst scammers and how they got schooled.

     

    Job seekers are not safe!

    You remember that line I used, saying how internet scammers are the scum of the Earth? They prey on job seekers too. One scam that is common among job seekers in Kenya is using cyber cafes to apply for jobs. Scammers bank on job seekers who use public computers to write their cover letters and if an unsuspecting person is not careful enough to delete anything they left, they leave very many details that can be used against them.

    The next day you get a call that you have been shortlisted for a job interview, some of these jobs require clearance certificates such as credit history, etc, they are quite a process to get. These fake hiring managers rely on your desperation and lie to you that they can help you grease a few palms and get the papers you need. Convenient right?

     

    It sounds almost too good to be true, and it is. The contact who is meant to help you urgently get the papers you need will take your money and run!

     

    Work from home jobs have also become muddied with scams. It’s almost impossible to tell what the real deal is. Have a look at 5 scams that are fooling even the smartest victims.

     

    Here is a list of some of the current stories going around about internet scams:

     

    1. A cyber security advocate shared a scam that is taking advantage of the Covid-19 situation. The message that was shared warned people that they will be fined if they left the house. That sounds simple, but there is more, the expert advises that we should delete the message immediately. From the image shared, should you click on the link, you will be redirected to a website that will take your personal information.
      Coronavirus-scam
    2. She was beautiful, funny - and she scammed me an article by the BBC talking about a very calculated con. The poor man took out bank loans expecting that his newly found lover will be receiving an inheritance. Luckily his bank is working to fix his credit rating but he has sworn off social media. #scarred
    3. Norton security has mentioned Top 5 social media scams ranging from Cash Grabs( you know the ‘emergency one’ nice profile?), Chain letters, Hidden charges, Phishing Requests and Hidden URLS. It is a short read but definitely worth it.
    4. Serious companies have been hit hard. Do not ever take your internet security lightly. Casel Crane from the SSL store explains some of these incidences in the article The Dirty Dozen: The 12 Most Costly Phishing Attack Examples. For reference on how a big company such as Facebook lost millions you should read How this scammer used phishing emails to steal over $100 million from Google and Facebook, an article by CNBC.
    5. If you have the time and resources, then you could engage the scammers. An individual tried this but I am not saying you should. Scammers who call you and warn you of some mysterious virus in your PC will trick you into giving them some control over your device. So at the end of the day if you are not Mr. Robot, do not attempt to engage.
      Scamming the scammers – catching the virus call centre scammers red-handed

    Mr-robot-cover

     

     

     

     

    How to Protect Yourself While Working from Home: Crowdsourced Tips.

     

    With the situation as it is globally, many are working from home. Some are using personal computers and public internet connections.

    Personal devices may lack the tools and proper safety firewalls to protect data. This increases the risk of malware creeping into their devices causing both personal and work-related information to be leaked.

     

    The environment at home is more loose and relaxed. It has become an online sensation to share pictures of ourselves working from home.

     

    Sharing pictures of your home desk? Think again.

     

    A twitter user shared different scenarios found online of people sharing personal information:

     

     

    work-from-home-scam

     

     

     

    Do not take pictures with your laptop showing work-related information, be careful. This thoughtful twitter user was careful enough to blur out the contents - imagine if he did not.

     

    Did you realize that the Cybercrime industry adapts just the same? Check out this article that covers more information about cybersecurity while working remotely.

    As you do the noble thing of staying at home, have a look at 13 cybersecurity tips for staff working remotely, protect yourself, avoid unsecure wifi connections and do not fall for scams that promise you of making $1000 a day found all over Facebook.

     

    In conclusion, please stay cyber woke. Everybody wants to eat, but not everybody wants to work.

     

    Have you ever been Phished?

    Topics: brainsfeed news