Anatomy of a Phishing Scam As Told Through Scamming the Scammer

 

image - phishing

source: blog.avast.com. |  image:  pixabay.com

to view all images associated with this blog post, go to Avast.com

Here’s a “scam the scammer” SMS conversation to highlight some of the red flags to look out for the next time your “boss” messages you.

Sometimes it feels like scammers are coming at you from every direction these days. They’re on the phone. They’re on SMS. They’re on social media. Sorting the real from the nonsense can feel like a full time job but, for some people, that “job” turns into fun.

That’s what happened recently when a professional woman in New York City decided to play around a little bit with her “boss,” (spoiler: not her boss) who was making odd requests via text. And while “scam the scammer” situations like this one are often hilarious, they’re also a great way to learn about the methodology that scammers use to trick people into giving them money. 

So let’s take a look at the following “scam the scammer” SMS conversation to highlight some of the red flags to look out for the next time your “boss” messages you. 

1. They set up a situation where you can’t talk to them on the phone.

“Josh” makes it clear up front that he can’t talk on the phone. Obviously there are some situations where this is legitimate — like if he was actually Josh and was actually at a conference — but “Cris,” as an employee, would likely know if her boss was out of office. The scammer is hoping that Cris doesn’t know her boss’ schedule.

Continue reading “Anatomy of a Phishing Scam…”

DoD Identity Awareness, Protection, and Management (IAPM) Guide

 

Click the image above to view this amazing guide & resource

 

HOW TO USE THIS GUIDE The Identity Awareness, Protection, and Management (IAPM) Guide is a comprehensive resource to help you protect your privacy and secure your identity data online. The IAPM Guide is divided into chapters detailing key privacy considerations on popular online services, mobile apps, and consumer devices available in the market today. Each section provides you with tools, recommendations, and step-by-step guides to implement settings that maximize your security. The guide is updated periodically. While some of the chapters in the IAPM Guide deal with technical issues, they do not require a technical background to follow. The U.S. Department of Defense creates this guide to provide recommendations for readers to keep their identities private and secure online. Please note the information presented here is subject to change.

Free Cybersecurity Tools and Services List

Published by CISA

 

source: pewresearch.org  | image by pixabay.com

 

Asked to ‘imagine a better world online,’ experts hope for a ubiquitous – even immersive – digital environment that promotes fact-based knowledge, offers better defense of individuals’ rights, empowers diverse voices and provides tools for technology breakthroughs and collaborations to solve the world’s wicked problems

 

This report is the second of two analyzing the insights of hundreds of technology experts who responded in the summer of 2021 to a canvassing of their predictions about the evolution of online public spaces and their role in democracy in the coming years. In response to the primary research question, many said they expect that these forums will be significantly improved by 2035 if reformers, big technology firms, governments and activists tackle the problems created by misinformation, disinformation and toxic discourse. At the same time, they expressed ongoing concerns about the destructive forces in culture and technology that could continue to plague online life and disrupt beneficial change in the coming years.

Continue reading “Free Cybersecurity Tools and Services List Published by CISA”

Be Careful If You Get a Strange USB Drive in the Mail – It Might Be a Virus

 

source: idropnews.com, contributed by Artemus founder, Bob Wallace  |  image: pixabay.com

 

Cybercriminals have found a novel way to install malicious software on your computer. Instead of using online tools, they’re sending USB drives directly to victims in the mail throughout the United States.

According to the FBI, a cybercrime group is mailing out physical USB drives hoping that the potential victims connect them to their computers.

The cybercriminals used the United States Postal Service and United Parcel Service to send all the USB drives. But they didn’t send just drives. They also made sure to impersonate the U.S. Department of Health and Human Services. The messages claimed that the USB drives contained a COVID-19 warning. Other mailed USBs claimed that they were from Amazon and that they had an Amazon gift card inside.

This is nothing new since cyber attackers have often used phishing to impersonate big companies and organizations to make you trust them.

According to the report, these USB drives contain malware known as BadUSB attacks. This malicious software lets the cybercriminal control the computer with the USB drive to do things like create new commands on the computer, install different types of malicious software, or redirect traffic.

Unfortunately, this isn’t the first time this happened. Back in 2020, there was another attack with a similar process, and cybercriminals sent out a bunch of USB drives in the mail.

That time, the mail claimed that it was a gift card from Best Buy, but in reality, it was also a BadUSB malware that was used to install malware and exploit other vulnerabilities in many organizations’ PCs. They also were used to deploy many ransomware strains like BlackBatter and REvil.

Needless to say, you need to be careful of what you get in the mail and what you plug into your computer. Even if the package is addressed to you, you should avoid at all costs plugging one into your computer.

If the USB drive comes from a company or a person you’re familiar with—and you trust– try contacting them to make sure they actually sent you the USB drive. Even then, if it isn’t actually anything important, you should try to avoid using the USB drive in your computer to prevent any possible cyber attacks.