Tags: credit card scams, facebook scam, funeral scam, online scams, ransomware
It’s amazing how ingenious cybercriminals are, but the victims also need to take some responsibility for falling for these ruses, especially when the victim is a business that has failed to train its employees in cybersecurity measures.
The stuff of science fiction is here: Who would have ever thought there’d ever be a such thing as criminals remotely stealing someone’s personal information (word processing files, any kind of image, etc.), scrambling it up via encryption, then demanding ransom in exchange for the remote “key” to “unlock” the encryption?
Payment is remotely by Bitcoin which can’t be traced. The payment is usually at least $500 and escalates the longer the victim waits.
The virus that poisons a computer to steal someone’s files is called ransomware, a type of malicious software (in this case, “Cryptolocker” and “CryptoDefense”). But how does this virus get into your computer in the first place?
It’s called social engineering: tricking users into allowing their computer to be infected, or duping them into revealing personal information.
Often, a phishing e-mail is used: It has an attention-getting subject line that entices the user to open it. The message contains a link. They click the link, and a virus is downloaded. Or, the link takes them to a site which then downloads the virus.
These e-mails, sometimes designed to look like they’re from the company the user works for, often go to workplace computers where employees get tricked. These kinds of attacks are lucrative to their instigators.
If you wanted to notify a relative or friend that a mutually dear person has left this earth…would you send an e-mail or phone that person? Seems to me that heavy news like this would warrant a phone call and voice interaction.
So if you ever receive an e-mail from a funeral home indicating that a dear one to you has passed, and to click a link to the funeral home to learn details about the burial ceremony…consider this a scam.
Because if you click the funeral site link, you’ll either get redirected to the crook’s server because he’s already created an infected funeral looking site ahead of time. This is where a virus will be downloaded to your computer.
Vishing Credit Card Scam
You get a phone call. An automated voice identifies itself as your credit card company (they’ll say “credit card company” rather than the specific name). It then says something like, “We are investigating what appears to be a fraudulent charge on your card.”
They’ll ask if you made a particular purchase lately, then to hit 1 for yes and 2 for no. If you hit no, you’re told to enter your credit card number, three-digit security code and expiration date. You just fed a thief all he (or she) needs in order to go on an online or on-phone spending spree.
Ever order something via phone and all you had to give up was the credit card number, expiration date and security code? This trick is also aimed at employees. The calls come from an automated machine that generates thousands of these calls.
Healthcare Record Scam
You receive an e-mail that appears to be from your employer or healthcare provider that you get through work. This may come to you on your home computer or the one you use at work. The e-mail is an announcement of some enticing change in your healthcare plan.
The message may reference something personal about you such as marital status, income or number of dependents. When enough of these e-mails are pumped out with automated software, the personal situation of many recipients will square off with those identified in the e-mail, such as income and number of children. The user is then lured into clicking a link in the e-mail, and once that click is made…malware is released.
Facebook Company Group Scam
Scammers will scan Facebook and LinkedIn seeking out employees of a particular company and create a group. This groups purpose is for information gathering so scammers can penetrate a company’s facility or website. Once all the groups member join, the scammers will pose various innocuous questions and start palatable discussions that make everyone feel comfortable.
Over time scammers will direct these discussions to leak bits of data that allow criminals to enter a facility under a stolen identity or to contact specific employees who have advanced access to computer systems in an attempt to get usernames and passwords.
Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.
ROBERT SICILIANO, CEO of IDTheftSecurity.com is fiercely committed to informing, educating, and empowering Americans so they can be protected from violence and crime in the physical and virtual worlds. His "tell it like it is" style is sought after by major media outlets, executives in the C-Suite of leading corporations, meeting planners, and community leaders to get the straight talk they need to stay safe in a world in which physical and virtual crime is commonplace. Siciliano is accessible, real, professional, and ready to weigh in and comment at a moment's notice on breaking news.
- Fake Funeral & E-mail Scams: Recognize & Avoid
How does a funeral scam work in the first place? This is something that I, as a security analyst, teach to the consumer public. First of all, the fake funeral scam starts off with an e-mail. The fraudulent e-mails come disguised as a notification for a funeral. The Better Business Bureau describes how the funeral scam
- How to Recognize a Phishing Scam
So someone comes up to you in a restaurant—a complete stranger—and asks to look at your driver’s license. What do you do? Show it to that person? You’d have to be one loony tune to do that. However, this same blindness to security occurs all the time when a person is tricked by a “phishing” e-mail
- Tell your Grams about these Scams
Do we really get wiser with old age, or just more vulnerable to all the scammers out there? Here are the top scams directed towards senior citizens. IRS The phone rings; it’s from the IRS, claiming you owe money. Caller ID says IRS (spoof technology). Caller says if you don’t pay within 24 hours, you’re going to jail. Caller wants
- Protect Yourself from Holiday Shopping Scams
Even though the highly publicized retail data breaches have involved off-line brick and mortar stores, this doesn’t mean that security is high with online shopping. Scammers and hackers are waiting for you in more ways than you know, such as: Fake product reviews Non-existent products Delivered products that don’t match what was seen on the retail site Shoppers
- Protect From Holiday Phishing Shipping Scams
A common holiday shipping phishing scam is a phony notice from UPS, saying you have a package and need to fill out an attached form to get it delivered. The form may ask for personal or financial details that will go straight into the hands of the cyberscammer. Often the email asks to download a