I received a request to be part of a banking scam and decided to play it out with false information. Below is a series of emails I received as I communicated with this obvious scam. Make sure you question anything like this because most likely somebody is trying to trick you. Indicators of a scam include broken English, asking to wire money, lack of details about the parties involved and unwillingness to give information linked to the actual conversation such as in this case, the bank’s 1800 number that I could call and ask for the so called “employee” involved.
This scam started off with a email blast, which hit one of my real email spam folders. If you google the number, names, etc. from these emails, you will find many other people have flagged this guy. Continue reading →
There has been a lot of chatter about a new ransomware being called Locky due to how it renames the files to .locky after encrypting the data. Darkreading posted an article HERE explaining some recent news and Sophos also did a good write up HERE. This post will talk about what Locky is and how to protect your organization from Locky as well as other ransomware. Continue reading →
Channel 13 hosted a short segment on the risk of using RFID enabled credit and debit cards. RFID means the card broadcasts the sensitive information over radio frequency so the consumer just has to swipe the card near a reader to buy something. With this convenience comes the risk of a malicious party using a wireless sniffer to capture the same data. This means the malicious party can pick your pocket without having to touch the card IE they can capture the credit card data over the radio and print their own card. In the video, the presenter copies a capture credit card to his hotel room key and makes a purchase using room key with the stolen data as if it was the original credit card. It is pretty easy to do. Continue reading →
There are a ton of computer scams targeting all types of people. Some come in the form of emails claiming to provide something in exchange for a small sum with the goal of stealing that small sum. Others come as a instant message from a friend’s compromised account asking for financial help due to some bogus emergency. There are too scams many to prevent however we can all come together and start investing efforts to waste spammers time. This way they are not using their time to trick another person. One group that has come together with this goal is the 419 Eater found HERE.
In this post, I’ll show you how I like to have fun messing with spammers. Continue reading →
Comparitech.com wrote a helpful post about Ransomeware. This continues to be a hot security topic hitting many of my customers. For those that don’t know, Ransomware is malware that encrypts your files and holds them for ransome requiring a bitcoin payment to unlock them. The original post can be found HERE.
While ransomware has existed since around 1989, in the form of the “AIDS” trojan which encrypted files on a hard drive and then demanded a payment of $189 to unlock them again, it is only in the last few years that it has become a significant and global threat. Continue reading →
Social engineering is all about abusing trust. Many of the phishing attacks found online have the goal of stealing money using tactics such as requesting money for some bogus lost relative. The average “Millennial” has seen this spam however the people behind these scams are taking a all time low approach by targeting elderly family members who are more likely to fall for these tricks.
This post will cover a scam that some of my coworkers have claimed was targeted at their family. In summary, attackers are levering social media to identify relatives of people, reaching out to their grandparents and asking for money while pretending to be a grandchild in trouble. Continue reading →
If you are in the IT industry, most likely you will need to keep up with technology by obtaining a certification, attending a product training, attending a boot camp or a combination of these. I’ve gone through many different programs and have a few lessons learned that could help you with your future education planning. Continue reading →
Social Engineering is all about tricking somebody into acting a way you want them to act. A common tactic is having them click a link using a phishing attack such as a fake UPS delivery link around Christmas or cloning a popular website such as Facebook. Sometimes a target may question the authenticity of the source attempting to contact them. One way to fake your identity is to use listyourself.net by listing your phone or burner phone as a fake identity used in your social engineering scam. That website is http://www.listyourself.net/ Continue reading →