Social Engineering is all about tricking somebody into acting a way you want them to act. A common tactic is having them click a link using a phishing attack such as a fake UPS delivery link around Christmas or cloning a popular website such as Facebook. Sometimes a target may question the authenticity of the source attempting to contact them. One way to fake your identity is to use listyourself.net by listing your phone or burner phone as a fake identity used in your social engineering scam. That website is http://www.listyourself.net/ Continue reading
Earl Carter and Craig Williams from the Cisco Security Blog posted a great article on a recent wave of taxed related spear-phishing attacks (original post found HERE). What is interesting is how attackers leverage current trends as the theme for their malware. For example, we will probably see a bunch of March Madness attacks along with Tax related phishing this month since thats what people are searching for online. This contradictions the old belief that “safe searching” aka not going to adult websites or searching for free software will keep you safe from malware. The reality is the attackers want the most bang for their buck so they will target where the most people are at. In March, thats Tax season and March Madness. Here is the post from Cisco. Continue reading
There are many methods criminals will use to steal money that fall outside of normal attack channels. I was having dinner with a buddy from work and heard one of the most outrageous social engineering attack methods he recently experienced. To summarize, he had attackers call his home phone and try to get him to install malicious software. He figured out they were full of it yet went along with the scam for 20 minutes to see where they would take things. This post will cover his experience and variations of this attack seen in the wild.
Lesson learned …. don’t trust somebody just because they called you. Make sure to tell your friends and family this message. If you do some Google research, you will find many non-technical people are being tricked by this form of attack. Continue reading
I’ve said this many times before … the Internet is full of bad things. Of those bad things, one of the most common threats is Phishing attacks. Wiki defines phishing as “the act of attempting to acquire information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication”. The majority of successful phishing attacks clone popular social networking sources and provide hyperlinks with the hope a target will click the link without questioning the authenticity of the source.
I wrote a post about what to look for regarding fraud email and craiglist sales HERE and 2 example craiglist cons HERE. The concepts are generally the same regarding identifying phishing attackers however in some cases, the attack will be a clone of a real message or website, which makes it very difficult to detect. Best practices is THINK BEFORE YOU CLICK! Here are some examples why this is important. Continue reading
Pickpocketing is an old yet popular crime. Reason for this is the return can be as high as a robbing a store without the risk of using weapons or be identified by victims. Pickpockets can operate as a team or individually and typically involve a form of deception to conceal the crime. Most victims won’t realize they have been robbed until the pickpocket is long gone and if caught, the criminals face minimal jail time since lethal threats are not involved. Here is a review of the most common tactics used by pickpockets and methods to avoid becoming a victim. Continue reading
My buddy Aamir wrote a great post on Cryptolocker. The original can be found HERE.
Cryptolocker is malware that is categorized as ransomware. According to Wikipedia, “Ransomware comprises a class of malware which restricts access to the computer system that it infects, and demands a ransom paid to the creator of the malware in order for the restriction to be removed” (Wikpedia).
Cryptolocker is dangerous because if you are infected with the malware, you are in danger of losing all your files that are local to your machine, including attached storage (USB drives) and connected network drives. The network drives or any other mass storage media that shows up as a drive letter could be corrupted by the malware. Continue reading
A coworker of mine, Tom Cross, was featured on CBS Atlanta regarding a case where a newscast member had her credit card information stolen. An interesting aspect of this situation is the criminals obtained the card number while the victim was in another city holding the authentic card. It is undetermined how the criminals stole the card number to create the duplicate but the motive clear … purchase giftcards until the credit card account becomes locked. Continue reading
There are documentaries popping up that showcase outrageous claims such as the government hiding captured mermaids or encounters with aliens. I’ve heard friends and coworkers talk about such things around the water cooler believing the stories are real based on fake videos and actors posing as specialists. Movies like The Blair Witch Project and The Forth Kind present fictional stories as documentaries, however most people figured out they are not real based on being available at major movie theaters. Some documentaries have been seen on TV networks displaying “A Speculative Documentary”, which doesn’t clearly translate to fictional footage. Continue reading