There are a ton of computer scams targeting all types of people. Some come in the form of emails claiming to provide something in exchange for a small sum with the goal of stealing that small sum. Others come as a instant message from a friend’s compromised account asking for financial help due to some bogus emergency. There are too scams many to prevent however we can all come together and start investing efforts to waste spammers time. This way they are not using their time to trick another person. One group that has come together with this goal is the 419 Eater found HERE.
In this post, I’ll show you how I like to have fun messing with spammers. Continue reading →
Comparitech.com wrote a helpful post about Ransomeware. This continues to be a hot security topic hitting many of my customers. For those that don’t know, Ransomware is malware that encrypts your files and holds them for ransome requiring a bitcoin payment to unlock them. The original post can be found HERE.
While ransomware has existed since around 1989, in the form of the “AIDS” trojan which encrypted files on a hard drive and then demanded a payment of $189 to unlock them again, it is only in the last few years that it has become a significant and global threat. Continue reading →
Social engineering is all about abusing trust. Many of the phishing attacks found online have the goal of stealing money using tactics such as requesting money for some bogus lost relative. The average “Millennial” has seen this spam however the people behind these scams are taking a all time low approach by targeting elderly family members who are more likely to fall for these tricks.
This post will cover a scam that some of my coworkers have claimed was targeted at their family. In summary, attackers are levering social media to identify relatives of people, reaching out to their grandparents and asking for money while pretending to be a grandchild in trouble. Continue reading →
Social Engineering is all about tricking somebody into acting a way you want them to act. A common tactic is having them click a link using a phishing attack such as a fake UPS delivery link around Christmas or cloning a popular website such as Facebook. Sometimes a target may question the authenticity of the source attempting to contact them. One way to fake your identity is to use listyourself.net by listing your phone or burner phone as a fake identity used in your social engineering scam. That website is http://www.listyourself.net/ Continue reading →
Earl Carter and Craig Williams from the Cisco Security Blog posted a great article on a recent wave of taxed related spear-phishing attacks (original post found HERE). What is interesting is how attackers leverage current trends as the theme for their malware. For example, we will probably see a bunch of March Madness attacks along with Tax related phishing this month since thats what people are searching for online. This contradictions the old belief that “safe searching” aka not going to adult websites or searching for free software will keep you safe from malware. The reality is the attackers want the most bang for their buck so they will target where the most people are at. In March, thats Tax season and March Madness. Here is the post from Cisco. Continue reading →
There are many methods criminals will use to steal money that fall outside of normal attack channels. I was having dinner with a buddy from work and heard one of the most outrageous social engineering attack methods he recently experienced. To summarize, he had attackers call his home phone and try to get him to install malicious software. He figured out they were full of it yet went along with the scam for 20 minutes to see where they would take things. This post will cover his experience and variations of this attack seen in the wild.
Lesson learned …. don’t trust somebody just because they called you. Make sure to tell your friends and family this message. If you do some Google research, you will find many non-technical people are being tricked by this form of attack.Continue reading →
I’ve said this many times before … the Internet is full of bad things. Of those bad things, one of the most common threats is Phishing attacks. Wiki defines phishing as “the act of attempting to acquire information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication”. The majority of successful phishing attacks clone popular social networking sources and provide hyperlinks with the hope a target will click the link without questioning the authenticity of the source.
I wrote a post about what to look for regarding fraud email and craiglist sales HERE and 2 example craiglist cons HERE. The concepts are generally the same regarding identifying phishing attackers however in some cases, the attack will be a clone of a real message or website, which makes it very difficult to detect. Best practices is THINK BEFORE YOU CLICK! Here are some examples why this is important. Continue reading →
Pickpocketing is an old yet popular crime. Reason for this is the return can be as high as a robbing a store without the risk of using weapons or be identified by victims. Pickpockets can operate as a team or individually and typically involve a form of deception to conceal the crime. Most victims won’t realize they have been robbed until the pickpocket is long gone and if caught, the criminals face minimal jail time since lethal threats are not involved. Here is a review of the most common tactics used by pickpockets and methods to avoid becoming a victim. Continue reading →