I received a request to be part of a banking scam and decided to play it out with false information. Below is a series of emails I received as I communicated with this obvious scam. Make sure you question anything like this because most likely somebody is trying to trick you. Indicators of a scam include broken English, asking to wire money, lack of details about the parties involved and unwillingness to give information linked to the actual conversation such as in this case, the bank’s 1800 number that I could call and ask for the so called “employee” involved.
This scam started off with a email blast, which hit one of my real email spam folders. If you google the number, names, etc. from these emails, you will find many other people have flagged this guy. Continue reading →
There has been a lot of chatter about a new ransomware being called Locky due to how it renames the files to .locky after encrypting the data. Darkreading posted an article HERE explaining some recent news and Sophos also did a good write up HERE. This post will talk about what Locky is and how to protect your organization from Locky as well as other ransomware. Continue reading →
Channel 13 hosted a short segment on the risk of using RFID enabled credit and debit cards. RFID means the card broadcasts the sensitive information over radio frequency so the consumer just has to swipe the card near a reader to buy something. With this convenience comes the risk of a malicious party using a wireless sniffer to capture the same data. This means the malicious party can pick your pocket without having to touch the card IE they can capture the credit card data over the radio and print their own card. In the video, the presenter copies a capture credit card to his hotel room key and makes a purchase using room key with the stolen data as if it was the original credit card. It is pretty easy to do. Continue reading →
There are a ton of computer scams targeting all types of people. Some come in the form of emails claiming to provide something in exchange for a small sum with the goal of stealing that small sum. Others come as a instant message from a friend’s compromised account asking for financial help due to some bogus emergency. There are too scams many to prevent however we can all come together and start investing efforts to waste spammers time. This way they are not using their time to trick another person. One group that has come together with this goal is the 419 Eater found HERE.
In this post, I’ll show you how I like to have fun messing with spammers. Continue reading →
Comparitech.com wrote a helpful post about Ransomeware. This continues to be a hot security topic hitting many of my customers. For those that don’t know, Ransomware is malware that encrypts your files and holds them for ransome requiring a bitcoin payment to unlock them. The original post can be found HERE.
While ransomware has existed since around 1989, in the form of the “AIDS” trojan which encrypted files on a hard drive and then demanded a payment of $189 to unlock them again, it is only in the last few years that it has become a significant and global threat. Continue reading →
Social engineering is all about abusing trust. Many of the phishing attacks found online have the goal of stealing money using tactics such as requesting money for some bogus lost relative. The average “Millennial” has seen this spam however the people behind these scams are taking a all time low approach by targeting elderly family members who are more likely to fall for these tricks.
This post will cover a scam that some of my coworkers have claimed was targeted at their family. In summary, attackers are levering social media to identify relatives of people, reaching out to their grandparents and asking for money while pretending to be a grandchild in trouble. Continue reading →
Social Engineering is all about tricking somebody into acting a way you want them to act. A common tactic is having them click a link using a phishing attack such as a fake UPS delivery link around Christmas or cloning a popular website such as Facebook. Sometimes a target may question the authenticity of the source attempting to contact them. One way to fake your identity is to use listyourself.net by listing your phone or burner phone as a fake identity used in your social engineering scam. That website is http://www.listyourself.net/ Continue reading →
Earl Carter and Craig Williams from the Cisco Security Blog posted a great article on a recent wave of taxed related spear-phishing attacks (original post found HERE). What is interesting is how attackers leverage current trends as the theme for their malware. For example, we will probably see a bunch of March Madness attacks along with Tax related phishing this month since thats what people are searching for online. This contradictions the old belief that “safe searching” aka not going to adult websites or searching for free software will keep you safe from malware. The reality is the attackers want the most bang for their buck so they will target where the most people are at. In March, thats Tax season and March Madness. Here is the post from Cisco. Continue reading →