Phishing continues to be the number one attack vector and impersonation attacks are not new. What is interesting is how there are threat actors using AI to enhance classic attacks.
I’ve seen various versions of this attack from claims that I didn’t pay my taxes BUT I can wire money now (see more on this HERE), calling older targets and telling them their grandkids were arrested but they can pay the bail over wire, and the most common being you sell something on craiglist/facebook and the buyer wants to wire you money now but there is a business account meaning you have to wire money to upgrade to a business account. All of these have pretty easy red flags to spot however, imagine HEARING your son’s voice generated by AI. This can be much harder to spot mixed with the panic included with the story being told by the attacker.
The good news is you can always fall back on the same defense tactics. The ones I live by are the following:
- Never assume trust. Nobody will get super angry if you ask them to verify who they are through questions only they will know. Just state you want to verify this isn’t some crazy scam and ask something only they will know.
- Question any situation that needs action right now. Most scammers are creating panic and hope the target takes a quick action. If you feel you are being pushed to do something, pause and consider you may be getting scammed.
- Validate evidence. If somebody is hurt, you should be able to hang up and call them back at the number you know. If something happened such as the tax example, you should be able to log into the official website (never use provided links from the potential threat) and validate what they say is real. One key example is the classic business account scam stating they paid you but you get a email saying you need to wire money to open a business account. Just log into your real account to validate they are full of it.
The post from malwarebits talking about this scam can be found HERE. Other things to consider to avoid this scam are the following (as stated in the post):
How to avoid scams like this
One of the main tools for the imposters is the amount of information they can round up about the target. Their main sources will include social media and phishing.
There are a few simple precautions to lessen the chances of falling victim to such scams:
- Avoid letting third parties know too many personal details about you.
- Do not answer telephone calls from numbers you do not recognize or calls from private numbers.
- Ask for the caller’s telephone number and check it.
- If necessary, try to reach your allegedly implicated family member by phone. If you can’t reach them directly, call someone else who might know where they are.
- Hang up if in doubt and never give financial or personal information to the caller.
- If you receive or have received such a call, please notify the police immediately and under no circumstances respond to the perpetrators’ demands.