Tagged: phishing Toggle Comment Threads | Keyboard Shortcuts

  • Geebo 8:00 am on August 1, 2023 Permalink | Reply
    Tags: , phishing, , , , X   

    Twitter rebrand brings out scammers 

    By Greg Collier

    If you’ve been following the news lately, you’re probably aware of Elon Musk’s rebranding of the social media platform Twitter into X. Gone is the blue Twitter bird that has graced the platform for over 15 years, replaced by a stylized X as the logo. So, when a story like this is large enough to garner national headlines, leave it to the scammers to take advantage of the situation.

    As we have said in the past, scammers are probably the most news-connected people around. They can take a news story as small as a local power outage to a massive story like this and use it to their advantage. In the case of Twitter/X, many scammers have launched a phishing campaign against Twitter/X users, especially those who signed up for Twitter Blue.

    Before Musk took over Twitter, to get the vaunted blue checkmark next to your name, you had to be someone of importance. After Musk bought Twitter, he instituted Twitter Blue, which allowed users to have a blue checkmark as long as they paid an $8/mo. subscription fee. Many critics claimed Twitter Blue devalued the checkmark, and therefore devalued Twitter.

    Now, while Twitter is in the middle of a rebrand, the scammers have decided to strike. Many Twitter Blue users have received emails telling them they need to update their subscriptions to X memberships. The email also contains a link for users to click on to supposedly update their memberships. If someone were to click on the link, they would essentially be handing their Twitter profile to scammers. From there, scammers can use what appear to be verified accounts to spread even more scams.

    To better protect yourself against phishing scams like this, do not click on links or download attachments in emails from unknown or suspicious sources. Check the email address of the sender to ensure it matches the official email address of the organization they claim to represent. Phishers often use email addresses that resemble the real ones, but have slight variations. Legitimate organizations rarely ask for personal information through email or text messages. Be cautious if an email requests sensitive data, such as passwords. Lastly, before clicking on any link, hover your mouse pointer over it to see the actual URL. This allows you to check if the link is legitimate or if it redirects to a suspicious website.

     

  • Geebo 8:00 am on May 31, 2023 Permalink | Reply
    Tags: .zip, , phishing, , top level domains, URLs   

    New domain extension already being used in scams 

    New domain extension already being used in scams

    By Greg Collier

    If you’re unfamiliar with .zip files, they can be one large file or several smaller files that are compressed into a .zip file to make the space they take up on your device smaller. These .zip packages can be decompressed, or unzipped, by using programs like Win-Zip, 7-Zip, or the built-in compression utilities provided by operating systems such as Windows and macOS.

    Many software applications and operating systems are distributed in the form of .zip files. This allows developers to package all the necessary files and folders into a single archive, simplifying the installation process for users.

    Earlier this month, Google started offering .zip internet domains. That means anyone who wants to buy a web address can purchase a .zip domain instead of .com or .net. Many tech enthusiasts chided Google for making .zip available for domains, as they could be abused by scammers. Now, according to tech reports, the scams have already begun.

    A victim could be thinking they’re downloading legitimate software, but are then directed to a .zip website that could infect their device with malware, among other things. The website will mimic a .zip file being extracted, along with a fake pop-up that says the .zip file has been scanned and no viruses were found.

    For a more detailed explanation of how this works, please read this article from Bleeping Computer.

    Unfortunately, there’s no hard and fast rule to protect yourself from such a scam. If you do download a .zip file, make sure it’s from a trusted source. Anything else that has .zip at the end of it, you may want to avoid it.

     

  • Geebo 8:00 am on May 23, 2023 Permalink | Reply
    Tags: , , , , look who died, , phishing, , ,   

    Scam Round Up: The classics make a return 

    By Greg Collier

    Even though there has been an uptick in technologically advanced scams, there are some classic scams that never went away. Here are three we think you should be reminded of.

    If you get a phone call or email that says there’s been a fraudulent charge on your Amazon account, the chances are it’s a scam.

    A woman from Lincoln, Nebraska, recently fell victim to this scam when she thought she was talking to the fraud department of her bank. The scammers convinced her she needed to make payments in Bitcoin to correct the error. She ended up sending the scammers $52,000 in Bitcoin after withdrawing it from her 401K.

    If you receive a call or message like this, go directly to your Amazon account and check for fraudulent charges. If there aren’t any, then whoever contacted you is trying to scam you. No matter how urgent they make it seem, slow down and verify their story before sending any money. And if Bitcoin is brought up in the conversation, then it’s definitely a scam.

    Scammers love to hijack Facebook accounts. When they do, not only do they get your personal information, but they can then use your account to try to scam everyone on your friends list.

    One of the ways they do this is by sending a Facebook message that says, “Look who died.” The message contains a link that appears like it will take you to a news article. Instead, it will inject malware onto your device that can hijack your Facebook account.

    Messenger is a pretty big breeding ground for scams. Outside of the ‘look who died’ message, you should also avoid messages about government grants, cryptocurrency, or just about any message that involves money.

    You may also want to let your Facebook friend know outside of Facebook that their account has been hacked.

    Last, but certainly not least, is the Publisher’s Clearinghouse scam. We’re all familiar with PCH. If you win a substantial prize from them, they surprise you at home in their Prize Van with a large novelty check. The thing with PCH is, you have to enter their sweepstakes first before you can win anything.

    Scammers will call victims at random while posing as PCH, telling their victims they’ve won millions of dollars. The scammers will then try to get their victims to make a payment to claim their prize. The payment will be disguised as something like taxes or processing fees. This is known as the advanced fee scam, which has cost victims thousands of dollars. Once a victim makes payment, the scammers will continue to string the victim along by asking for more money.

    Keep in mind, it’s illegal for sweepstakes like PCH to ask for money before issuing a prize. That’s why legitimate sweepstakes always have the tagline of ‘no purchase necessary’.

     

  • Geebo 8:00 am on May 17, 2023 Permalink | Reply
    Tags: , , , , phishing, ,   

    Victim sues banks for failing to prevent $500K loss 

    Victim sues banks for failing to prevent $500K loss

    By Greg Collier

    A 74-year-old woman from Hilton Head, South Carolina, is suing three major financial institutions for allegedly failing to prevent large transactions of hers being used in a months long scam. But before we get to that, please read how scammers tormented this poor woman.

    It started out when she received an email that appeared to come from PayPal. In actuality, it was a phishing email which said her account had been hacked. The email also offered customer service software that could prevent her account from being hacked. The software was actually malware that allowed scammers to take control of her computer.

    This allowed the scammers to access her bank accounts and take thousands of dollars from her. They also convinced her to withdrawal large sums of money and convert it to cryptocurrency to send them. This occurred through most of 2022.

    The victim’s son received a surprise anonymous text where he was warned by scammers that the last of his mother’s money was about to be stolen. It seems even scammers can have a change of heart. The son even received texts about how much information they had on his mother, including logins for close to a dozen of the woman’s online accounts.

    Her son then went out and bought her a new phone with a new number, and it wasn’t long before the scammers started contacting her through the new phone.

    The woman is now suing PayPal, Bank of America, and Wells Fargo for not better protecting consumers. The suit alleges all three corporations “failed to take corrective actions” while the fraud took place, which included large in-person transactions. According to the suit, the large transactions were never questioned.

    What do you think? Are the banks partially responsible for not putting a stop to these transactions? Or is the elderly woman just an unfortunate victim?

    Since this all started with the victim downloading malware from an email, it’s a good time to remind our readers not to click on any suspicious links from emails, even if they’re from a company you do business with regularly. That email may not actually be from that business. Instead, login directly into your account and address any issues from there.

     

  • Geebo 9:00 am on November 22, 2022 Permalink | Reply
    Tags: , , , , phishing, ,   

    Scam Round Up: Black Friday warning and more 

    Scam Round Up: Black Friday warning and more

    By Greg Collier

    This week in the Scam Round Up, we’re bringing you a reminder of an old scam, a new twist on a persistent scam, and a warning about this year’s holiday shopping season.

    ***

    The grandparent scam is still out there and shows no signs of slowing down. It’s becoming almost as common as the arrest warrant scam, which we’ll get to shortly.

    An elderly Florida woman recently lost $16,000 to the grandparent scam. A scammer called her, posing as one of her grandsons, and claimed he needed $50,000 for bail because of a car accident he was in. This scammer hit all the beats, saying he hit a pregnant woman with his car and not to tell anyone else in the family. The victim sent the scammers $16,000, which was all she had in savings. Her family found out when the victim started asking her friends how she could get more money.

    If you have an elderly relative, please let them know about this scam. If you receive a call like this, don’t say the grandchild’s name. This lets scammers know they have a potential victim on the phone. Ask the caller a question that only that person would know, to see if they are who they say they are.

    ***

    As we have said on multiple occasions, the arrest warrant scam is probably the most common scam in America. It’s at least the most reported one. Not a day goes by where we don’t see a report from some police department or sheriff’s office warning their residents of this scam.

    Typically, scammers call their victim posing as police while telling their victims they have an arrest warrant out for them. In most cases, the scammers will say the arrest warrant is for missing jury duty.

    More recently, residents of a Chicago suburb started receiving voice mails stating they had arrest warrants. They were then instructed to call a number that did not belong to their local police department.

    It’s unknown what happens when the fake police phone number is called, but all arrest warrant scams are designed to scare the victim into making some kind of payment that will make the warrant magically go away.

    No law enforcement office or agency will ever call you to demand a payment over the phone. If you receive one of these calls, hang up and call your local police at their non-emergency number.

    ***

    With Black Friday being this week, scammers will be out in droves trying to separate you from your money. This year, the Better Business Bureau is saying that the scammers will be more inclined to pose as a delivery company like UPS or FedEx than posing as a retailer like Amazon or Apple.

    This means scammers will be sending out texts and emails claiming you missed a delivery, or they need additional information to make the delivery. These messages will contain a link for you to click on. If you click on the link, you could be taken to a phony site that looks like the legitimate one from that delivery service. You’ll then be asked to input your personal information. Sometimes, you’ll be asked for your financial information for a redelivery fee, which isn’t a real thing. The phony website could also inject malware into your device, stealing even more information.

    As always, do not click on links in text messages and emails from people you don’t know personally. If you think there’s a problem with your delivery, go to the retailer’s website, and they’ll have the tracking information.

     

  • Geebo 9:00 am on November 17, 2022 Permalink | Reply
    Tags: phishing, , , ,   

    Postal delivery scam back in time for holidays 

    By Greg Collier

    The delivery scam really never went away. It was insanely popular with scammers during the pandemic, when we were supposed to be sheltering at home. Since then, there have been reports of this scam, but nowhere near as many as during the pandemic. However, with the holiday season on the horizon, this scam has started to pick up steam again.

    Since many of us will be expecting packages delivered to our homes for the holidays, scammers are betting on people being paranoid about the delivery itself. Several regions across the US are reporting an increase in scam text messages that claim to be from the United States Postal Service. These messages say you missed a delivery to your home, or it will say that the package address wasn’t clear enough.

    The message contains a link to click on, so you can supposedly reschedule the delivery. In previous instances of this scam, if you click the link, you’d be taken to a website that looks like the USPS website but isn’t. You’d then be asked to enter your financial information because there is a redelivery fee of $3.00. From here, the scammers would use your financial information to steal as much as they can from you before you notice.

    If you receive a text message like this, think about it for a moment. Did you give the post office your phone number? You probably didn’t and there’s no way for them to find it. The days of the White Pages are over. In general, government services are not in the habit of calling or texting their users. In the majority of cases, if there’s a problem with the service, you need to go to them.

    The best way to protect yourself from this scam is to not click on any links in text messages from people you don’t know personally. You can also sign up for the USPS Informed Delivery service, so you can know exactly when a delivery is expected to be delivered to your home.

     

  • Geebo 8:00 am on October 21, 2022 Permalink | Reply
    Tags: , , phishing, , ,   

    Scam Round Up: Why we keep receiving scam messages and more 

    By Greg Collier

    This week on the Round Up, we’re going to discuss two familiar scams in new clothes, and a look into the scam process itself.

    ***

    Our first scam is a good old phishing scam. If you’re not familiar with the term phishing, it’s when scammers send out messages hoping to get personal information from their victims. It’s like the scammers are on a fishing expedition for victims.

    Bank information is a big target for scammers, and the latest scam is going after the banking login information of its victims. In Virginia, it’s being reported that residents there are receiving emails that appear to be coming from their bank with official logos and everything.

    The emails claim that the bank has a new security procedure in place and provides a link for their users to log in. The link will actually take the victim to a page that looks like the bank’s official login page, but will instead steal the user’s login information.

    Never click on any links in an email or text message from someone you don’t know personally. And always check the URL of any page you’re on to make sure it’s legitimate before logging in.

    ***

    There’s a new scam circulating on social media where a victim can be promised as much as $1 million. This scam happens when you receive a direct message from a friend who says they saw your name on a list of people who are owed unclaimed workers’ compensation. Except, the friend is actually a scammer who has hijacked your friend’s account. The scammer then tells you to call an ‘agent’ at a certain phone number who can help you. If someone calls the number, not only will they be asked for their personal information, but they’ll be told there will be a payment for the process. This is very similar to the government grant scam, where victims are promised free money. This also known as the advance fee scam. When it comes to things like grants and compensation, you should never have to pay money to get money.

    ***

    Lastly, have you ever wondered why you might be receiving scam messages even though you’re careful with your contact information? For example, you may not give your phone number or email address to too many people outside of those in your inner circle. Yet, you still get scam texts, calls, and emails. So, how does that happen?

    Scammers always cast a wide net in order to lure in a handful of victims. They cast the widest net by sending their messages at random to any combination of email addresses and phone numbers. If a scammer gets a reply from any one of these millions of guesses, they know there’s a real person at that email address or phone number.

     

  • Geebo 8:00 am on June 23, 2022 Permalink | Reply
    Tags: , , , phishing, , ,   

    Marketplace scam could send angry strangers to your home 

    Marketplace scam could send angry strangers to your home

    By Greg Collier

    Typically, when we discuss scams carried out through Facebook Marketplace, they’re the ones that plague a lot of online marketplace platforms. Of course, there’s the fake check/overpayment scam. Lately, the Google Voice verification scam has been popular on Marketplace. There have also been a number of rental scams, just to name a few. Now, a new scam has been reported that could have unintended consequences for all victims involved.

    According to a report out of Tulsa, Oklahoma, scammers are hijacking the Facebook accounts of their victims through phishing attacks. The report states specifically that the scammers are posing as old friends that you may not have heard from in a while. However, the scammers use the hijacked accounts to place items for sale on Marketplace that didn’t actually exist. While some of the items have been mundane, like furniture, other listings have been advertising purebred puppies.

    As we have seen with previous puppy scams, scammers will often list a fake address to make their scam seem more legitimate. This has led to victims showing up to homes where they think they’re about to get a puppy, only to be turned away in disappointment. While some victims understood the situation, others have become angry at the people living at the address listed, thinking that the residents are part of the scam.

    If scammers are collecting money through apps like Venmo, Cash App, or Zelle, they could be sending their victims to the address of a person with a hijacked Facebook account. This scam could potentially lead to a violent encounter.

    The best way to protect yourself is to keep your Facebook account secure. Consider making your account private to your friends and family only. Use a password that can’t be guessed easily. For that, you can use a password generator service. Even most modern web browsers have a password manager built in. Lastly, you should enable two-factor authentication on your Facebook account. This means there would be a two-step process into signing in to your Facebook account.

    While none of these methods are foolproof, they do go a long way in keeping your digital life secure.

    Video: Stolen Facebook account posts fake ads, sends strangers to woman’s doorstep

     

  • Geebo 8:00 am on May 20, 2022 Permalink | Reply
    Tags: , , phishing, , , ,   

    Scam Round Up: Store robbed over the phone and more 

    By Greg Collier

    To end the workweek, we’re bringing you a few scams that either have a new twist to them, or have appeared in a new area.

    ***

    A new utility scam has shown up in the Huntsville, Alabama area. Typically, scammers will attempt the shut-off scam, where they threaten victims with shutting off their power if they don’t pay immediately. Now, scammers are trying a different tack. They’re sending phishing emails to victims that say the victim has paid their power bill twice and the victim now has a credit. For the victim to get the credit back, they just need to click the link in the email. The link then takes the victim to a malicious website that asks for their personal and financial information. Remember, most utility companies only communicate by postal mail. If you think there may be a discrepancy in your bill, call the customer service number on your bill instead of any number on the email.

    ***

    We frequently discuss the online puppy scam. This is where victims think they’re buying a puppy from a breeder’s website, but the website is fake and the puppy never existed. Another victim in those scams are the legitimate breeders, as the pictures from their website are often stolen to be used on the fake website. This recently happened to a breeder of Australian Labradoodles in Texas. Unfortunately, there’s not a lot breeders can do about this. However, there are tips you can use to avoid being taken in a puppy scam provided by the breeder. For many purebred dogs from a legitimate breeder, you should expect a wait period. She says that it could be six to 12 months. Avoid breeders who ask for payment in non-traditional ways, such as payment apps like Venmo and Zelle. But as always, we recommend using a licensed breeder within driving distance or adopting from your local shelter.

    ***

    Lastly, we have a scam that happened in Kingsport, Tennessee that retail employees may be interested in. A convenience store employee received a phone call on a Saturday morning. The caller claimed to be from corporate headquarters and asked the employee to take the cash in the register to a Bitcoin ATM. The caller even sent an Uber to pick up the employee to take them to the Bitcoin ATM. The store ended up losing $4500. Often, employees like this have no management on site to ask whether this is a scam or not. If you’re in a supervisory or management position at a retail vendor, you may want to have a talk with your employees about scams like this, or make yourself more available in case of a call like this. Let your employees know that a corporation would never direct them to send money through Bitcoin.

    ***

     

  • Geebo 8:00 am on May 10, 2022 Permalink | Reply
    Tags: , , phishing, , ,   

    Homebuyer loses $155K in email scam 

    Homebuyer loses $155K in email scam

    By Greg Collier

    A woman in the state of Georgia was getting ready to close on a new home when she received an email from her lawyer. She was given instructions to wire transfer the $155,000 for the closing costs. However, the money did not go to the attorney. Instead, it went to the bank account of a local scammer who was recently arrested on felony theft charges.

    So, how was the scammer able to fool the victim? This scam is known as the business email compromise scam, or BEC for short. In this scam, the scammers hijack compromised email accounts of real estate attorneys, title companies, or banks. This way, the scammers can monitor the emails for people who are getting ready to close on their homes. Then, the scammers either use the hijacked email address or a spoofed address to give fraudulent instructions to the homebuyer to wire the money to the scammers. Meanwhile, the victims think they just closed on a new home.

    According to the FBI and other law enforcement agencies, this scam is becoming more common. This scam is so profitable, the scammers only need one victim to fall for the scam to make a ton of money.

    While you may not be in the market for a home right now, you may be in the future. So, it’s best to have this knowledge now instead of finding out before it’s too late. When the time comes to buy a home, the best way to protect yourself is to verify everything by phone. If you get an email from someone involved in the process asking you to make a substantial payment, call them to verify the request. It might be even better to visit the sender in person to verify any requests. No one wants to go through the stressful process of buying a new home only to have their dreams of a new home dashed by losing money to a scammer.

     

← Older posts

Newer posts →

c
Compose new post
j
Next post/Next comment
k
Previous post/Previous comment
r
Reply
e
Edit
o
Show/Hide comments
t
Go to top
l
Go to login
h
Show/Hide help
shift + esc
Cancel