Greg's Corner

Tagged: social engineering Toggle Comment Threads | Keyboard Shortcuts

• 

  Geebo 9:01 am on February 20, 2025 Permalink | Reply
  Tags: DOGE, dogecoin, impersonation scam ( 158 ), San Francisco ( 9 ), Scams ( 1,429 ), social engineering   

  DOGE Chaos: Fake Agents, Real Security Threat 

  

  By Greg Collier

  San Francisco City Hall was the scene of an unusual and unsettling event on February 14th when three men, claiming to work for the Department of Government Efficiency (DOGE), attempted to gain access to office computers. Lacking identification but armed with bold attitudes, they demanded that staff upload information from their systems via a USB drive they provided. Their aggressive demeanor and refusal to provide credentials led employees to deny their requests, but the audacity of their actions has left lingering questions about their true motives.

  The supposed Department of Government Efficiency is an initiative linked to the Trump administration and informally led by Elon Musk, purportedly aiming to root out waste, fraud, and abuse within government agencies. However, its lack of formal structure and transparency has made it difficult to discern what authority, if any, these individuals actually had. Their presence was not only disruptive but also legally questionable. Surveillance footage captured them in DOGECOIN t-shirts, a curious wardrobe choice that only deepens the mystery.

  To complicate matters further, similar reports surfaced from an administrative building within the San Francisco Unified School District, where three men fitting the same description attempted to gain entry. Whether this was an extension of the same operation or a separate act under the same guise remains uncertain.

  The nebulous nature of DOGE, both as a government initiative and a cultural phenomenon, creates a breeding ground for confusion, and with confusion comes opportunity, for deception, manipulation, and exploitation. The name itself, associated both with government efficiency and a satirical cryptocurrency, makes it difficult to determine what is genuine and what is an elaborate hoax. This is precisely the kind of environment where future scams could flourish.

  With no clear organizational structure, anyone with a few printed t-shirts and a persuasive tone could claim to represent DOGE and exploit the fear of government oversight. Fraudsters could gain unauthorized access to sensitive data or systems by leveraging the ambiguity surrounding this initiative. Given the rise of social engineering attacks, where deception is used to manipulate individuals into divulging confidential information, it is not difficult to imagine similar schemes emerging under the DOGE banner, targeting government offices, businesses, or even everyday citizens.

  This incident at City Hall raises serious concerns about security, credibility, and the ease with which a group of unverified individuals can attempt to infiltrate government offices. The absence of immediate consequences for the perpetrators only emboldens copycats who might see an opportunity to exploit the situation for their own gain. If nothing else, it serves as a stark reminder that in an age where information is power, skepticism and verification are essential defenses against those who seek to take advantage of institutional uncertainty.

   

  Leave a ReplyCancel reply
• 

  Geebo 8:34 am on September 18, 2023 Permalink | Reply
  Tags: cyberattack, cybersecurity ( 37 ), MGM Resorts, ransomware ( 11 ), Scams ( 1,429 ), social engineering   

  What does the MGM casino cyberattack mean to you? 

  

  By Greg Collier

  When we think of someone stealing from a casino, we may think of someone cheating at the tables. Or we may think of one of the famous heist movies like Ocean’s Eleven, whether it’s the Frank Sinatra or the George Clooney version. What we probably don’t think about is a chain of Las Vegas casinos being held hostage by hackers after a ten-minute phone call. Unfortunately, that’s what appears to have happened to the casinos owned by MGM Resorts this past week.

  While MGM themselves are being tight-lipped about the situation, it seems that a hacker collective found an upper management employee of MGM Resorts on LinkedIn. The hackers then posed as this employee and called MGM’s IT help desk. While speaking with the person at the help desk for only ten minutes, the hackers were able to obtain the information needed to access MGM Resorts’ internal computer systems.

  Once the hackers had the keys to the kingdom, so to speak, they infected MGM’s systems with ransomware. For the next few days, MGM Resorts had to shut down many of its systems, which greatly affected their business. Slot machines were inoperable, and the hotels could not issue electronic room keys to guests, just to name a few of the problems. The casinos even had to revert to giving out handwritten receipts to some of its winners.

  MGM has stated they will not give in to the hackers’ demands.

  So what does MGM’s trouble’s mean to the average consumer? Well, this kind of impersonation attack is known as social engineering and can be used in a multitude of scams. Social engineering is a form of manipulation and psychological persuasion that is often used for malicious purposes. It involves exploiting human psychology and social interactions to trick individuals or groups into divulging confidential information, granting access to restricted areas, or performing actions that may compromise security.

  If social engineering can be used against a multi-billion dollar corporation, it can be used and be successful against anyone. Protecting oneself from social engineering attacks involves a combination of awareness, skepticism, and proactive measures.

  Always verify requests for sensitive information, access, or actions, especially if they come via email, phone calls, or in-person interactions. Use trusted contact information to confirm the legitimacy of the request with the supposed authority or organization.

  Be cautious of unsolicited communications from unknown or unexpected sources. Verify the identity of the person or organization before sharing sensitive information or complying with their requests.

  By adopting these practices and fostering a security-conscious mindset, individuals can significantly reduce their vulnerability to social engineering attacks and help protect their personal and organizational assets.

   
• 

  Geebo 8:00 am on October 18, 2022 Permalink | Reply
  Tags: phone scam ( 46 ), Scams ( 1,429 ), sim swapping ( 9 ), social engineering, two factor authentication ( 18 ), Zelle ( 68 )   

  This phone scam could steal your life 

  

  By Greg Collier

  How much of a panic would you be in if you lost your phone? Can your personal or business email accounts be accessed through your phone? Is your phone locked with a PIN or password? Or is it secured using a fingerprint or facial ID? Do you have banking apps that require a PIN or fingerprint to access? Could any random stranger just pick up your phone and start accessing your money and information? Even if your phone is completely locked down and secure from physical access by outsiders, there’s still a way you can lose all access to your phone without actually losing your phone.

  There is a scam out there that most mobile phones are vulnerable to, and it’s known as SIM-swapping. The name SIM-swapping is a misnomer, since physical access to your phone’s SIM card is not necessary. SIM-swapping works when scammers or identity thieves contact your mobile phone carrier and pose as you. The scammer will use information they’ve found out about you to convince the phone carrier they are you. This is known as social engineering.

  Once the scammer convinces the phone carrier that they’re you, they’ll have the phone company switch your service from your phone to theirs. As soon as that happens, the scammers have direct access to your phone number and text messages. Since most of us who use two-factor authentication have the authorization codes sent to our text messages, the scammers can then access any number of your personal accounts, including your financial accounts.

  This recently happened to a victim from Tennessee. She had received a text message from her carrier indicating a change on her account before her phone service went completely dead. She called her carrier, and another name had been added to the account. By the time she had her service restored, scammers had transferred thousands out of her bank account through the Zelle app.

  There are ways to protect yourself from SIM-swapping. One way is to use an authenticator app instead of using text messages for your two-factor authentication. Authenticator apps are tied to the device instead of being tied to a phone number. Also, when filling out your security questions for online accounts, don’t give the correct answers. Information like your high school mascot or your pet’s name can be discovered on your social media. Lastly, you can contact your carrier and tell them not to allow any device switching on your account. However, to get your account unfrozen, you may have to visit your carrier’s store with your ID.