There is a new spin on an existing phishing scam you need to be aware of. Bad guys are doing research on you personally using social media and find out where and when you (might) travel for business. Next, they craft an email especially for you with an airline reservation or receipt that looks just like the real thing, sent with a spoofed “From” email address that also looks legit.
Sometimes, they even have links in this email that go to a website that looks identical to the real airline, but it is fake. They try to do two things: 1) try to steal your company username and password, and 2) try to trick you into opening the attachment which could be a PDF or DOCX. If you click on the link or open the attachment, your workstation will possibly get infected with malware that allows the bad guys to hack into your network.
Remember, if you want to check any airline reservations or flight status, open your browser and type the website name in the address bar or use a bookmark that you yourself set earlier. Do not click on links in emails to go to websites. And as always…. Think before You Click!
These bad guys are going to exploit this in many ways, sending spam, phishing and possibly blackmail messages, using social engineering tactics to make people click on links or open infected attachments. Be on the lookout for threatening email messages which slip through spam filters that have anything to do with AdultFriendFinder, delete them immediately, both in the office or at the house.”
Please forward this to friends, family, colleagues and peers
Here is one of the examples of Ashley Madison extortion that came out after that hack, and you can expect the bad guys to do the same thing with AdultFriendFinder:
Unfortunately, your data was leaked in the recent hacking of Ashley Madison and I now have your information.
If you would like to prevent me from finding and sharing this information with your significant other send exactly 1.0000001 Bitcoins (approx. value $625 USD) to the following address:
1B8eH7HR87vbVbMzX4gk9nYyus3KnXs4Ez [link added]
Sending the wrong amount means I won’t know it’s you who paid.
You have 7 days from receipt of this email to send the BTC [bitcoins]. If you
need help locating a place to purchase BTC, you can start here…..
You might even get text messages to your smartphone that try to trick you into going to a site with the exclusive pictures of his death. If you see any social media posts or get emails with links or attachments, do not click on anything, do not open attachments or reply, and if it is social media, do not touch and do not share or forward. These bad guys will use anything to shock and trick you into clicking.
Bad guys have copied these emails in the past, and tried to trick you into logging into a fake website they set up and steal your username and password. Now, however, they send these fake security emails with a 1-800 number that they claim you need to call immediately.
If you do, two things may happen:
1) You get to talk right away with a real internet criminal, usually with a foreign accent, that tries to scam you. They claim there is a problem with your computer, “fix” it, and ask for your credit card.
2) You get sent to voice mail and kept there until you hang up, but your phone number was put in a queue and the bad guys will call you and try the same scam.
Remember, if you get any emails that either promise something too good to be true, OR looks like you need to prevent a negative consequence, Think Before You Click and in this case before you pick up the phone.
If you decide to call any vendor, go to their website and call the number listed there. Never use a phone number from any email you may have received. Here is a real example of such a call. Dont’ fall for it! http://cdn2.hubspot.net/hubfs/241394/phone_phish.mp3
A lot of companies have support pages on social media. A good example is PayPal that has a Twitter support page. You need to watch out for bad guys who are tricking people with fake support pages. Here is how this scam goes down:
- The bad guys set up a fake PayPal Support page on Twitter.
- They monitor the real PayPal Support page on Twitter for potential victims.
- A PayPal user reports a problem on the real Twitter PayPal Support account.
- The bad guys swoop in and respond to that user from their fake PayPal Support page and tell the user to log in on a fake PayPal support site with their real PayPal username and password.
- Game over. Bad guys now own your account and steal money.
What To Do About It: If you have problems with a vendor, do not use social media to complain and/or resolve the issue because everyone else can see this including the bad guys. Go to that vendor’s website and use their existing support webpage to create a trouble-ticket — not their social media pages.
This is an awareness message for all my followers to update your IOS to the latest version “9.3.5”. Apple is patching three zero-day vulnerabilities. For details please read this article: http://www.csoonline.com/article/3112767/security/apple-patches-ios-security-flaws-found-in-spyware-targeting-activist.html
There is a new Scam Of The Week where bad guys have taken an actual past scam that the Federal Trade Commission has resolved and is now refunding money on. Bad guys take these FTC cases by
and create a phishing attack out of them
Here is the rule: If you receive any emails from an official-sounding organization that promises you a refund for any amount, be very careful and never click on any links or open any attachment you did not ask for. Delete the email.
When you are really expecting an FTC refund, go to their website yourself using your own shortcut, or by typing the address in your browser, or Cut & Paste this URL: https://www.ftc.gov/enforcement/cases-proceedings/refunds (this link may be redirected, do not click on the link)
Remember: Think Before Your Click!
[ALERT] “Lowlife internet scum is trying to benefit from the Orlando shootings. They are now sending out phishing campaigns that try to trick you into clicking on a variety of links about blood drives, charitable donations, “inside” information or “exclusive” videos. Don’t let them shock you into clicking on anything, or open possibly dangerous attachments you did not ask for!
Anything you receive about the Orlando shootings, be very suspicious. With this topic, think three times before you click. It is very possible that it is a scam, even though it might look legit or was forwarded to you by a friend — be especially careful when it seems to come from someone you know through email, a text or social media postings because their account may be hacked.
In case you want to donate to charity, go to your usual charity by typing their name in the address bar of your browser and do not click on a link in any email. Remember, these precautions are just as important at the house as in the office.”