Online scams we are seeing in the field this summer include the "Strong-arm Hack," the "Government Imposter," the "Email Verification Scam" and others. Also, "How do you know if an email is legit?" Read more...
The Strong-Arm Hack
This is one we are seeing more of, but haven't noticed much publicity or analysis by third parties. Unfortunately, due to the convergence of several trends, we're convinced we'll see much more of the digital strong-arm tactic going forward.
"Strong armed robbery is a specific type of larceny that is committed with a threat of force or intimidation that usually does not involve a weapon."
This form of cybercrime uses intimidating emails and/or phone calls to demand payment. In many cases the perpetrator has private information they will use to convince the victim they are for real and have access to more potentially damaging information.
The emails and calls can be rude, insulting, and scary. If you are not sure what to look for and cannot determine if the threat is real, or not, the experience can be unsettling and in some cases, expensive.
Here's a recent example:
If you are a Total Digital Security customer the best approach is to contact us before anything else. In many cases, we will recognize the scam and assure you it can be ignored or blocked without further repercussions.
We can also check the devices and networks we protect to view activity and determine if the threat is a bluff.
Criminal strong-arm tactics will continue to find their digital equivalents and we expect a rash of these incident in the coming 12 to 18 months. Professional criminal cartels, street thugs, desperate individuals and groups - all will crowd for a piece of the easy, lucrative, and low risk action.
Unfortunately, we also expect these digital crimes to include an increase in related physical violence. More on that soon when we present at these conferences in the fall.
The Email Verification Scam
In this case the scammers craft an email that looks like it comes from your provider. It looks legit with logos and format - but is actually a ruse that is looking to manipulate you into clicking further and infecting your system with malware.
Here is an example being used in attempt to fool Rackspace's email box users:
So, how to tell if the email is legit?
First, hover over the email sender to see the address. In the case above, it is firstname.lastname@example.org. This is not a legitimate address for this email provider, but was created specifically to scam those that may not look closely and tempt them to click the malicious link.
Here are a couple of good resources for determining if an email is truly from a legitimate sender.
And an address checker: https://email-checker.net
Here is an example of using the Email Checker with the bogus address from the email above:
Try the Email Checker using your own email address and test others too. It's a very handy tool to use in verifying the validity of an email sender.
Microsoft OneNote Audio Note Scam
Internet Criminals are sending phishing attacks where they try to trick you into listening to a fake "Audio Note". They show you screen shots and attempt to scam you into clicking on links or even log into a fake Microsoft login page.
"Of particular interest is that the phishing scammers are now commonly including footer notes stating the email is safe as it was scanned by a security software. In this case, the email states it was "Scanned by McAfee Ultimate 2019 Antivirus Scanning Service for Microsoft"." Stu Sjouwerman - KnowBe4 - read more.
If you are presented with a Microsoft login form from any other URL, avoid it and only use your normal bookmarks to go to these sites.
Government Imposter Scams Reach New High
Also from the anti-phishing firm KnowBe4;
"The Federal Trade Commission has warned that complaints about scammers impersonating government agencies reached a record high this spring, with more than 46,000 complaints registered in May alone."
Impersonation scams include:
- Social Security (most reported)
- Department of Health
- Law Enforcement
- Jury Duty
Most of theses scams try to obtain payment by gift cards, which the FTC says “is a dead giveaway that the consumer is dealing with a scammer.”
“The vast majority of people who report this type of scam say it started with a phone call, and these callers have their mind games down pat,”
“Government impersonators can create a sense of urgent fear, telling you to send money right away or provide your social security number to avoid arrest or some other trouble. Or they can play the good guy, promising to help you get some free benefit like a grant or prize, or even a back brace.
Scammers like to make the situation so immediate that you can’t stop to check it out.”
Be suspicious of anyone purporting to be from a government agency or law enforcement. Most agencies have set rules and policies for contacting a party. And if a gift-card is involved, hang-up!
For the FCC Guide to Fraud and Scams, click here.
Your Best Defense?
Empower yourself to defend from cybercrime and online scams with "The Four Fundamentals of Cybersecurity for Life."
Contact us for more information: