Video: Pranks Destroy Scam Callers – Glitterbomb Payback
I’m starting this month’s message with a video for 2 reasons.
- This video is impressive, and one of my guys shared it with the team. It’s long, about 26 minutes, but it’s fast-moving, entertaining, and informative. It’s by the creator of the glitterbomb and backyard squirrel maze, and it’s worth the watch.
- Reading about these scams can be sort of vague or theoretical if they have never happened to you or a loved one. ‘They’re just emails, right? Why can’t people just delete them?’ Well, these cyber criminals are big business. They keep evolving, and they like to target people who aren’t even aware such scams exist. This video includes actual experiences people have had, yet it’s still creative and funny. And it hits a very satisfying note of revenge against scam callers and the terrible damage they wreak.
1. Preparing for Hurricane Season and Storm-Related Scams
Today kicks off the 2022 Hurricane Season. We have a lot of disaster recovery resources on our website, but a recent alert from the Federal Trade Commission (FTC) warns everyone to not only prepare for the weather but also to be on the lookout for the scams that follow.
“Hurricane-related threats also come in the form of scammers who use those weather emergencies to cheat people. Some of the most common weather-related frauds and scams include people who promise to help you with clean-up or repairs, but disappear with your money; those who pretend to be FEMA or other government agencies; people who promise you a job – if only you pay to get it; and those who promise you a place to rent – if only you wire them the money to get the place sight unseen.”
These scams will come in the form of emails, texts, and online ads or listings. Stay vigilant and follow the FTC recommendations below to stay safe.
The FTC recommends the following precautions. You can also download and print this infographic for your colleagues or community groups.
For clean up and repairs:
- Ask for IDs, licenses, proof of insurance, and references. See if local contact info is on their trucks. Check with state and local consumer protection offices for complaints.
- Get more than one estimate. Ask people you trust for recommendations.
- Read the contract carefully. Make sure all promises are in writing and that you understand what you’re signing.
- Never pay in cash. And never make the final payment until the work is done and you’re satisfied with it.
- Ask for IDs. If anyone asks you for money or your financial information, like your bank account or credit card number, it’s a scam.
- Know that FEMA doesn’t charge application fees. If someone wants money to help you qualify for FEMA funds, it may be a scam.
- Be alert for up-front payment demands. You should not have to pay to apply for a legitimate job. You should also not have to provide a security deposit or rent before you’ve signed a lease or for the ‘opportunity’ to see a property.
- If you get an email or text – especially if it is the saddest, most urgent need to pull on your heartstrings – do not click any included links. Navigate independently to legitimate charity websites and only make donations on secure websites.
- If someone calls you, do not give any personal information, and do not donate over the phone. Get the charity’s information and look it up yourself online.
2. Fake Overdue Tax Bills
The Resecurity HUNTER team, an elite group within the cybersecurity company, warns of a recent scam about fake overdue IRS bills.
Now that tax season has ended, criminals are trying to trick people into thinking they owe the government money.
The scam comes as an email with no links and a From address that could seem real at a quick glance. The message may have “urgent” in the Subject Line, and it is noteworthy that the emails come through without being flagged. The examined messages had been sent through multiple ‘hops’ using legitimate-seeming hosts and domains.
The email is simple and typically includes an overdue amount, fake invoice number, and due date with instructions to view and pay using the attachment. The attachment is an html file, and the criminals have embedded “obfuscated JavaScript code that does the following:
- Checks the victim’s location based on IP address to selectively target countries or regions
- Presents a spoofed Microsoft 365 logon screen
- If credentials are presented, checks the credentials’ validity by attempting to logon via IMAP to Microsoft 365
- Transmits the credentials back to a threat actor-controlled server.”
- If you didn’t already know, the IRS does not use email, texts, or social media to discuss tax debt or refunds. So keep that in mind and share it with your friends and family. In fact, any time you are contacted by a ‘government agency,’ do a quick search online to see if they would ever contact you that way. Forms of official communication are typically at the top of an FAQ list.
- Always be suspicious of ‘urgent’ unsolicited messages that want you to take an action (click a link, open an attachment, etc.). Be even more careful when money is involved.
- Carefully check the From address of any unsolicited message. We get so many emails that we tend to skim rather than read carefully, and that’s exactly what criminals count on. Senders can look okay at a glance, but closer inspection shows the domain is wrong or there are misspellings or character substitutions.
- You can always send messages to your IT team to check for you. We appreciate your care in protecting the network, and we can safely check links and attachments.
3. Fake Chatbots
As I mentioned above with the video, the criminals keep evolving. Like any business trying to make money, they will continue to adapt their tactics to what is successful. And that means we need to keep our guard up.
Researchers at Trustwave, a leading cybersecurity and managed security services provider, warn of a new scam that mixes simple and sophisticated tactics. The simple part is an email that directs you to a non-malicious website. The advanced part is the interactive chatbot on that website that walks victims through a step-by-step scam to steal their credentials and payment information.
Trustwave describes why this is effective:
“In general, using chatbots adds an interactive component to a website. This often results in a higher conversion rate because it makes the site more interesting and engaging for the users. This is what the perpetrators of this [scam] are trying to capitalize on. Aside from spoofing the target brand on the email and website, the chatbot-like component slowly lures the victim to the actual [scam] pages. Also, the addition of fake OTP and CAPTCHA pages makes the [malicious] website seem more legitimate.”
Here’s how it works.
You receive an email about a shipping update or delivery problem. It appears to be from a well-known brand such as DHL. The email is a simple, professional-seeming message claiming your package cannot be delivered. There is a button for you to click to rectify the matter.
If you click on the button, you are directed to an online pdf with spoofed branding that shows you more information about the package and has a button to “Fix delivery” plus a link below it. If you click either of these, you will land on the website with the chatbot.
The chatbot greets you and tricks you into trusting it by having you confirm the fake information it provides, such as the tracking number they gave you. It follows a script and asks you simple questions such as choosing between ‘home’ or ‘business’ for the new address. There is even a CAPTCHA they use to appear authentic, but it is only a picture of one.
Ultimately, you are directed to the credential harvesting site where the criminals steal the login and payment information they guide you to enter.
So how can you stay safe from this?
- The good news about this scam is that it starts with an unsolicited email about a delivery problem. We have seen enough of those that you shouldn’t fall for it. If you check the sender carefully, you’ll notice red flags that cause you to delete it or ask your IT team to check it first.
- The second red flag is that the link in the email directs you to a page that wants to send you somewhere else. That should always make you suspicious. It is a common tactic now for criminals to hide their links from email security filters.
- If you were to click on both the email and the link in the fake pdf, you would still want to closely check the URL of the new website. Here you should be able to tell that it is a spoofed delivery service site. You could even bypass all of this by independently navigating to the shipping website and looking up the tracking number they provided.
- Noticing that the chatbot is fake will take more practice. We expect simple, canned responses in automation, so that might not cause concern. The point where they ask for your credentials or any payment is where you need to train yourself to stop. Remember to not ever enter your logins on pages you did not independently navigate to. And anytime someone asks for financial information, ask yourself why. In this example, if a package was supposed to be delivered, then shipping should have already been paid for.
