Watch for fake security alerts
Gift cards new vector in CEO fraud January 29 saw the arrival of yet another interesting variant of the gift card phishing campaigns that have become more common this year (see below). Today's email demonstrates that bad guys are actively adapting and evolving their pitch into CEO fraud. There are couple interesting things going in this new gift card phish: The bad guys work to establish a credible pretext ("incentives" for staff) -- something they've been getting better at recently. They explicitly request confidentiality -- another tactic we've been seeing more of recently. They're getting really greedy -- $4000 total in gift cards, the largest request we've yet seen (most requests in these gift card phishing schemes range from $500-$2000). But there's something else very significant going on here, ... Read More
September 30, 2024Mark Anthony Germanos
Save money. Do not fall for this rip off.
How to save money on your domain renewals Here's a smart way to save money. Yesterday, Domain Listings sent me a letter asking me to renew an Internet domain. This domain is truly one of mine and I need to keep this domain alive. An Internet domain is your address on the Internet. CNN.com is CNN’s Internet domain, Amazon.com is Amazon’s and eBay.com is eBay’s. I have several. This list includes HowHacksHappen.com,  CyberSafetyNet.net  and CameronParkComputer.com.  All are mine. I am writing about this letter because Domain Listings' renewal price is ridiculously high. Do not fall into their trap. Internet domains typically renew for $18/year. Domain Listings is offering me a chance to renew at $228/year. Let me save you the math. This is a 12.67x markup. This ... Read More
September 17, 2024Mark Anthony Germanos
kidnapping
Social engineering led to potential kidnapping Social engineering and impersonation attacks can lead to far more dangerous consequences than monetary losses, according to Matt Devost from OODA LLC. Devost appeared on the CyberWire’s Hacking Humans Podcast last week, where he described the attacks he’s seen involving cybercriminals with fraudulent personas. Devost described one case in which an attacker impersonated a broker and an investor to target a successful entrepreneur who was looking for funding for a new startup. Under the guise of the broker, the attacker introduced the target to the supposed investor. Now posing as the investor, the attacker conversed with the target about the company, and eventually asked the entrepreneur to fly to South America so they could meet. “That individual is very, very close to ... Read More
September 3, 2024Mark Anthony Germanos