Gift cards new vector in CEO fraud
January 29 saw the arrival of yet another interesting variant of the gift card phishing campaigns that have become more common this year (see below). Today's email demonstrates that bad guys are actively adapting and evolving their pitch into CEO fraud.
There are couple interesting things going in this new gift card phish:
The bad guys work to establish a credible pretext ("incentives" for staff) -- something they've been getting better at recently.
They explicitly request confidentiality -- another tactic we've been seeing more of recently.
They're getting really greedy -- $4000 total in gift cards, the largest request we've yet seen (most requests in these gift card phishing schemes range from $500-$2000).
But there's something else very significant going on here, ... Read More
How to save money on your domain renewals
Here's a smart way to save money. Yesterday, Domain Listings sent me a letter asking me to renew an Internet domain. This domain is truly one of mine and I need to keep this domain alive. An Internet domain is your address on the Internet. CNN.com is CNN’s Internet domain, Amazon.com is Amazon’s and eBay.com is eBay’s. I have several. This list includes HowHacksHappen.com, CyberSafetyNet.net and CameronParkComputer.com. All are mine. I am writing about this letter because Domain Listings' renewal price is ridiculously high. Do not fall into their trap.
Internet domains typically renew for $18/year. Domain Listings is offering me a chance to renew at $228/year. Let me save you the math. This is a 12.67x markup. This ... Read More
Social engineering led to potential kidnapping
Social engineering and impersonation attacks can lead to far more dangerous consequences than monetary losses, according to Matt Devost from OODA LLC. Devost appeared on the CyberWire’s Hacking Humans Podcast last week, where he described the attacks he’s seen involving cybercriminals with fraudulent personas.
Devost described one case in which an attacker impersonated a broker and an investor to target a successful entrepreneur who was looking for funding for a new startup. Under the guise of the broker, the attacker introduced the target to the supposed investor. Now posing as the investor, the attacker conversed with the target about the company, and eventually asked the entrepreneur to fly to South America so they could meet.
“That individual is very, very close to ... Read More