National Cybersecurity Awareness Month continues, and so do the scams.
There’s never a lull in email scams here at Widener. Our community is targeted daily by one or more scams. Some of them are old classics, and some are brand new. Here is a list of a few we’ve seen – but even though it’s a short list, we get plenty of them.
Invoices – the bad guys send us “invoices” that are often spoofing or impersonating Widener employees. The attachments usually have some sort of installer that tries to put malware (probably Ransomware) on the computer. Sometimes they’re just PDFs with “links” to phishing sites. So far, our defenses are finding them before they do anything bad (the author here knocks on wood). Still, it’s best to be aware of any invoice, especially those that don’t refer to anything that’s due. (FTC link about this)
Direct Deposit – we’ve seen several instances of the bad guys impersonating employees to try to get our Payroll and HR groups to change their direct deposit info. The goal is to catch a payroll or reimbursement deposit and then drain the account before the absence is noticed by the employee. This one is bad because when the money is gone, it’s gone. Since these started, we’ve put controls in place to verify requests. (Lexology link about this)
Dog-Walking/Babysitting/Nanny/Caregiver Offer – This scam involves the offer of a job doing some light care of pets, children, or a loved one. Once responded to, the bad guy begins a scheme where a bad check is deposited, and the victim is directed to pay a third party to buy needed supplies and pay themselves. The third party (the scammer) gets the money before the bank discovers the check is bogus, and victim is stuck with the shortage. (FTC link about this)
“Sextortion” – The victim gets an email claiming to know their password, and it is often a valid one (usually old). The scammer tells the victim that he/she has been caught looking at porn sites, and will release a pic “from the user’s camera” unless a sum of money is paid. This one really gets to users because the password that the scammer sends is from one of the many breaches that have revealed passwords tied to addresses. It’s a really popular scam – we’ve received dozens here at Widener – but it’s a scam nonetheless. (Forbes link about this)
Gift Cards – In this one, scammers impersonate someone that has a management position, and direct the employee to buy a sum of gift cards, scrape off the back, and provide the verification numbers back to the scammer. Everyone wants to please their boss, so this one can be a real problem. The best defense is to get to know your boss, and never use gift cards like this. (FTC link about this)
The goal of the scammer/phisher is to appear legitimate, which makes this difficult. The better they are, the more people they can fool. Use this to your advantage: if it looks good, but you shouldn’t be getting it, that’s a red flag. Forward any email that’s weird or out of the ordinary to firstname.lastname@example.org.