Category: Phishing

October 19, 2022

Most Common Phishing Scams

Phishing scams are where the scammer tries to get your confidential information by subterfuge of some kind.

e.g. you get an email saying you have won the lottery and just need to fill in your details to claim the money or you have an overdue tax payment to make immediately and you have to login to make the payment (on a fake website) or …..

The most common categories of phishing in 2021 were :

Spear Phishing

This is where phishing is targeted at specific individuals or companies.

Perhaps an email arrives, claiming to be from a trustworthy source and the sender knows your full name, job title and department for example. The scammer has done their homework to get this information about you to give the scam a higher chance of success.

A link in the message takes you to a bogus website made to look like the expected website. The fake website looks legitimate but only exists to take the users confidential information and pass it to the scammer.

Whaling

This is where scammers target a “big fish” like a business executive or celebrity. These scammers often conduct considerable research into their targets to find an opportune moment to steal login credentials or other sensitive information. If you have a lot to lose, whaling attackers have a lot to gain.

Vishing

One scam on the rise is ‘vishing‘, or voice phishing. Con artists phone people and pretend to be bank staff or the Police or some other authority figure and have a story that lets them try to get the subject’s personal details, credit card details, bank account password etc. depending on the specific scam.

For the bank account scam, they typically warn of fraudulent activity on your account. They then persuade you to move your account to a safe place (which happens to be an account owned by the scammer) and they convince you to give them the details necessary for the transfer or convince you to move the money yourself.

Stay safe.

If you have any experiences with these scams do let me know, by email.

October 15, 2022

Time-Wasters Update

Amayah Vinson wants to sell to me the details for the 18,000 people who signed up to attend the UK Games Expo. This is obviously fake as those people didn’t sign up for their email addresses etc. to be sold to random people.

Mr Chen Chung works in Hong Kong and has $18,991,691 that he needs to move from a bank there to any other country and is willing to cut me in if I help him. His email address is testtest@… and that’s not a good sign and he wants me to reply to a different personal email address – also a bad sign. Plus he doesn’t know my name. Could anyone believe that a person who doesn’t even know your name wants to trust you with their millions of dollars? There is no money and no-one named Chen Chung, just a 419 scam to catch greedy stupid people.

There are numerous businesses that buy and sell lists of email addresses, physical addresses etc. and some go out of business. One trick used by scammers is pretending to be such a business shutting down and hence ‘giving away’ its lists at usually 90% or 95% or 99% discount. These are lies of course – they are after your financial information so they can add you to their spammers list for sale and to identity thieves. If you get one of these massive discount offers – don’t think yourself to be lucky – more the opposite as the scammers are targeting you.

An email arrives from 787266602911-erp092932120-poqwa232233222 @… Is anyone going to believe that is not from a scammer? It claims there have been abnormal activities on my email account so they have blocked it and I have to click the link to release the block. Pathetic drivel from a pathetic scammer.

A message tells me that the version of NHS jobs I have been using will close shortly and I need to register on the new website for NHS jobs. No – never heard of NHS jobs website and certainly not looking to work in the NHS. No thanks even if it was true, which it isn’t.

Do click on the Facebook or Twitter icons on top right to follow Fight Back Ninja.

October 8, 2022

Time-Wasters Update

Pancake Swap sounds like something for kids and the logo looks like it’s designed for 3 year olds, however it is in fact a strange cyber currency market website to do with cyber currency swapping. Emails from Pancake Swap tell you that your cybercurrency wallet has yet to be verified and will shortly be suspended. Maybe they bought a spam list and send out these messages to get people interested and accessing their website. Maybe there is some other odd benefit to the emails, but whatever it is I’m not interested and don’t like lies, even on email. I don’t have such an account therefore it cannot be suspended.

An email message claims that a radio station email address has just received a file via WeTransfer. We have used the WeTransfer service at times to send files larger than email systems can cope with, but the email address the scammer chose is a dead one, out of use for a long time and the claim that someone has sent a proforma invoice is laughable. We wont be opening that.

Supermarkets sometimes send out surveys to their customers and occasionally reward those fill them in by sending a small value voucher. However the email offer, supposedly from Morrisons of a £100 voucher for spending 5 minutes on a survey is ludicrous and Morrisons do not send such emails out to random people. The sender’s email address is @travelspell.lol which is obviously not Morrisons.

A scam email claims that a specific vinegar will reduce your chance of heart attack by 43%. Nope – just a scammer as there is no such research proving that vinegar of any kind reduces the risk of heart attack.

Veronica’s email says she is very happy for us as we are one of 3 people who have won a new Range River worth £99,370. We just have to answer a few questions and confirm our details to collect the prize. However, the email address the scammer sent the message to is a fake one invented by a scammer, so it’s all fake.

Do click on the Facebook or Twitter icons on top right to follow Fight Back Ninja.

October 4, 2022

The SharePoint Phishing Scam

Security researchers at Microsoft are warning all users of SharePoint about phishing scams imitating SharePoint.

SharePoint is a Microsoft collaboration tool for businesses and it is very popular so there are millions of users for these scammers to target.

The scammers try to steal logins and passwords from business users. It might seem a strange way to get money but the scammers will use those credentials to access company data in the hope of finding sensitive information, bank accounts, payment cards etc.

Even just email accounts and passwords they find can be sold to other scammers on the dark web.

Some scammers focus on getting access to sensitive information then trying to blackmail the company – pay or your files will be encrypted or deleted.

These scam messages are generally profession looking and have the correct logos etc. Without inspection, they look real and users not familiar with fake SharePoint messages can sometimes be fooled.

The message contains a link that looks like a normal SharePoint link but if you check then you will see it doesn’t go to a SharePoint address but to a standard website address nothing to do with your business.

If you click the link you will be asked for your login and password. This is not SharePoint behaves so don’t give your details.

The messages subject line can be anything from Holiday booking to late meeting to price book to invoice due.

If you receive a SharePoint message and are unsure then check the ender’s email address. If its not the person you expected then delete the message.

If you have any experiences with these scams do let me know, by email.

October 1, 2022

Time-Wasters Update

“Alert: Delivery blocked for …” is the latest scam email trying to get our login and password for one of the email accounts. The email claims to be from support@ the radio station which is a lie of course. Simple rubbish from evil scammers.

Anuj Talan offers me the opportunity to have an APP that guarantees to increase my sales as his company is expert in APP development. However his email address is a personal Outlook address so there is no company – just one person who may or may not actually be an APP developer. Only a moron would consider paying someone who sends out mass spam messages.

I’ve never heard of Acquirz but their email claims they have lots of information about me and just want to make sure I know they are processing that according to the law. I can find out more about them by clicking the various links in the message or I can click to unsubscribe. There are lots of these such emails nowadays and 99.999% are scams. Just delete such messages and don’t be tempted to ask them what information they have on you.

A message from outwork.co but claims to be from MetroBank warning me that my security validation has expired and I need to revalidate it immediately. Nope. Don’t have a MetroBank account so wont be doing that.

The message says it’s my turn to win 2 x £250 Morrisons Vouchers as I am in a draw with just 2 others to win them. The other 2 people are Matt Singer and Ruby Whitman. Morrisons supermarket do not give away vouchers by email and they do not have £250 vouchers. The message is from customerservice.uk which is a generic email address which anyone can buy an email address for. It is used by some legal companies but mostly by scammers. A legal draw would not show you the names of the other competitors as that is against the law. All fake of course.

Do click on the Facebook or Twitter icons on top right to follow Fight Back Ninja.

September 24, 2022

Time-Wasters Update

A “Mr Anthony” who is a BMW delivery agent at “the United Embassy from the government of USA in the White house Washington DC” tells me that I have won a BMW X6 car and a cheque for $8.5 million. These are ready to be shipped to me as soon as I return the email with my contact details and ID information. The sender makes no effort to make the email look genuine or fake his sender’s email address which is a personal Gmail account. Quite pathetic to think that anyone could reply to such an obvious scam.

Lots of scammers uses Bill Gate’s name as he is famous and his foundation does a lot of good in the world. This latest one claims to be from the “Bill and Gates” Foundation and my email address has been randomly selected to receive $1.5 million. I just have to return my contact and personal details to the sender. The real foundation is named “The Bill & Melinda Gates Foundation” and they certainly do not give away millions of dollars to random strangers for no reason. They use their money to fight poverty and eradicate disease.

More emails arrive at the radio station claiming an email address mailbox is full and needs to be sorted out as it is now disabled. However that email address is just a forwarder – meaning there is no mailbox so it cannot be full up. I wont be clicking on the Fix It link.

A strange email claims that a controversial liquid will end all pain in 54 seconds. But, it is banned in America due to the drug companies wanting to make more money. Even mad conspiracy theorists must have a limit of the ridiculous stories they are willing to believe, based on no evidence. 54 seconds is a remarkably precise figure which means it’s a lie but then the only substance I can think of that ends pain that fast is cyanide. All rubbish from scammers after your money.

Almost everyone in the developed countries gave up using faxes many years ago. But scammers still to scam people over supposed faxes. This latest one says there is a fax waiting for me that is a new contract document (but its name is “invoice”) and I must download it immediately. No thanks. I can do without scam documents.

Do click on the Facebook or Twitter icons on top right to follow Fight Back Ninja.