HR Holiday Scam

Many scammers target business workers – perhaps they have more money to steal or perhaps are an easier target if they don’t expect phishing email at work.

But all medium/large businesses and many small businesses train their staff on how to spot phishing attempts.

“Approval Submittal for Vacations on 10/26/2022” is a good title to attract attention. The date format is American and very few other countries use that format of month-day-year so anyone else should immediately spot this is fake.

The email has a series of notes explaining about vacation policy and differences with ‘terminated’ employees and new starters.

But the main point of the email is to get you to click the link which looks like a holiday check document and it has the domain name of the radio station in it to make the link look genuine.

But it’s just fake of course.

How can we tell

The date format is American
We have never worked with the sender’s fake company name
We don’t send out such messages as there is no HR computer system
There’s no name at the bottom of the email
The link is faked as hovering over it shows it goes to a completely different URL.
And so on

If you have any experiences with these scams do let me know, by email.

December 11, 2022

Stupidest Scam of the Week – Mystery Shopper 111222

Mystery Shopper is one of those jobs that millions of people would like to have – get paid to go shopping at your local stores then write up a report of the experience.

Suitable as a second job for anyone struggling financially or as a main job for anyone who loves shopping and you get the products you bought of course.

There are just a handful of people who do this job but they are highly trained and it isn’t as glamorous as it can be depicted.

But you will see numerous adverts offering the job of mystery shopper.

These are scams – just a way to get your confidential information and get you hooked.

This latest one claims to be from Shoppers Bay Ltd but the email sender’s address is secretshopperzuk.biz so it’s fake.

Some of the ads try to get you to buy a guide to becoming a secret shopper – always a scam.

Or to pay to join a list of secret shoppers used supposedly by the big players in the market – always a scam.

It may be an attractive sounding job but 99.99% of such offers are scams – so don’t give away your confidential information and do not pay for information which is readily available on the Internet.

December 10, 2022

Time-Wasters Update

Yet another offer of a free £500 Ryanair voucher arrives. But Ryanair doesn’t make such vouchers available to anyone – they don’t exist so it’s an obvious fake. It claims that Emma Richardson and Stephen Taylor and an email address at the radio station have between them won the voucher and we just need to reply then the final choice will be made. All pathetic rubbish. Never believe such things, as companies do not give away such value to random people who are not already its customers.

Supposedly, Harvard have a new memory loss breakthrough and the proof is that a 70 year old man who could seldom remember even his own name is now able to remember everything and has laser like concentration. People who suffer from diseases such as dementia or Alzheimer’s lose brain cells and no wonder drug can remake them. Then the email switches to the usual conspiracy rubbish about big pharma losing billions when this almost instant cure is made available to all. Nope – sadly there is no cure.

The next stupid email scam is about magic dieting. Just half a teaspoon of a new extract will boost your metabolism by 728% so it claims. If there was any truth in that then you’d need to sit in an ice bath when taking the product to stop your self overheating and endangering your life. The email then claims the extract is actually lemon juice and sea salt. Very stupid.

A billing receipt arrives from a Gmail account and that tells me it’s just a scam. Any business would have a business email address not a personal one like Gmail, especially for sending out invoices. The scammer in this case is very lazy as the message just contains the purchase order number and nothing else. Lazy and stupid.

“The government has been hiding this from you” is an opening line in a scam email – it’s intended to catch your attention but also tells most readers that it’s a rubbish email. It goes on about a miracle liquid that can turn your body’s pain switch off in less than a minute and has no side effects. You are supposed to use it to stop any nerve pain, arthritis pain or any other form of pain. But pain is the body’s natural reactions to something damaging so turning off all pain is dangerous. People suffering from long term pain may desperately want something to stop that pain and hence fall for this stupid email, but I hope not.

Do click on the Facebook or Twitter icons on top right to follow Fight Back Ninja.

December 9, 2022

HCG Scammers Stopped

These are supposedly Homeopathic drops made from HCG, a hormone produced by the human placenta.

Of course, homeopathic remedies don’t actually contain any of the original product i.e. placenta.

Marketers who pitched “homeopathic HCG drops as a quick and easy way to lose substantial weight” were ordered to pay $1 million in December, and asked to stop selling HCG Platinum drops.

The products were sold online, at GNC, Rite Aid, and Walgreens and claimed users would likely lose as much as 50 pounds; a 30-day supply typically retailed for anywhere from $60 to $149.

Human chorionic gonadotropin has been fraudulently pitched for decades as a weight loss ingredient.

The FTC imposed a $3.2 million judgment on a separate group of marketers in January who were selling HCG Diet Direct Drops, though they were unable to pay. In that case, HCG Diet Direct and director Clint Ethington allegedly told customers to place the solution under their tongues before meals and stick to an extremely low-calorie diet to “lose 7 pounds in 7 days.”

December 7, 2022

What is Malvertising?

Malvertising means the use of online advertising to spread malware. This may include computer viruses and other nasty malware that try to hijack your computer or download your confidential information.

Online advertising is largely through advertising networks. You pay for your ad to appear but don’t necessarily which sites it will appear on.

Malvertising is where the scammers inserting malicious adverts into the legitimate advertising networks. Typically this is done by the scammer putting in legitimate adverts for a while then switching to the malvertising ones.

Malvertising is hard to combat because of the complexity of how the advertising networks operate and how quickly ads can be inserted then disappear.

It was estimated nearly 10 billion ad impressions last year were compromised by malvertising.

The identities of those responsible are often hard to trace, making it hard to prevent the attacks or stop them altogether, because the ad network infrastructure is very complex with many linked connections between ads and click-through destinations.

There have been Malvertising attacks against, eBay, answers.com, talktalk.co.uk and many others involving the hacking of various advertising networks.

Don’t automatically trust adverts on respected websites as they may not realise what’s being advertised.

Malvertising is an attack in which perpetrators inject malicious code into legitimate online advertising networks. The code typically redirects users to malicious websites.

Scammers can target users on highly reputable websites, e.g., The New York Times Online, The London Stock Exchange, Spotify and The Atlantic, all of which have been exposed to malvertising.

December 6, 2022

The SIM Swap Scam

If you access a website and have forgotten the password, there is usually a link labelled ‘Forgot Your Password’ or similar and if you click the link they will send you a password reset request by email. You click the button in the email message and reset your password.

Now, if scammers can get hold of such an email message, then they can reset your password and lock you out of your own account and you will have great difficulty getting your account back.

This situation is becoming more dangerous as many people and businesses rely on mobile phones for proof of identity. e.g. your bank may send you security numbers to type into your account to prove your ID but if scammers can access your phone and read your messages, they are in control.

The SIM Card Swap

Unless you have leave sufficient information openly online for scammers to break your password, then their usual approach is called social engineering.

This means to take advantage of people’s trust. So they will research your information online and use what they find to convince a mobile phone shop worker (or customer service worker) to cancel your current SIM card (I lost it) and activate a new one.

They will then have access to your messages, contacts list etc.

Then they try to access your bank account and shopping accounts.

Prevention

To be safe, you need to limit the amount of personal information that is available about you online. Anything you make public can be read by criminals intent on defrauding you or stealing your identity.

Text messages are very useful but remember that they are not encrypted and can potentially be read by anyone.

You can use APPS that encrypt data such as iMessage, WhatsApp, Signal, etc. for anything that must be kept private.

If there is any suspicious activity on your account or you receive suspicious calls, then contact your bank or phone company.

Do leave a comment on this post – click on the post title then scroll down to leave your comment.