With bad guys this clever, how will we ever survive?
-
Amazingly clever example of spear-phishing received this morning:
Quote:
From: {Not my boss's name} <radom-gmail-address> Subject: Richard Hello Richard Are you in the office this morning? Keep me posted if you're available. I need you to carry out a quick task for me. Kindly re-confirm your WhatsApp number here for briefing details. Kind Regards, {My boss's name} Sent from my iPad.
Not even the slightest attempt to disguise that it wasn't sent by my boss. :laugh: I'm almost tempted to reply and give him the "action fraud" number to contact.
"These people looked deep within my soul and assigned me a number based on the order in which I joined." - Homer
-
Amazingly clever example of spear-phishing received this morning:
Quote:
From: {Not my boss's name} <radom-gmail-address> Subject: Richard Hello Richard Are you in the office this morning? Keep me posted if you're available. I need you to carry out a quick task for me. Kindly re-confirm your WhatsApp number here for briefing details. Kind Regards, {My boss's name} Sent from my iPad.
Not even the slightest attempt to disguise that it wasn't sent by my boss. :laugh: I'm almost tempted to reply and give him the "action fraud" number to contact.
"These people looked deep within my soul and assigned me a number based on the order in which I joined." - Homer
I used to think the scammers were just not very bright. It was explained to me that many scams are deliberately crafted to be easy to see through. The reason being is they take a shotgun approach to finding marks. They don't want people that are particularly astute - they want the idiots. That's the key. So they craft the scams so that only idiots will fall for it, that way they've pre-narrowed their pool to the easiest marks. It's actually sort of clever.
Check out my IoT graphics library here: https://honeythecodewitch.com/gfx And my IoT UI/User Experience library here: https://honeythecodewitch.com/uix
-
Amazingly clever example of spear-phishing received this morning:
Quote:
From: {Not my boss's name} <radom-gmail-address> Subject: Richard Hello Richard Are you in the office this morning? Keep me posted if you're available. I need you to carry out a quick task for me. Kindly re-confirm your WhatsApp number here for briefing details. Kind Regards, {My boss's name} Sent from my iPad.
Not even the slightest attempt to disguise that it wasn't sent by my boss. :laugh: I'm almost tempted to reply and give him the "action fraud" number to contact.
"These people looked deep within my soul and assigned me a number based on the order in which I joined." - Homer
Every couple of months my company sends out a phishing email to a good chunk of the employees. If you click the link/download the file then you have to go through security training. If you have enough failures then you get a "black mark" on your record. After a few weeks go by, they send a follow-up email explaining how you can tell it's a phishing email (with a generic "good job - you spotting the phishing attempt" or "you failed" message).
Bond Keep all things as simple as possible, but no simpler. -said someone, somewhere
-
Amazingly clever example of spear-phishing received this morning:
Quote:
From: {Not my boss's name} <radom-gmail-address> Subject: Richard Hello Richard Are you in the office this morning? Keep me posted if you're available. I need you to carry out a quick task for me. Kindly re-confirm your WhatsApp number here for briefing details. Kind Regards, {My boss's name} Sent from my iPad.
Not even the slightest attempt to disguise that it wasn't sent by my boss. :laugh: I'm almost tempted to reply and give him the "action fraud" number to contact.
"These people looked deep within my soul and assigned me a number based on the order in which I joined." - Homer
-
Amazingly clever example of spear-phishing received this morning:
Quote:
From: {Not my boss's name} <radom-gmail-address> Subject: Richard Hello Richard Are you in the office this morning? Keep me posted if you're available. I need you to carry out a quick task for me. Kindly re-confirm your WhatsApp number here for briefing details. Kind Regards, {My boss's name} Sent from my iPad.
Not even the slightest attempt to disguise that it wasn't sent by my boss. :laugh: I'm almost tempted to reply and give him the "action fraud" number to contact.
"These people looked deep within my soul and assigned me a number based on the order in which I joined." - Homer
I recently had an unexpected phone call, heavy Indian accent on the other end, explaining that they are handling a PPI claim that I had allegedly made back in 2016 (and it's taken this long to get around to it??). Gave me a customer ID and a claim reference number, asked me to confirm the home address that she read out, (which I did because I now live over 100 miles away). So far so unconvincing... Here's the odd part. Then she asked me to read out the caller phone number as it appeared on my screen. 🤔 I did so, but naturally it turned out to be a small website company in the West Midlands, unlikely to be anything to do with 8 year old PPI claims. No idea why she was so insistent that I tell her what number she was allegedly calling from. Has anyone else experienced this?
-
Amazingly clever example of spear-phishing received this morning:
Quote:
From: {Not my boss's name} <radom-gmail-address> Subject: Richard Hello Richard Are you in the office this morning? Keep me posted if you're available. I need you to carry out a quick task for me. Kindly re-confirm your WhatsApp number here for briefing details. Kind Regards, {My boss's name} Sent from my iPad.
Not even the slightest attempt to disguise that it wasn't sent by my boss. :laugh: I'm almost tempted to reply and give him the "action fraud" number to contact.
"These people looked deep within my soul and assigned me a number based on the order in which I joined." - Homer
The "obviousness" is a feature, not a bug. Anyone that is paying attention enough to notice the scam is likely to be harder to con in the next step. They're phishing for someone oblivious, who is less likely to question when they are next asked to go buy a bunch of Apple gift cards with the company credit card and email all the codes.
Fool me once, shame on you. Fool me twice, prepare to die. --Klingon proverb
-
Amazingly clever example of spear-phishing received this morning:
Quote:
From: {Not my boss's name} <radom-gmail-address> Subject: Richard Hello Richard Are you in the office this morning? Keep me posted if you're available. I need you to carry out a quick task for me. Kindly re-confirm your WhatsApp number here for briefing details. Kind Regards, {My boss's name} Sent from my iPad.
Not even the slightest attempt to disguise that it wasn't sent by my boss. :laugh: I'm almost tempted to reply and give him the "action fraud" number to contact.
"These people looked deep within my soul and assigned me a number based on the order in which I joined." - Homer
Whenever I receive a live robo-call I have always wanted to answer... "You have contacted the Special Intelligence Network. This agent #00329017, please provide me with your agent authorization code..."
Steve Naidamast Sr. Software Engineer Black Falcon Software, Inc. blackfalconsoftware@outlook.com
-
The ones I get are invoices demanding payment, as if I would ever pay for a corporate license for Norton something or other.
Charlie Gilley “They who can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.” BF, 1759 Has never been more appropriate.
Years ago I got an invoice from a third party "yellow pages" company saying they were going to send my company to collections if we didn't pay. Yep, I worked for a collection agency at the time and called them and told them that they needed to provide the written, signed contract for inclusion in their directory. Never heard from them again.
-
Whenever I receive a live robo-call I have always wanted to answer... "You have contacted the Special Intelligence Network. This agent #00329017, please provide me with your agent authorization code..."
Steve Naidamast Sr. Software Engineer Black Falcon Software, Inc. blackfalconsoftware@outlook.com
"Meteopolitan Police, Special Branch. This call is being traced for security purposes. How can we help you today?" usually terminates the call quite quickly, I find.
-
I used to think the scammers were just not very bright. It was explained to me that many scams are deliberately crafted to be easy to see through. The reason being is they take a shotgun approach to finding marks. They don't want people that are particularly astute - they want the idiots. That's the key. So they craft the scams so that only idiots will fall for it, that way they've pre-narrowed their pool to the easiest marks. It's actually sort of clever.
Check out my IoT graphics library here: https://honeythecodewitch.com/gfx And my IoT UI/User Experience library here: https://honeythecodewitch.com/uix
I wouldn't be surprised to hear that they employ bent pschologists to help devise these scams.
