Introduction:
We have all had a suspicious call, text or email from scammers who are pretending to be important. Does this continue still? Who are they pretending to be?
They are increasingly fake phone calls, emails or texts which are fishing (Phishing) for your information.
This is an increasing problem for corporate cyber security teams, as well as home users who need to spot the fake ones without professional assistance.
(This article is a follow on from spotting suspicious emails: https://www.securikiwi.blog/post/don-t-get-hooked-protect-yourself-from-phishing-attacks)
Scenario:
You receive a phone call from Microsoft, there is a virus on your computer that they need to remove for your safety.
What happens next?
This will depend on the tactics of the attacker.
One option is they simply ask you some security questions to 'verify' your account. This can be dangerous as people commonly use the same ones for each account (Bank, Payroll, Credit Cards) and the attackers can mobilize quickly to exploit that.
When you get called unexpectedly and they are challenging you for your security information, ask if you can call them back on their listed number. Then no matter what they say, call the organisation back on their official number, never use a number that is given to you by phone, text or email without verifying it first on the official website.
Similarly with text messages, they will try to sound urgent to get you to call them back on the number they provide you. This number is likely not legitimate and by you initiating the call, you are more likely to answer sensitive questions before you wonder about whether they are legitimate.
Emails are also the same, the article linked at the top takes you through how to spot these. However, in this scenario, the 'person from Microsoft' may send you an email with the purposes of:
Verifying your email address
Opening a remote support session
Forwarding documents for review
Clicking a link to log you into your account.
All of these can be presented as a legitimate option, the scammers can sometimes be convincing (and other times they are about as convincing as Bugs Bunny in Drag) so you should always be wary of any unexpected contact from a sensitive company.
Summary from Scenario:
As you can tell, the general message is to be suspicious, double check that you are speaking with a legitimate company representative and if you suspect you have fallen into a trap - contact the company involved immediately for assistance. You should also block cards, change passwords, enable MFA and monitor for any suspicious activity.
What guises do they use?
The list below is far from exhaustive, we will provide some well-known guises and scenarios, but you should always be aware that these attackers will try to use anything topical in the news.
(And yes, most of these are based on calls I have taken or helped real people deal with)
Tax Department
There is a discrepancy, you may be owed a refund
The language of these can be worded differently (and mostly they are very poorly worded) but they are playing on the excitement people feel when they may be owed money. If you are not careful you may fall into this trap.
We need to verify your details to get you your tax refund
This can be a 'hit and hope' type of situation, not everyone will be due a refund so may see through this. However, those who are waiting for a refund are likely to believe this more as it fits the facts, the average refund amount is also used in these calls and it 'sounds about right' if you don't have the details right there.
We think you have underpaid, can you help verify some details and we will see if we can resolve this over the phone?
This method is trying to make people worried that they owe money, the caller will use whatever method they see fit. Sometimes they can try to sound very official and may strongly press on the consequences that may arise from lack of cooperation, others may take a friendly approach and try to convince you they are trying to help you through this and maybe get rid of the imaginary owed amount.
Microsoft
Your IP has been reported as sending SPAM, we need to resolve it, or we will cut off your internet
This one is used in the hopes they talk to someone who is not computer savvy, these days it is very rare for your usual customer at home to have the same IP address forever, so they are hoping that the technical sounding nature of the call is enough to hook you. Also, Microsoft would not be dealing with you directly in any situation like this, if anything needed to be brought up it would be by your internet provider (but you should always be suspicious of that being used by attackers as well)
There is a virus on your computer, we need to remove it or you will not be allowed to use the internet
As per the entry above, they will not know this and do not get involved with these types of incidents. Microsoft also cannot block you from the internet, any call from Microsoft is likely to be fake unless you are dealing with them directly.
Your email address has been flagged for sending a lot of Spam, we need to get access to it and stop all your emails from being blocked in future.
As above, they will not know most of the time and won't get involved directly with you. Also, they are hoping you have a Microsoft based email address, if you have Gmail, Yahoo Mail or other - they won't know but they will pretend to.
Bank
There has been some potential fraud on your account, we would like to resolve this with you but first we need to go through some security questions
This sounds like a call a bank would make, however because of that it is used as a strategy to get your sensitive details. If you get this type of call, do not give out information freely, ensure you call the fraud department directly on their listed number.
One of your cards may have been leaked online, can we confirm your details?
As the above scenario suggests, you should contact them directly. If you have internet banking on your phone, it can be a good idea to check your card and see if there are suspicious activities. Some banks also allow you to disable cards remotely & temporarily to provide that security while you discuss with the bank.
We just need to verify your details with a code we will send you before going into details
This is a nasty strategy, where they may have already cracked your password but know you are using MFA and are hoping to get you to provide that code over the phone. As with all calls like this, ensure you are talking to someone from the bank and ideally call their listed number before proceeding. If there is any doubt, go and change your password immediately.
Internet companies
Similar to the above scenarios, no point in repeating it - the general message is to be sure who you are talking to.
Summary
So, in summary, regardless of the method used by someone to get your information you should be suspicious of their intent.
This can add some extra steps to getting things done in daily life, but by doing this you are protecting yourself from a larger hassle and financial impact that may have wide reaching consequences.
Example alert: Phone Scammers Impersonating CISA Employees | CISA
Comments