{"id":2189,"date":"2023-12-11T19:28:14","date_gmt":"2023-12-11T19:28:14","guid":{"rendered":"https:\/\/www.dnsfilter.com\/blog\/bah-humbug-and-other-consequences-of-holiday-cyber-scams"},"modified":"2023-12-11T19:28:14","modified_gmt":"2023-12-11T19:28:14","slug":"bah-humbug-and-other-consequences-of-holiday-cyber-scams","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2023\/12\/11\/bah-humbug-and-other-consequences-of-holiday-cyber-scams\/","title":{"rendered":"Bah Humbug and Other Consequences of Holiday Cyber Scams"},"content":{"rendered":"
<\/div>\n

The holiday shopping season has begun and is in full swing. And that means that the holiday scam and cyber attack season has begun as well. Here at DNSFilter, we\u2019re trying to get the word out about some of the threats lurking about in cyberspace on as many different fronts as we can. <\/p>\n

<\/p>\n

Earlier this month, our CEO, Ken Carnesi, was featured in an article in the Wall Street Journal about the false sense of security some get from Private or Incognito Mode in web browsers (here\u2019s the link on LinkedIn<\/span><\/a>). Our blog featured an article discussing the Risks and Dangers of Using Open Wi-Fi Networks<\/span><\/a>. We released a video about the common online scam risks of the holiday season<\/span><\/a>. And most recently, our Sr. Director of Labs, Rebecca Gazda, hosted a webinar with the CEO of BforeAI, Luigi Lenguito where they discussed The Seasonality of Threats.<\/a><\/p>\n

In that spirit, let\u2019s discuss some of the most common threats that are common during the holiday season, how some of them work, and what you can do to help better protect yourself.<\/p>\n

Common Types of Scams<\/span><\/h2>\n

Phishing Emails and Their Multimedia Cousins<\/span><\/h3>\n

Phishing emails are the most common type of attack during times like these. For the sake of clarity, the definition of phishing is a non-targeted email attempting to convince the recipient to click a link or take some other action that can allow an attacker to steal information. <\/p>\n

Common variants of phishing include:<\/p>\n

Spear phishing\u2013 a phishing email that is targeted at an individual or group<\/p>\n

Smishing\u2013 a technique that leverages SMS messaging rather than email<\/p>\n

Vishing\u2013 uses a phone call or a voicemail to lure the victim<\/p>\n

There are now even attacks that use QR codes (Suishing) rather than simple weblinks to mask some of the details. Or, sometimes it\u2019s just a QR code by itself with the intention that human curiosity is enough to entice someone into scanning it blindly (HINT: don\u2019t ever scan a QR code unless you know what it\u2019s for and are confident you can trust that it is safe beforehand). <\/p>\n

Since we\u2019re talking about related communications, we\u2019ll briefly touch on direct phone calls as well. Many scammers still call potential victims directly (which almost certainly contributes to modern shifts in phone etiquette), and should be handled similarly as any of these scams. The best solution if you end up on the phone with a potential scammer is to find out who they are purporting to represent, get off the phone with them, find out an alternative number to contact their customer service department, and call them back via a route not provided or encouraged by the initial caller (if you still feel that\u2019s even necessary).<\/p>\n

Brand Impersonation Scams<\/span><\/h3>\n

Brand impersonation scams are looking to leverage the trust that individuals have in an established brand, especially those like you who are knowledgeable and wary about getting scammed. These kinds of scams use very official looking logos for nationally or internationally-recognized brands (often a downloaded image of their actual logo). They go out of their way to use the official color scheme that the company does and they follow the company\u2019s style guidelines. Brand impersonation scams are often used in phishing schemes (as mentioned above) or sometimes in domain impersonations as well, building out very convincing copies of entire websites in order to trick a victim into believing they are the official site for the company\u2013including registering very similar look-alike domain names and buying sponsored ads and search engine manipulation to foster trust.<\/p>\n

Package Delivery and Sweepstakes Scams<\/span><\/h3>\n

These will be specifically tailored messages to convince you that you have a package that couldn\u2019t be delivered or that you\u2019ve won something important. They will ask you to click a link and enter some personal information\u2014typically bank account information\u2014to ensure they are \u201cdealing with a real human\u201d. This can be extremely effective against people during the holidays because of the increases in online shopping and delivery of presents. However, none of the major delivery companies typically operate this way. They can leave a note on your door if they were unable to deliver a package for most reasons. They will also generally have fairly reasonable holding times for packages that will not require emergency contact by email or text. <\/p>\n

In the case of scams using companies such as Amazon, threat actors can be looking for you to enter your credentials for the actual website. They know that many people have significant amounts of information stored in their Amazon accounts and that they can gain access to credentials like your credit cards. If there\u2019s any doubt at all, there should be a location close enough for you to go in person and pick up a package if it can\u2019t be delivered for some reason.<\/p>\n

The allure of money can be hard to resist, especially when it involves a life-changing amount of it. But in almost all cases, you probably should unless you specifically registered for such a sweepstakes. Those sweepstakes contact you in non-emergency conditions to let you know that you \u201chave a chance to win,\u201d which also translates to not generally being worth the risk of responding and getting drawn into a scam. The bottom line is, if you aren\u2019t expecting to be contacted for a sweepstakes then don\u2019t trust it, and definitely don\u2019t respond to them, don\u2019t provide them with any information, and do not send them any money.<\/p>\n

Social Media Scams and Impersonations<\/span><\/h3>\n

Many people nowadays live a significant portion of their lives through social media. That means that there are significant opportunities for collecting personal information, contact lists for new potential victims, and time-related opportunities like knowing when you\u2019re going to be on vacation and where. With such high volumes of sharing going on, and most of the connections being related to real-life associates, trust is also very high, and the perceived value of the information is very low, when in reality malicious parties can sell or leverage that harvested data in a great number of financially beneficial ways.<\/p>\n

Be very careful about requests for \u201cnew\u201d accounts from people that you already have a link to, even if they are very convincing, including personal information, friends\u2019 lists, and pictures. Attackers can clone all of the things from any public-facing account and continue to blossom across a social cluster, making it very difficult to discern which is real and which is not. If there is a question, reach out through external channels to verify with someone what is going on before you interact with an odd social media request, and if you\u2019re in doubt then the harm from not responding at all should be minimal.<\/p>\n

Malicious Download Sites<\/span><\/h3>\n

This is a slightly different kind of attack where the attackers compromise or impersonate some desirable resource and you end up in their network downloading something harmful. This can be something related to in-game purchases, the new cool app, redirected web traffic, or even programming libraries. Malevolent parties are lying in wait for you to come to them and download something and install it with the belief that it is something else. There\u2019s not much to do for this other than to just be vigilant and watch closely for impersonations. Although even in the best of cases, sometimes even the legitimate sites result in these sorts of compromises, there are large numbers of security researchers watching for these kinds of problems, and if you wait for the initial furor to subside somewhat, they will often identify risky downloads within a reasonable amount of time.<\/p>\n

Common Indications of a Scam<\/span><\/h2>\n

One of the major keys to the success of a scam is urgency. That urgency can be threatening (\u201cif you don\u2019t respond by a certain time then you will be arrested\u201d), opportunistic (\u201creply within a certain time window to receive unbelievable deals\u201d), or covetous (\u201cclick on this link and you can get this thing that you want\u201d). The urgency is a technique intended to disrupt the victim\u2019s reasoning so that even if they have suspicions about the communication being a scam, they will participate anyway.<\/p>\n

Another required component of a scam is a communication medium under the attacker\u2019s control. In many scams, this will be a weblink. Other times it will be a QR code, or in others it can be a phone number to call or an email to contact. In almost all scenarios, the best thing to do with any kind of unsolicited weblink or QR code is to simply not use it. However, sometimes you may not have a choice for a number of reasons. If you do have a reason to follow an unsolicited link, many weblinks have a small safety factor in that they can be hovered over and they will reveal the actual URL to be resolved. If it looks suspicious for any reason then don\u2019t follow it if you have a choice.<\/p>\n

Finally, sometimes just the nature of what you\u2019re dealing with should be a huge red flag. Be very careful of any link that uses URL shorteners. Not all shortened links are dangerous, but it is a great way for attackers to hide obviously harmful links, and they are used often by bad guys for that reason. Also, if you\u2019re being asked to pay in non-traditional systems, such as gift cards, pre-paid debit cards, cryptocurrency, or wire transfers, then the transaction is almost certainly illegitimate. Those kinds of funds transfers are preferred by scammers specifically because they do not carry the consumer protections of the traditional payment methods. In fact, most government agencies aren\u2019t authorized or capable of accepting payment via such mechanisms, even in an emergency situation, so it is almost guaranteed to be a scam.<\/p>\n

What to Do if You Think You Are Being Scammed<\/span><\/h2>\n

It can be very tempting to mess with a potential scammer if you are fairly confident that you are being targeted. While it may be rewarding in that it wastes the scammer\u2019s time, and subsequently reduces their success rate and may potentially prevent an attack or two against others, this is not recommended. There is always the potential that you could make a mistake that the scammer could capitalize on, even if you don\u2019t realize it.<\/p>\n

The critical first step, as we already mentioned, is to not click links or scan QR codes from unsolicited sources. Sometimes you don\u2019t have that luxury, however, or the urgency component is very compelling. If you do feel like you have to engage with an unsolicited communication, take steps to take that control away from a potential scammer. Copy any URLs or domains and change their appearance to a different font. Pick one that has the opposite serif option and one that uses different kerning, like moving to a fixed-width font.<\/p>\n

If you aren\u2019t sure whether a message is from a scammer or not, or you still feel compelled to answer them just to be safe, do a search for the company\u2019s actual customer support number or email via your favorite search engine and contact them that way. Most reputable companies will have that information available, and if they are trying to reach you, particularly if it\u2019s urgent, then there will also be a record of that in their customer service system. You can also search a particular domain, phone number, or other unique information and see if any links come up identifying it as a scam. If you are particularly technically capable, you can search through open-source intelligence communities such as VirusTotal, URLscan.io, or AlienVault OTX and see if they can tell you anything.<\/p>\n

But even if you do click a link, scan a QR code, or answer a malicious text, it\u2019s not always too late. You can\u2019t erase any information you\u2019ve already sent them (so do your best not to share any data before you\u2019ve verified the source), but if it is the kind of attack that connects your computer directly to your attacker\u2019s, then it can be effective to just disconnect from whatever network you are attached to. These types of sessions often won\u2019t be able to reconnect once the connection has been broken. There are things that can survive a broken session, but if you stop the session fast enough then you may keep them from getting installed. It\u2019s generally better to disconnect from the network, even gracelessly, than to reboot because some attacks don\u2019t take effect until the computer restarts, the browser is reopened, or the user logs on again. But if it\u2019s urgent, it\u2019s better to shut down and restart than to do nothing at all. If you know how, it\u2019s good to monitor your running processes (or applications) and run a good antivirus check. It\u2019s not a bulletproof solution, but it should cover most of the threats of an average scam.<\/p>\n

Ultimately, the most important advice is to be smart, be careful, be vigilant, and SLOW DOWN. Wait 30 minutes to an hour before you respond to anything that seems like a scam, and allow your brain to reason through the problem a little bit. These attacks are designed to make you respond without thinking while your adrenaline is pumping. Taking a few minutes to step back and let that initial panic pass isn\u2019t going to make much of a difference to the urgency, even if it claims to be something immediate like in the next 24 hours. But it will make all the difference in being able to find the flaws and see the manipulation techniques that can lead you to see through the ruse.<\/p>\n

And for added protection that helps avoid being scammed altogether, try DNSFilter on your network free for 14 days.<\/span><\/a><\/p>\n

Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

The holiday shopping season has begun and is in full<\/p>\n","protected":false},"author":8,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[60],"tags":[67],"class_list":["post-2189","post","type-post","status-publish","format-standard","hentry","category-phishing","tag-phishing"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"DNSFilter","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/dnsfilter\/"},"category_info":"phishing<\/a>","tag_info":"phishing","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/2189","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/8"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=2189"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/2189\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=2189"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=2189"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=2189"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}