BADDIES ARCHIVE
BADDIES UPDATE (by Lawrence Patterson)
2022
March 14
Today we have two local examples of the baddies making use of Blind Trust actions to trick you into being scammed, please review and share.
Here’s how to tell if that CRA phone call is a scam or not! https://dailyhive.com/vancouver/cra-phone-call-scam-or-not
We are all familiar with scam calls at this point. Whether it’s an air duct cleaning service, winning a cruise, or a warrant out for your arrest, you’ve surely received at least one scam call. This year, the CRA is trying to get ahead of scammers by providing tips to make sure you’re speaking to an actual CRA agent.
How to make sure it’s not a scammer on the line
- Ask the caller for their name, phone number and office address,
- Hang up the phone,
- Google the information provided to you to confirm it is factual
- Call the CRA agent back
How to identify a scammer
- Caller refuses to provide proof that they work for the CRA (aka, won’t give you their name or phone number)
- Caller uses aggressive language or pressures you to make an immediate decision
- Caller asks for payment via pre-paid credit cards, cryptocurrency or gift cards
- Caller asks for information that is not related to your tax return, such as your credit card number
- Caller recommends you apply for benefits
Ontario police warn of text-message licence sticker scam https://driving.ca/auto-news/local-content/ontario-police-warn-of-text-message-licence-sticker-scam-in-mississauga-and-brampton
March 1
Are you on Instagram? OPP warn of new phishing scam!
For those of you who have had the opportunity to hear my honest appraisal on how baddies can easily initially victimize us and then continue to re-victimize you and then your family, friends & associates, comes an unfortunate confirmation of that scenario. Again, be careful on how you respond to all messaging and if you happen to be caught, be aware you need to own it to avoid causing more harm.
Scammers are sending phishing emails with fraudulent links for fake Instagram login pages; this allows scammers to steal account credentials. Once an account is taken over, suspects blackmail victims to record a video of themselves promoting fake cryptocurrency platforms.
Suspects advise victims that this is the only way they can recover their account. After the video is recorded, it is posted on the victim’s social media accounts with a link for their followers to make a fraudulent investment. Victims will never recover their social media account and their followers are at risk of losing their funds if they invest through the fraudulent cryptocurrency platform.
Warning signs and how to protect yourself:
- Do not click links or download attachments in text messages or e-mails as these can contain viruses or malware.
- Beware of fraudulent cryptocurrency investment advertisements promoted through social media.
- Prior to investing, ask for information on the investment. Research the team behind the offering and analyze the feasibility of the project.
- Verify if the investment companies are registered with your provincial securities agency or the National Registration Search Tool (www.aretheyregistered.ca).
- Don’t be afraid to say no!
- Create different passwords for all online accounts.
- Enable multi-factor authentication.
- Only log into your accounts from trusted sources.
- Don’t reveal personal information over social media.
- Learn more tips and tricks for protecting yourself.
February 21
QR Codes, think first before scanning!
So how do you know if a QR code is legit before you scan, the truth is you don’t. That said, when you use your phone to scan what appears to be a legitimate QR code, observe what address is being offered and use Wise Trust before deciding to go through with the results. A couple of points:
- Watch out for what is now being called the “Parking Meter scam” in which a QR code was placed on Austin parking meters that resulted in banking information being sent to the scammers;
- Remember that anyone can create and print out a QR code, much like the invoice scams we discussed last week, you need to ask yourself if a QR Code is what it claims to be;
- Check out QR Codes in the Time of Cybercrime (knowbe4.com) for more details.
Oh, and here’s a QR code that’ll either make you happy or cringe (don’t say I didn’t warn you).
2021
When is a customer complaint an Email scam? See the following article, which has good examples and investigation, along with the following action items:
- Stop. Think. Connect;
- Always use official channels for communicating with your staff (i.e. don’t follow the link on the supposedly urgent action messaging);
- Don’t be seduced by on-screen security promises and visual indicators.
June 7
If you ever wondered why it’s important to be comfortable with properly managing your password, see the article “How to hack into 5500 accounts… just using “credential stuffing” https://nakedsecurity.sophos.com/2021/06/04/how-to-hack-into-5500-accounts-just-using-credential-stuffing/amp/ as it reviews how the baddies make quick work whenever they get a hold of encrypted password data. There’s a number of examples of why we need to be diligent with our password management, including the author’s below conclusions:
- Don’t re-use passwords.
- Consider a password manager.
- Turn on 2FA if you can.
- Report payment anomalies.
May 24:
Fraudsters employ Amazon ‘vishing’ attacks in fake order scams. Once again, use Wise Trust (even when you do have an incoming order) to make sure you’re NOT another “spray & pray” victim. Don’t forget to discuss amongst family and friends, so that we protect the community at large.
* https://www.zdnet.com/article/fraudsters-employ-amazon-vishing-attacks-in-fake-order-scams/
May 10
When a headline says it all, there isn’t much to add, other than to emphasize “NOTHING good comes without a price”. Remember common sense / using Wise Trust (neither of which the student in question used), protects us all.
* https://www.zdnet.com/article/ryuk-ransomware-finds-foothold-in-bio-research-institute-through-a-student-who-wouldnt-pay-for-software/
April 11
- Beware of the delayed disconnect phone scam; this is an update to an issue I’ve alerted you about a year or so ago, with further confirmation that the telephone companies are aware but for whatever reason are not able to deal with it (I suspect it has a lot to do with very old (relatively speaking) and expensive to replace equipment that is setup in our neighbourhoods).
- Main Advice; If you get one of those suspicious calls, hang up and wait 10 minutes or longer before using your landline, or you could use your cellphone. (I would add, don’t use the landline, but use your cellphone, or go to your neighbour / family to use their phone.)
- https://bc.ctvnews.ca/beware-of-the-delayed-disconnect-phone-scam-1.5375708
- Inside an International Tech-Support Scam; if you like real-life crime stories, read this longer than normal article on how a “white-hat hacker” has identified and turned the tables on the baddies, and was sometimes able to help people before they were victimized. If you want further proof of a baddie’s intentions, just look at the below picture of several individuals mocking a helpless victim.