With the prevalence of cyber scams and phishing schemes, it was only a matter of time before the bad actors ran into the wrong people on the other end of the keyboard. Here are a few examples of how would-be victims turned the tables on fraudsters and why everyone should operate with vigilance and suspicion when it comes to fishy situations online or over the phone.
- When a scammer went after French security researcher Ivan Kwiatkowski’s parents with a false support scam and ransomware, he ended up with his very own Locky infection. You can and should read the full account on Ivan’s blog. It’s an interesting post and his key takeaway is that if you have the technical chops, you should play along with attackers. The more we take away a scammer’s time (even if you don’t have the means to infect them with your own malware), the less profitable their scam will be.
- A “Windows” phone scammer tried another poor target: IDG security reporter, Fahmida Rashid. Over the course of three months, she played along as she got calls from people from “Windows Security Center” who tried to convince her that her computer was infected. She found that these criminals were pretty good at social engineering, but had a hard time straying from the script. Her experience shows that continuously questioning things that don’t make sense can result in the criminal giving up altogether and dropping the call.
- And last on our hit list of bad targets… WatchGuard Technologies. That’s right, a spear phisher went after a member of our finance team, and ended up in a tango with our security researcher, Marc Laliberte. The attacker claimed to be the finance employee’s boss and said that they were looking for a wire transfer. Marc recently walked CSO Online through how he gathered information on the criminal and ultimately tracked down their true location and fraudulent bank account. One the major lessons learned through this experience is that no matter how good a company’s firewalls and filtering software are, every employee needs to remain educated and suspicious about potential threats.
As you can see, hackers are no longer just teenagers getting up to mischief in some dark basement. These days, cyber scams can be a full blown business model. Just about anyone can be a target, but no one needs to be a victim. It’s important to question things that don’t make sense and alert the proper personnel when incoming requests seem suspicious. You don’t need to play along with attackers the way these targets did, but the more you know about the latest scams, the easier it will be to spot scammers like “Mike the Nigerian Prince” when they come a-knocking.