Think Before You Click is Not Enough!!
For decades the mantra in Cyber Security Awareness has been “Think Before You Click”. As a retired FBI Special Agent who spent decades handling cybercrime matters, I often heard the term Phishing, Smishing and Vishing to explain cybercrime incidents. Cybersecurity subject matter experts could debate for hours on how best to classify the cybercrime attack scenario below. However, the main point is how having a Cyber Secure Mindset would better protect you and keep you safe from cybercriminals. Cybercriminals are constantly adapting their attack methodology and in this situation your anti-virus would not stop this type of cybercrime attack. Having a Cyber Secure Mindset and applying a few simple cybersecurity steps would go a long way to protect yourself and your money.
This morning my wife forwarded me an email from a neighbor. After reading the email, there are several key takeaways we need to focus on using a Cyber Secure Mindset to protect yourself from this type of cybercrime attack:
“I received two emails for products totaling over $10,000.00 where it said that the order was paid for with my newly acquired Amazon Credit card that I do not have”. Cybercriminal sends an email with a sense of urgency. I called the number in the email and the person was very professional and you could hear chatter in the background that you hear when you call a call center”.
The email has a sense of urgency and does not have any malicious code or links to click. The social engineering aspect of the email works as the end user is tricked into calling the cybercriminal.
“The guy went through steps to confirm my identity, sent me an email with a code I had to give him and somehow he had the last four digits of my debit card that I use to shop at Amazon and asked for the expiration date to help confirm my identity”
The cybercriminal explains he has the last four digits of the debit card, convinces the victim this is really from Amazon and she provides the expiration date which he did not have. The last four digits of our debit card could easily be obtained on the dark web.
“He then told me for the next 2 hours I would not be able to use my Amazon account while they ran a security check and if I did use the account that I could make myself vulnerable to further attacks. He then told me that because I was a prime member I was entitled to free life lock security because this happened and he needed my zip code to search for an Amazon Store so that I could go in and get signed up for life lock”.
The cybercriminal tells the victim that she is entitled to a free identity theft service and all he needs is her zip code.
“Thought that was odd because Amazon does not have stores, but here we can return items at a special Amazon counter at Kohl’s, so I gave him my zip code. He then told me that there was not a store that could sign me up in my area. Therefore, I could go to a store and buy a $200 Amazon card, call him back and give the card number and he would credit my Amazon account $200 and connect me to the life lock team.
Once the cybercriminal obtains the expiration date and zip code, he now has full access to your card so he can have a “shopping spree” with your money. To add insult to injury, cybercriminals are always asking the victim to purchase gift cards and provide the gift card number back to the cybercriminal. This is the same thing as giving him cash.
Here are a few Cyber Secure Mindset observations and tips.
-
Email is the number one attack vector for cybercriminals and the emails all have a sense of urgency to get the victim to act without thinking.
-
If you get an email with an urgent message do NOT call the telephone number listed in the email. Log into your actual account from the website (Do not click). Keep the valid telephone numbers in your cell phone.
-
Think Before You Act.
-
Think about which companies and who you do business with that the cybercriminals could leverage ie. Banks, Healthcare, Insurance, Shopping, Work, School etc.
-
Do not click that Save Option of your Usernames and Passwords for your financial accounts, Credit/Debit cards, if that company is compromised by cybercriminals, then it is your data too that the criminals steal.
-
Whenever anyone asks you to purchase a gift card it is a scam.
-
Freeze your credit, whenever you have doubt in the first place.
-
Report suspicious emails to the FBI at www.ic3.gov.
-
Even if you would not fall for this, would your spouse, kids or parents fall for these tricks?
-
Develop a Cyber Secure Mindset to protect yourself and money.