Think Before You Click is Not Enough!!

Scott Augenbaum
Published On November 29, 2021
Share
For decades the mantra in Cyber Security Awareness has been “Think Before You Click”. As a retired FBI Special Agent who spent decades handling cybercrime matters, I often heard the term Phishing, Smishing and Vishing to explain cybercrime incidents. Cybersecurity subject matter experts could debate for hours on how best to classify the cybercrime attack scenario below. However, the main point is how having a Cyber Secure Mindset would better protect you and keep you safe from cybercriminals. Cybercriminals are constantly adapting their attack methodology and in this situation your anti-virus would not stop this type of cybercrime attack. Having a Cyber Secure Mindset and applying a few simple cybersecurity steps would go a long way to protect yourself and your money.
This morning my wife forwarded me an email from a neighbor. After reading the email, there are several key takeaways we need to focus on using a Cyber Secure Mindset to protect yourself from this type of cybercrime attack:
“I received two emails for products totaling over $10,000.00 where it said that the order was paid for with my newly acquired Amazon Credit card that I do not have”. Cybercriminal sends an email with a sense of urgency. I called the number in the email and the person was very professional and you could hear chatter in the background that you hear when you call a call center”.
The email has a sense of urgency and does not have any malicious code or links to click. The social engineering aspect of the email works as the end user is tricked into calling the cybercriminal.
“The guy went through steps to confirm my identity, sent me an email with a code I had to give him and somehow he had the last four digits of my debit card that I use to shop at Amazon and asked for the expiration date to help confirm my identity”
The cybercriminal explains he has the last four digits of the debit card, convinces the victim this is really from Amazon and she provides the expiration date which he did not have. The last four digits of our debit card could easily be obtained on the dark web.
“He then told me for the next 2 hours I would not be able to use my Amazon account while they ran a security check and if I did use the account that I could make myself vulnerable to further attacks. He then told me that because I was a prime member I was entitled to free life lock security because this happened and he needed my zip code to search for an Amazon Store so that I could go in and get signed up for life lock”.