AreWeConnected.com

Custom WordPress Websites that Rock!

Don’t get scammed

Social Media ·

Just a quick public service announcement.

It’s hard to be safe and smart in this day and age. Just as soon as you think you are smarter than the bad guys, they come up with a different plan of attack.  Here’s a few things to be aware of.

Recently a client forwarded to me an email they received.  It looked like it was real estate related (and they are an agent), had a attached document that looked like a .pdf

sketchy email

Other than the misspelling (Beam not Beams) it might look just fine. Opening up the .pdf looked like this.

The bad link within the .pdf

Chances are, your computer is out of date (most everyone is).  So still nothing to arouse your suspicion, right?  That link went to a link shortening service (bit.ly) so you couldn’t tell where it actually went to yet.

How can you see where a shortened link goes without going there first?

Did you know that Bit.ly has a preview feature?  To do this, simply add a + sign to the end of any Bitlink in your browser. For example, for http://bit.ly/Wn2Xdz just enter http://bit.ly/Wn2Xdz+ into your browser and you’ll be sent to a preview page for the link without opening up the actual page.  So I did that.

A brit.ly preview of the malicious link

That link wasn’t going to go to a .pdf at all. It was leading to a .php file and that’s a whole lot of NOPE!

A .php file (and a few others) can load malicious code on your computer. That code could send back to the bad guys all of your contact list, all of your passwords, even those tax filings you have from last year.

It doesn’t stop there either. Your computer might then become a host, sending out even more malicious code to everyone else.

A few weeks ago I noticed a huge spike in returned emails.  These were emails I never sent.  They looked like they came from me – the email address was correct but the name BEST WATCH certainly wasn’t.email phishing

12439216_10153988104397216_6294442083156406303_nWhat happened was someone had malware on their computer. Unknowingly this program went into their contact list and chose one person (me). It then sent out more malware emails to the rest of their contacts, spoofing the email to look as if it came from me.  Once it was done it probably chose another contact and duplicated it again and again.  This all happens outside of the persons email program so they don’t even see it happening. You can see how this can grow exponentially, right?

I was getting over 3,000 returned emails an hour!

Great! But What Can I Do?

Good question!

  1. Make sure your computer is up to date.
  2. Make sure you have virus protection.
  3. Make sure you are using Two Factor Authentication for most all your logins.
  4. Be suspicious of everything you don’t immediately recognize.

Here’s another way the bad guys are working right now.

Have you seen an uptick in new friend requests on Facebook?  When you go to their profile there’s just a profile pic and not much else?  Or they have very few related friends?  Or is it someone you thought you were already friends with?

They are spoofed accounts and the bad guys behind them are looking to catch unsuspecting people.  It’s not just Facebook. One of the best places to earn your trust is on the new online dating apps.  Here’s just a few that I know of…

zoosk

 

and even Christian Mingle…

Spoofed on Christian Mingle too

This is funny as I’m happily married for 30 years.  But then again there are sites out there like Ashley Madison…

While I could be on a dating site, it would be hard to make up a new offspring.  LOL!

The son I never had
The son I never had

Great! But What Can I Do?

  1. Don’t except a friend request from someone that you don’t know. I know, you are in sales – I get that. Just take a moment to look into if this person is real. Don’t go by the number of friends they have in common. You would be surprised how many of your real friends would just accept anyone (especially if he’s a Hunk or she’s a Looker).
  2. Online dating is risky. Do some serious sleuthing on Google before you get too far. Did you know you can search Google for an image?  https://www.google.com/imghp  search Google for an image

The moral of the story: Be careful out there and please hesitate before you click (or wire me or anyone money)

Mike Mueller
Connected?
Latest posts by Mike Mueller (see all)
New Comment Policy:
If you see something, say something!
(shamelessly borrowed from Homeland Security but really, let's bring commenting on posts back!)