Five new ways scammers are targeting you

October is Cyber Security month and with this we wanted to share some of the new and different ways hackers and scammers are finding to target and attack vulnerable technology users.

Although we are always here to help in the event of a potential hack or scam, below are five new ways hackers and scammers are targeting you.

1. The Spoofed Email/Text

Spoofing is when a hacker or scammer impersonates you and sends an email or text to people who you do business with or know. They may sneakily register an email address similar to yours but change one thing about it or create a new email similar to one you are used to. They can then contact people that you may do business with and pretend to be you, asking for something to be purchased or sent to them. This can happen in text too, as most phones have a private sending function, so you may not see where the text is coming from.
 

2. Spear and Whale Phishing

Phishing is where an email or text is sent to you from someone masquerading to be a company or person you communicate or do business with. Spear phishing is a more sophisticated form than spoofing as it targets specific individuals by posing as actual people from their environment. This type of phishing is much more dangerous than regular phishing because it’s much more believable. There is an even scarier scam – Whale Phishing – where the target of the hack is people with direct access to financial or payroll information or are responsible for making payments.
 

3. Hi Mum

Known as “Hi Mum” or “family impersonation” scams, victims are contacted by a scammer posing as a family member or friend. The scammer will claim they have lost or damaged their phone and are making contact from a new number. Then, once they have developed a rapport with their target, the scammer will ask for personal information such as photos for their social media profile or money to help urgently pay a bill, contractor or replace the phone. These requests continue the ruse of a lost or broken phone with the justification that the funds are needed because they can’t access their online banking temporarily. Some messages will simply say “it’s me,” while in other cases the scammers appear to have contact information and use the name of the person they are impersonating.
 

4. Multi Factor Authentication (MFA) Fatigue Attacks

In a MFA Fatigue Attack, a hacker will make multiple attempts to log into a given user account configured with multi-factor authentication using stolen credentials then sending an endless stream of sign-in approval requests to the users device. The idea behind this is that in the end the user gets sick of all the notifications and just clicks approve. A MFA Fatigue Attack is how hackers recently accessed Uber accounts.
 

5. Payment Redirection/Payment Interception

In a payment redirection scam, scammers impersonate a business or its employees via email and request an upcoming payment be redirected to a fraudulent account. Even scarier, a hacker can access your email and amend an invoice in transit and change the details to the scammer’s banking information, before passing it back through to the client. This scam is usually unnoticed until the supplier is chasing payment for the seemingly unpaid bill.
 

Ten ways to help you avoid these scams

1.       Install a mail and text spam filter on your phone.

2.       Always double check with the actual business that their banking details are correct before paying a bill via text or email.

3.       Check email addresses very carefully to ensure they are ones you are familiar with.

4.       Change passwords regularly and ensure they are unique and hard to crack.

5.       Be diligent on your MFA approvals. If you are being bombarded, change the password for the account the hacker is trying to access.

6.       Have code words with friends or family you can use to ascertain that you are communicating with them.

7.       Never click on links unless you are fully aware of where they are coming from.

8.       Use private browsing windows as much as possible.

9.       If you choose to auto save passwords or banking and credit details, use a password management service such as LastPass.

10.     Educate your friends, staff and family about these scams and hacks.

If you need any assistance or feel you have been compromised, take action immediately and call Loyal I.T. Solutions on 4337 0700 who can advise you of what to do and assist in ensuring your systems are safe.