Scam Radar — February 2024
Scam Radar — February 2024
Below are three new scams to keep on your radar, as well as some tips for how to avoid them. Be on the look out for yourself, your family, and your clients! THINK BEFORE YOU CLICK!
Deepfake Deception
AI scams are becoming more frequent, and they’re also becoming more sophisticated. In a recent scam, cybercriminals demonstrated just how convincing AI fraud can be by faking an entire video call. In fact, the scammers were able to steal over 200 million Hong Kong dollars by emailing an employee and pretending to be their organization’s Chief Financial Officer (CFO).
The fake CFO asked the employee to make a secret financial transaction. He initially dismissed the email as a phishing attempt. But later, he was lured into attending what he believed was a video meeting with the organization’s CFO and other employees. The meeting attendees looked and sounded exactly like coworkers that the employee recognized, but they were all deepfakes. The scammers used AI technology to create believable video and audio of the CFO. After the meeting, the employee was convinced that the financial request was genuine and he sent the payment as requested.
Tips to Avoid Similar Scams:
- Always be wary of requests that are being sent in an unusual way. Receiving a secret financial transfer request, even from a CFO, isn’t likely genuine!
- Trust your instincts. Immediately report any suspicious requests or emails to your organization’s security team so that they can investigate them.
- Cybercriminals typically try to get you to act impulsively. Always stop and think before taking action.
Microsoft Teams Chat Attack
As people become more aware of phishing emails, cybercriminals are forced to turn to alternative platforms to trick their victims. For example, many organizations use Microsoft Teams as a messaging and communication platform. But did you know that it can also be used for phishing attacks?
Microsoft Teams allows users who are not part of your organization to message you. Cybercriminals recently exploited this feature to send phishing messages to Microsoft Teams users. The message includes a malicious file disguised as a PDF attachment. The scammers make the file look like a PDF file to trick you into thinking that you are downloading a normal attachment, but it’s really an installer file in disguise. The file actually contains malware that is installed once the file is downloaded.
Tips to Avoid Similar Scams:
- Be suspicious of unexpected messages, even if they appear to come from a trusted source, such as Microsoft Teams. When in doubt, always attempt to verify the authenticity of the person who sent you the message!
- File names aren’t always what they seem. Always be sure that an attachment is legitimate before you click on it!
- Remember, this type of phishing attack isn’t exclusive to Microsoft Teams. Scammers could use this type of attack on any messaging platform.
I Can’t Believe my Credentials are Gone
This Facebook phishing scam starts with a post from a friend that says, “I can’t believe he is gone. I’m gonna miss him so much.” The post contains a link to a news article or video, but when you click the link, you are taken to a web page that prompts you to log in to Facebook. If you enter your information, you are taken to an unrelated page. No news article exists, but scammers have just stolen your Facebook credentials using a phishing attack.
Scammers use compromised Facebook accounts to post these “I can’t believe he is gone” phishing links. The posts appear to come from your friends and family, which makes this phishing attack very convincing. If you fall for their tricks, scammers can then use your Facebook account to post the same message to your friends and family.
Tips to Avoid Similar Scams:
- When possible, use multi-factor authentication (MFA) as an added layer of security for your accounts. The MFA will prompt you to provide additional verification before logging in, making it more difficult for scammers to compromise your account.
- A post from a friend may seem trustworthy, but their account could be compromised. Reach out to your friend over the phone or text to verify that their post was legitimate.
- Remember, this type of phishing attack isn’t exclusive to Facebook. Scammers could use this type of attack on any social media platform.
For more information regarding scams, please visit the Federal Trade Commission (FTC) Consumer Advice website.
You can also find details about the signs of a scam, how to avoid a scam, and how to report a scam in this article by the FTC — How to Avoid a Scam.
Sources:
Cited in article.
Recent Posts
