Scam Radar — November 2023

Below are three new scams to keep on your radar, as well as some tips for how to avoid them. Be on the look out for yourself, your family, and your clients! THINK BEFORE YOU CLICK!

A New Spin on Callback Phishing

Earlier this month, the United States Federal Bureau of Investigation (FBI) released an official advisory about the rise of callback phishing attacks. Callback phishing is when a phishing email directs you to call a number instead of clicking on a link. Typically, if you call the number in a callback phishing email, the cybercriminal will try to trick you into providing sensitive information. The FBI’s recent advisory outlined a new and more dangerous tactic.

In this scam, cybercriminals send an email claiming that you have a pending charge on one of your accounts. If you call the number provided, the cybercriminal will guide you on how to connect with them through a legitimate system management tool. System management tools are often used by IT departments to remotely connect and control your device. Once the legitimate software has been installed, cybercriminals can use it to sneak ransomware onto your device. With ransomware installed, sensitive information can be stolen and used to extort you or your organization.

Tips to Avoid Similar Scams:

  • Be suspicious of emails that contain a sense of urgency. Cybercriminals use a sense of urgency as an attempt to catch you off guard and get you to click or act impulsively.
  • Consider the context, timing, grammar, and other details of the email or call. For example, does your bank usually ask you to call in?
  • Avoid calling phone numbers provided in emails. Instead, navigate to an official website to find the best contact number.

Unbottling the Soda Phish

A recent phishing scam discovered by INKY researchers is an example of how well-known name brands can be used to deceive unsuspecting users. This scam begins with a  seemingly harmless email from an employee at PepsiCo requesting a quote to purchase something your organization is selling and includes a malicious file attachment disguised as a Request for Quote (RFQ). An RFQ is a simple way for an organization to ask different suppliers how much they would charge for a specific good or service.

In this phishing attempt, these cybercriminals spoof the email address to appear as if it’s from PepsiCo. They even use an actual PepsiCo employee’s name in some cases. The email uses common business terms to be more convincing. It also has a sense of urgency, threatening a consequence if you don’t quickly respond. This urgency and the recognition of the PepsiCo brand increase the likelihood that you’ll take the bait.

Tips to Avoid Similar Scams:

  • Even if the sender appears legitimate, verify the email address and contact the organization through a different method, such as an official organization phone number.
  • Beware of urgent requests. Take a moment to review and think critically, especially if the email includes a response deadline.
  • Avoid opening attachments or clicking links from unsolicited emails.

Job Offer or Digital Danger?

Recently, cybercriminal groups in Vietnam have been targeting individuals by sharing fake job postings. According to WithSecure experts, these groups are primarily targeting the digital marketing sector and Facebook business accounts. These fake job postings are used to spread known malware such as DarkGate and Ducktail.

In this scam, cybercriminals use LinkedIn messenger to send you a link to a fake job description. If you click on the link, you’ll be sent to an unsafe website that will lead you to malware-infected Google Drive files. If you download these files, the cybercriminals can gain access to your internet browser’s cookies and session data. This information helps them steal your login credentials and other sensitive information.

Tips to Avoid Similar Scams:

  • Be suspicious of unexpected LinkedIn messages, especially those with job offers from unfamiliar sources.
  • Confirm that the person you’re speaking to is actually who they say they are. Look up the organization on official websites to verify job offers.
  • Be cautious of offers that seem too good to be true. Cybercriminals will use unrealistic job offers to lure you into fake websites to access your sensitive information.

For more information regarding scams, please visit the Federal Trade Commission (FTC) Consumer Advice website.

You can also find details about the signs of a scam, how to avoid a scam, and how to report a scam in this article by the FTC — How to Avoid a Scam.



Opt-In for Senior Marketing Specialists text alerts!


Cited in article.

Recent Posts

Sign In

Your username is the email you registered with.