Showing posts with label Social Engineering. Show all posts
Showing posts with label Social Engineering. Show all posts

Sunday, August 2, 2020

Ways Fraudsters Can Fool You

Ways Fraudsters Can Fool You




Thank you for visiting my blog! Here I strive to empower you with cyber security awareness and DIY puppet activities. If you find this content helpful, please sign up for my FREE monthly safety newsletter at https://shadowworldpresent.wixsite.com/safe.

A segment of my web series "Cyber Brats" was recently shown at the StringsNThings virtual puppet festival from San Pedro, CA in July! Be sure to check it out above!


2019 was a profitable year for fraudsters. Nationwide, they targeted their deceptive tactics at slightly over 16 million consumers. Based on the statistics from the Federal Trade Commission, identity theft alone saw a lost of 17 billion dollars.

This year, with the avalanche of the COVID-19 paralyzing our economic system, con artists has already taken advantage of cooking up new types to take advantage of the uncertainty.  Stories relating to unproven treatments, medicines, fake contact tracing agencies, and so many more hideous acts has sprung up around the country.

Next year, when the tallies for this year is compiled by the FTC, Better Business Bureau, and AARP, I'm sure the figures from last year will show an increase.

Vigilance is the key to decreasing our vulnerabilities to fraud and I found what better way than to share 13 common scams listed by AARP. By comprehending the basics safeguards in protecting out our finances, we can adapt to making better decision in the course of our daily lives.

At the bottom preceding this content I will also include links to resources that can either help you with a concern or provide additional information regarding online safety.

Identity Theft



Why does identity theft occur? Have you ever given that much thought why computer criminals do this? Here our 2 primarily reasons. 
  • To falsely apply for a credit card
  • To use someone's profile to get government benefits. 

How is this done?

  • An example of phishing takes form when you are asked to clear a bank account problem by verifying it with a social security number, bank routing number, or birth date. 
  • Gather information by dumpster diving. This can also be taken from inside the office or social media websites.
  • Fake job listings can also trick you into voluntarily sharing sensitive information on a job application. Fraudsters harvest this data and will use or market the contents on the dark web for profit. 


Investment Fraud

Gold Coin Scam 

Scammers will use the struggling economy to pitch this false narrative. You are urged to invest in gold and silver coins because they will eventually spike up in value. These so called precious metals are sold at a 300 to 500% mark up which means you will lose rather than reap the benefits. 

Free Lunch

The goal is to convince you to show up at a seminar and invest in a great investment right away. You are not given the option to thing it through and if you don't commit, you will miss out on the opportunity. The truth is they want your hard earned money and they are gone like the wind. 

Oil and Gas Scams

The ploy is to convince you that a company is using a new technology to drill for oil in an area not frequented prior. Never will they inform that legitimate energy investments carry risks. Also don't expect them to indicate they are a registered broker or registered with the state. 

Additional Scams You Should Know About


Fake Checks

Out of the woodwork you get this call informing you that you won a big prize! But there is a handling fee! They expect you to pay it because they are sending you a cashier check that will cover the processing fee. Ultimately, this check does not clear you are stranded without your prize after paying the fee. Talk about bummer. 

Tech Support

A phone call or pop up on your computer screen tells you your system is infected with a virus. These con artists want you to contact them and give them remote access to your device. What they really want to do is install a real virus and charge you to remove it. Afterwards, they might compel you to buy a useless computer maintenance program. 

Disaster-Related Charity Fraud

This is a prime example of scammers chasing headlines to line their pockets. They do this at the expense of victims who are really in need of help. Beware of phone websites, suspicious calls, and questionable emails. 

Sweetheart Scams

Dating websites is a beehive for con artists seeking to build an emotional connection to victims. Once this is done, he or she asks for money. These internet criminals have no intentions on ever meeting their victims and will resort to communicating via instant messaging and plain old emails.

Timeshare Properties

If you are looking to cash in on your timeshare company there just happens to be a company claiming to have a specific buyer interested. Just pay an upfront fee to proceed. After you do this, this contact person disappears and you are left scratching your head after signing all that paperwork that looked alright to you. 

The Grandparent Scam

What grandparent can refuse a grandchild in some sort of legal trouble. This false narrative comes by way of phone call in the middle of the night from thugs purporting to be a relative in trouble. Victimized grandparents have lost thousands of dollars to the type of scams.  (Just call the parents or the police department in question to confirm the story first!)

Foreign Lottery Scam

It's impossible to win. They are illegal here in the United States. Of course their agenda is to have you pay "taxes" or  a "processing fee" claim your earnings. Please don't wire anything. You didn't win the lottery. 

General Tips

  • Protect your Social Security Number and Personal Information
  • Monitor Your bills and financial statements
  • Check your Credit Reports
  • Safeguard Personal Identification Numbers (PINs and Passwords)

Online Communication

Did you know your can report or forward suspicious emails to the Federal Trade Commission at spam@uce.gov? 

U.S Mail

Protect your incoming mail. You can stop pre-approved credit cards by calling 1-888-OPT-OUT or visiting https://www.optoutprescreen.com

You can also cut down on junk mail at https://www.dmachoice.org

Do Not Call Registry 1-888-382-1222 or https://www.donotcall.gov

Verify charities at https://www.give.org or at https://charitynavigator.org

Thank you again for visiting my blog! Here I strive to empower you with cyber security awareness and DIY puppet activities. If you find this content helpful, please sign up for my FREE monthly safety newsletter at https://shadowworldpresent.wixsite.com/safe.

Stay Safe and Stay Secure!

Ken Harris
Cyber Brats Title Card










Wednesday, July 8, 2020

Email and Phishing Scams






Thank you for visiting my blog! Here I strive to empower you with cyber security awareness and DIY puppet activities. If you find this content helpful, please sign up for my FREE monthly safety newsletter at https://shadowworldpresent.wixsite.com/safe.

I just released a funny adult puppet video about a prize scam! Be sure to check it out below!



Email and Phishing Scams


Last year in the U.S alone, an estimated 16 million victims lost 17 billion dollars to identity theft. That’s just one type of scam. 

I’m sure if AARP, the Better Business Bureau, and other organizations intended to protect the financials security of Americans, combined all their figures from reported swindles, the final tally would be mind-blowing. 

Now with the COVID-19 pandemic creating fear and uncertainty everywhere, con artists are conjuring up new ways to squander people’s finances and personal information. 

This gives them motivation to reach out with offers too good to be true and the impersonation of government agencies to steal personal information. 

Email and phishing cons are just some of the tactics these criminals apply. Cyber attackers send thousands, if not millions of emails daily. They are not sure who get these messages; but their objective is to trick a victim into some call of action. It includes the following.

  •  Clicking on a link
  • Opening an attachment
  • Completing a form




A harmless action can get you tangled. 

Since scammers are attempting to “phish” as many victims as possible, their messages are usually directed to “Dear Customer” or other generic greeting. 

The bad guys creates a strong sense of urgency or curiosity to the receiver. They pretend be an official organization like a bank or may impersonate a local, state, or federal agency. 

Generally, these fake senders will have grammar or spelling mistakes in the content of these email messages. Another clue to look out for is if the email originated from a personal email account such as an @gmail.com address. Also, by looking at the top left, the “From Email Address” line may appear like it generated from an official organization. But the “Reply-To-Address” is someone’s personal email account. 

Here are some other clues that should raise red flags.

  • Messages requesting highly sensitive information like credit card number or password.
  • You receive a message from someone you know but the tone or message does not sound like him or her. 

It is easy for a scammer to create an email that appears to be from a friend or coworker. If the message includes a clickable link, you can hover your mouse cursor over it to reveal the link’s true destination. 

Make this a common practice to confirm if you being directed to a legitimate website. Even on many mobile devices, pressing to hold the link will also show the true destination. Instead of clicking on a link, you can type the website address directly into your browser. 

Why respond directly to a suspicious email claiming to be your bank when you can use the browser? 

I wouldn’t open any attachments I wasn’t expecting. The last thing I want is opening an infected attachment and subjecting my computer to malware. Not all antivirus can detect malware. 

Take care to not expose sensitive information when using email or messaging. Email features, such as auto complete, make it easy for you to mistakenly email the wrong person. 

Once you send an email out, you cannot retract it. Also, be careful with the “Email Reply-All Feature” thread as you may not want to respond to an entire group of people who received the same email. 

Learn more about scam prevention with my use of puppets at https://shadowworldpresent.wixsite.com/safe

My Youtube channel has many more videos on cyber security awareness and scams at 

PS If you haven't already check out AARP's  Scam Tracking map at https://www.aarp.org/money/scams-fraud/tracking-map/ to checking on existing scams in your area. Vigilance is key!

Saturday, March 28, 2020

Scams Amidst Covid-19 Fears




Welcome! Thank you for checking out my blog where I strive to share the latest news and events pertaining to scams to keep you safe and secure.

With my passion for using puppets to depict situations, along with my articles, it is my hope you find this content informative and helpful.

Please subscribe to my email list at https://shadowworldpresent.wixsite.com/safe to get the latest news and events from my free digital monthly newsletter in a fun way!

The Covid-19 Fears exposes a new low for Scammers


Scam artists has the practice of observing worldly events; studying trends in order to prosper in a specific market. 

This is common during the Christmas season when they target the elderly with a grandparent scam in where they pose as a grandchild in need of financial help as a result of an arrest, hospitalization, or vehicle accident. 

Now, with the spread of coronavirus fears on an alarming level, these fraudulent predators are manipulating an assortment of mediums to reap monetary gains in the latest schemes to date. 

Let's take a closer look at these deceitful methods.



Social Media

Currently, there is no medically proven preventative treatment or cure for Covid-19. Yet, advertisements for these “miracle products” are appearing on social platforms at a time when many people are home from work and practicing social distancing. 

Also, a rumor is circulating that government scientists found a vaccine but is keeping it hush-hush for security purposes. That is untrue. Complete rubbish and unfounded. 

Fake Websites


Computer criminals are reaching out to victims with offerings of essential supplies such as masks, gloves, and cleaning products for the protection. 

There is a lack of these supplies in local stores due to the profound paranoia that is compelling people to stock pile these items. 

In reality, not only does this creates a challenge for medical professionals 
who don’t have enough of these essentials; but also, this increases one’s vulnerability for internet thieves overseeing deceptive businesses. 

Increasingly, victims are buying these products; but they don’t receive them in the mail. In addition, those who do get them learn the items are of low quality and not as advertised. 


Communications


Con artists goes at great length to disguise their motives via text message, phone call, and email. 

As I previously pointed out, sometimes they target specific victims whom have a need for a service or item. 

Through relentless persuasive tactics, they capitalize on existing consumer fears, hatred, sadness, hope, aspirations, and other preferences. 

Recently, such methods were used in impersonating government agencies such as the World Health Organization and the Center for Disease Control and Prevention to con unsuspecting recipients into opening attachments and downloading malicious software. 

Instead of sharing promised news regarding Covid-19, the real motive is to ultimately steal personal or financial information.

It is easy to see why senior citizens are preferred targets. Genuinely, they are trusting and can easily be tempted to fall for fraudulent activities. The FBI explains this on there website at https://www.fbi.gov/scams-and-safety/common-scams-and-crimes/seniors

When this happen, there could be a delay in the reporting of this to local authorities, the Better Business Bureau, and AARP, the leading advocacy group for seniors. Reasons such as shame and embarrassment could disguise instances of deception unless a caretaker or relative happen to stumble upon it.

The Better Business Bureau actually has loads of existing allegations about schemes in your neck of the woods. Find out about the cons in your local area at https://www.bbb.org/scamtracker

Another reason includes the affected senior opting not to discuss the incident to anyone for fear of losing his or her financial independence as a result of declining cognitive ability. 

Anyone can be a victim to fraud regardless of age. All would have to work long and hard to clear up the mess with financial institutions to prevent future exploitation. 

In this day and age of hideous fraud investment opportunities, counterfeit essentials, and other massive deceptions, we are all in this together to protect ourselves, our loved ones, and to spread cyber security awareness. 

Please sign up for my free monthly cybersecurity awareness newsletter monthly depicting real life scams with puppets and the latest news and events at https://shadowworldpresent.wixsite.com/safe




Also, check out my current educational videos on Youtube at https://www.youtube.com/channel/UCZ5JPhBrP4OpCKeY4hbm5Dg?view_as=subscriber
By subscribing and sharing, you will be helping me to get the word out about scams.

Thank you my friends!

Until next time, stay safe and stay secure.

Ken Harris
Puppeteer/Writer

Tuesday, March 10, 2020

An Upcoming Educational Web Series Focusing on Scams

Art by Aaron Harris

Lets face it. An educational lecture on any sensitive topic could still be boring.

The subject of scams is no exception. This is a global problem that will never go away in it's entirely.

As our technology get better, so will the skills of scammers to access our sensitive data for financial gain.

A Creative Passion blended with a Self Call to Action

Recently, I came up with a terrific fun idea with spreading world about cyber security awareness. It's purely educational but includes specks of entertainment.

Puppets.


Yes, I find this endeavor challenging and exciting to pass on what I learn on a continuous basis!

This is the introduction to my Youtube Channel that will eventually be home to many cyber security awareness videos


An Unlikely Pair...

The setting takes place in a fictional radio station. It stars host Cyber Sly, a former scammer, and cohost Alexander Midas, a former business man who's business crumpled after a cyber attacker accessed his customer's banking accounts.

 Cyber Sly is a change man who now wants to make a difference in the world.


Alex Midas is an angry man who resents Cyber Sly and don't think computer criminals can change their behaviors.



Each episode will be 7 to 10 minutes in length with 3 segments on scenarios and tips involving malware, phishing, spoofing, identity theft, social media, targeting, iCloud, and so much more involving the latest news and updates happening in the world.

Having written monthly articles pertaining to cyber security awareness in the Point of View Community Newspaper at http://www.afampov.com, I feel I need to do more to get the word out on how people can stay safe and secure from multitudes of scams (check out page 19!)


While computer criminals congregate on the dark web to share their deceitful tactics and organize plans to trick an unsuspecting victim, I feel we should be joining or creating platforms like this to educate ourselves.

"Cyber Brats" is a show that will be free and available on Youtube in June 2020. In the meantime, I like for you to subscribe to my blog to get the latest news and events regarding cyber security awareness.

This program is geared for adults with an emphasis on sharing insightful tips and suggestions to avoid being a victim to a scam.

I welcome any suggestions to this platform. Please leave any comments or questions below and I willrespond promptly.

Thank you for your time and I hope to be your source for informative news to help keep you safe
from scammers!

Ken Harris
Author/Puppeteer
https://www.amazon.com/Kenneth-Harris/e/B071ZZK56K/ref=ntt_dp_epwbk_0

Sunday, January 5, 2020

Social Engineering Tactics on a Global Scale



It is to our benefit to fathom the tentacles of social engineering tactics introduce by cyber attacker on a daily basis. Far and wide Investigations by Interpol, FBI, and the Toronto police revealed how deceptive participants are networking and exchanging information on how to be better at what they do (check out the video far below). 

Several years ago, when I was oblivious to basic terminologies related to cyber security, I knew very little about social engineering orchestrated by cyber attackers. I thought it was a practice initiated by computer experts to combat viruses. Since I was no expert on such systems, I spent years with no interest in educating myself on technological systems. 

It took me a long time to understand; but learning the basics of closing the door on cyber criminals in restricting access to systems or information does not require a profound knowledge of computers. 

Social Engineering is actually a tactic to trick people into doing something they should not do, such as sharing sensitive information such as banking information, passwords, opening infected email attachments, etc. 

A Senior Citizen is taken Advantage of 


A recent case last December saw two men from New York, pretending to be a lawyer for a grandson in jail, swindle a Massachusetts grandmother out of $19,000. This poor woman was specifically targeted by way of a series of phone calls requesting for payments to be made in order to secure the grandson’s release. 

It took these criminals no more than a week deceive this woman twice before the police were alerted and the men were taking into custody when they were trying to trick her for a third time. Learn more about this here https://www.masslive.com/news/2019/12/two-new-york-men-scammed-85-year-old-massachusetts-woman-out-of-more-than-19000-by-posing-as-lawyer-for-relative-police-say.html

You might ask yourself why should this story concern me? I would never be gullible for something like this. 

True, but how often do we have elderly relatives or friends who could be potential victims for something like this? We can’t be certain WHO could fall for these scams but what I know for sure is the elders in our community are high risk targets. 

It would be beneficial to keep ourselves updated with the latest news and events to educate ourselves and put our newly acquired knowledge into practice by checking on our loved ones. 


More On Advanced Social Engineering


Advanced social engineering attacks can also come in a form of a fake or suspicious email. Generally, how many times per day do we see something like this? If this seems odd or not right, just contact the sender directly by phone. Why take a chance?

I think so far, the most bizarre story I heard of took place late last year in Kentucky when a woman was sentenced up to 30 years in prison for defrauding her employer for millions of dollars. Previously, she was a victim of a romance scam.  

She was hoping to eventually meet someday while sending this person money from her retirement and savings. This cyber attacker claimed he was a business man and needed her to loan him money to close out deals. 

This went on for years before she depleted her funds and resorted to stealing from her employer in order to solve her financial troubles. Read up on this at https://www.thedailybeast.com/bridget-johnson-embezzled-dollar4-million-and-gave-it-all-to-a-romance-scammer 

Advanced social engineering attacks basically contains the same fundamentals. Cyber criminals creates a sense of urgency, often through fear, intimidation, a crisis, or using an important deadline to deceive victims. 

The best defense is you. Be mindful of opening suspicious attachments, clicking on suspicious links, and sharing sensitive information. If something’s too good to be true, most likely it isn’t. 


Criminals in Internet Cafes and Other Deceptive Methods



This video left me baffled concerning not only with the obvious signs missed by the victims; but also the blatant disregard of a moral compass by the cyber attackers who shared deceptive practice. 

In this investigative video by ABC News In-depth in West Africa's Ghana, these orchestrator's behind romance scams carefully sought out targets with the following traits-
  • Widows
  • Those looking for engagement or marriage
  • Vulnerability with no ability to properly screen 
Without giving away too much before you see this video, please understand how victims keep their guards down and quick to cater to the wishes of these internet predators. 

This has become big business for gangs of criminals because of the lack of awarness regarding cyber fraud. in some cases cyber thieves are stealing images of U.S. military personally and using that to trick unsuspecting women.

The same applies to male victims. They think they are speaking to a woman in a different country. But they are really talking to teenagers in an internet cafe. 

The male victims ending doing stuff on camera they shouldn't do and these inaappropriate incidents not only signifies the growing problem of online fraud; but it also exposes weaknesses on the part of the victim.

Please take a look at the video about (there's nothing graphic). Just a story about the problem in Ghana and the ties it has to drug smuggling, money laundering, and more. 

Thanks for checking out my blog. If you like it, please subscribe above. 

Until next time, stay safe and secure!


Ken Harris
Writer

Tuesday, December 3, 2019

Holiday Scams


Every year while we fulfill our appetites with turkey and ham during the Thanksgiving holiday, cyber attackers stuff their naughty heads with ways to steal away our financial information or identity.

Holiday scams are highly prevalent from Black Friday throughout Christmas.

Our needs and desires during the winter solstice is at its peak while we are rushing to get things done. Balancing our priorities tend to knock us off focus and this deficiency makes us vulnerable to hackers.

Robocalls is only part of their Modus Operandi. Their unseen tentacles can strike from any direction. The best way to maximize our defenses is to understand and expect the type of online scams they will orchestrate.

Lets examine some of these crocked methods and the best practice we can apply in being proactive against cyber predators.

Phoney Websites

Unsolicited emails of a good deal is a tool by cyber attackers to trick victims into downloading malware. Their objective is to steal your identity and take your money.

We can best avoid this scam by doing the following-


  1. Review senders address and be on the lookout for spelling and grammar errors.
  2. Ensure the website begins with HTTPS (secure site AND the S signals it is secure and information is encrypted).
  3. Hover over link in question (to see where it will really direct you to).

Shipping Alerts

Fraudulent emails can also notify you of a shipping status. Don't get hooked by downloading malicious software.


  1. Verify tracking numbers through company's legitimate site rather just click on a suspicious link. Call their customer service from there.
  2. Review if any, previous emails from the business.
  3. Be on the look out for spelling and grammar errors with email content.

Digital Cards

Scammers sometimes cordinates phishing scams by tricking you into downloading bad software. 

  1. Is the sender's name readable?
  2. Are there prompts requesting personal information in order to proceed?
  3. What looks suspicious?
  4. Is there an exe at the end of the email? Certainly X out of that!
While we are on the subject of cards...

Santa's Letters/Natural Disasters/Tragedies

It's no secret cyber attackers will use current events to fool you into sharing personal information and even requesting for your to give money for phony charities. If you can make good practice of being mindful of these tactics you will be ok-

  1. Be always suspicious of unsolicited emails
  2. Research any company offering services or sales
  3. Compare what the sender is offering to other markets
  4. Check out the latest information with the Better Business Bureau
We live in a world where bad news is the focus a majority of the time. Cyber Attackers can take a terrible event, say like a mass shooting, and pretend to be a legitimate organization collecting donations for survivors or victims. Research this diligently before you consider giving.

The Elderly

Senior citizens are gullible targets for senior citizens during the holidays and beyond. They may pose as a grandchild or other relative who needs help as a result of an accident, arrest, or hospitalization. Here are somethings that can be done to offset this. 

  1. Call the family member in question directly before sending anything. 
  2. Talk to other family members about the contact
  3. AVOID wiring money or rendering gift cards
  4. Ask the suspicious caller only questions the relative in question would know. 

Questionable Charities

Similar to pretending to be a relative, con artists pretend to be charities or needy persons. You can always verify a charities status at https://www.give.org

Aside from this, your primary assessment should include suspicious content or information from the source providing it and a review of the charity donation plan. 

If you find out its the real deal, consider donating with a credit card. If there is an issue afterward, your financial institution can assist your with reimbursement. 

Forget about sending a gift card. Once it is in the hands of a cyber attacker, consider it lost forever. 

Employment Scams

This is done primarily to fish for your private information. Don't be a candidate for identity theft! Prospective employers are not going to contact you if you don't complete an application. 

If you get a call for a job offer you never initiated, that there alone is red flags. 

  1. Just apply for positions in person or directly on retailer's websites. 
  2. Avoid sharing personal information on the phone
  3. Definitely don't pay for anything. 

Weird Types of Payment

You may see or hear about a great deal for an awesome product or service in pop up ads and unsolicited emails. Beware and exercise caution. 

  1. Don't make requested payments with prepaid debit cards, wire transfers, or payments on apps such as Venmo. 
  2. Investigate. Investigate, Investigate. 

Free Gift Card Scams

Cyber Attackers are mimicking specialty shops when they target people with ads on social media. Again, their intentions is to steal your identity by compelling you to share your personal information. 

  1. Never open a suspicious email as it could be a form of phishing. 
  2. Never trade your information to receive a gift card.
  3. Refrain from clicking on the ad. 
  4. In event this happens, exit out of the website and activate your ad blocker. 

Social Media Exchange

This is important because deliberate participation in this delivery exchange can lead all participants to face a stiff fine or prison time.

Known as the "Pyramid Scheme" or "Secret Sister Scam", this involves a single person purchasing a gift and getting several in return by use of the U.S postal service.

It is a federal violation. There had been cases of scamming participants who willfully engaged in this and sentenced anywhere from 2 to 5 years in prison in addition to financial retribution.

Of course don't give out your telephone number or address. This is a ploy to steal your identity.

Pet Scams

Families searching for a specific breeds are ideal candidates to be lured in this scam. Cyber Attackers uses fake pictures of adorable pets to empty your wallet. 

  1. Always look around at other pet shops or legitimate breeders.
  2. Understand what local breeders have available.
  3. Pay with a Credit Card
  4. Check out customer reviews online
  5. Do a reverse look up of pet online. Does the same picture appear on other websites? 

Travel 

Yes, who wouldn't want a good bargain on air travel or spectacular cruise. 

If there is a marketer out there proposing a vacation package you must do your homework. 

Research the area and services in question. Do the same with the agency, airline, and car rental.

You might end up somewhere that don't look nothing like the beautiful pictures you saw on the Internet or brochure. It is quite easy these days to manufacture eye catching images to win the trust of eager buyers. 

Don't fall for it. 

  1. Be careful with email offers
  2. Don't wire money to a stranger
  3. Ask for travel references. Check customer reviews.
I think Holidays scams are busiest time of the year for Cyber Attackers because we are busy and this is a time when we are at vulnerable. 

Thank you visiting my blog. I will share Cyber Security Awareness tips each week. Please subscribe to my blog to get the latest news and stories to help keep you safe. 

Scattering the Seeds of Knowledge,

Ken Harris














Sunday, November 24, 2019

Social Engineering is a Trick



What in the World is Social Engineering?

In the way a magician uses timing and diversion to fool an audience, a cyber attacker can apply social engineering tactics to trick you into sharing sensitive data. Within the cyber security world, it is regarded as the art of human manipulation.

The objectives of these criminals are to fool you in doing the following-


  • opening an infected email attachment
  • sharing passwords
  • allowing a stranger into a physically secure area
  • sending sensitive information
Technology alone can't stop these computer criminals from using various methods such as phone calls, text messages, emails, social media access, and physical presence from getting their hands on information they should not have access to. 

Examples of Techniques


Suppose you get an important message from your bank. You are informed your bank account had expired and your account will be locked. You get a unique phone number to call in and update your account. 

You make contact and have to endure an automated system series of personal questions to prove your identity. 

In reality, this is not your bank. There is no genuine concern in determining who you say you are. 

This is an automated attack by cyber criminals seeking to record and steal information such as-
  • Birth date
  • Credit Card or Banking information
  • Home Address
  • Phone Number
As I mentioned before, their goals is to steal your identity and financial information. 

Such attacks can also be a more complex for the gullible.....

Advanced Social Engineering Attacks

How would you react if you received an email apparently from your boss? It is short and urgent. It informs you law enforcement is conducting a secret investigation of the workplace and some people may have to go to prison. 

This email further states you will receive a phone call from your employer's legal team in a short time and you must answer any questions they ask. 

Then you get a call from a cyber attacker pretending to be a lawyer!

In such instances the caller's objective is to trick you into giving up as much information about yourself as possible. They will create a sense or urgency, often through fear, intimidation, a crisis, or a crucial deadline. They may use confusing or technical terms to trick you into providing sensitive information. 

What You Can Do

Spot these attacks before they happen. 

In the above scenario, wouldn't it be odd if an email message from your employer or manager appears odd, call and contact them directly about the message. It's possible that his or her account was hacked. 

There other things that can look out suspicious.
  1. The content of the email contains irregular grammar and spelling errors
  2. Tone of the message is questionable
  3. Hover cursor over any questionable link to display link's real origin.
  4. If you are on the phone with a highly questionable person, just hang up.
  5. Direct these  matters to the help desk or computer informational team

Many years ago, when I was a Court Security Officer, I was having lunch with my superiors when I received a call from a Cyber Attacker warning me of an impending arrest warrant for me for failure to make my car payments (the caller didn't know I worked for the Sheriff Office). 

At the time, I knew I had no existing car payments and the County Sheriff and other deputies were sitting near by eating, laughing, and talking sports. 

I had fun with this caller as I pleaded for him to spare my life. I asked him if he could loan me the money to pay it and I would have my contractual killer friend deliver the money to him personally. My laughing frustrated this man to the point he hung up on me (I know I could've been more professional).

Make no mistake, your identity can be shared with a cyber attacker without your role in any of it. Take a look at this scenario that will blow your mind. This involves a customer service representative 
sharing information about an account that could happen to anyone.

This takes no more than 30 seconds so brace yourself.



Quite diabolic isn't that?

As I studied this scene, the representative missed some cues-

  1. Where was the husband and why didn't she request to talk to him directly?
  2. Mom has an infant and an older daughter whom she is attempting to add to the account to make changes if needed? Talk about a disparity in age. How old is the older daughter mom? You trust her with what?? lol
  3. How is it possible mom and dad don't remember the email they used to sign up for the account? 
  4. Initially, dad did not have mom on the account in the first place. What's up with that? Sorry, how do I know you two are not legally separated or something?
  5. Mom claims she can't receive the text because she is talking on the phone with the operator. Really???

By fooling this customer representative, the fake mom was able to do the following-

  • Add herself to the account with a fake name and fake social security number
  • Set up her own personal access to the victim's account
  • Convince the support person to change the password, thus locking the real account holder out of his own account. 
Social engineering is a diabolic trick and we must spot them before it happens. We can check our account activity on a regular basis while at the same time, taking initiatives not to disclose any personal data to those who should not have access to. 

Technology alone cannot keep us safe and secure. We all have a responsibility in ensuring we are taking extra caution in our daily lives. We are the top defense against cyber attackers. 

If you found this information helpful and useful, please susbcribe to my blog at the top. Every week I will be sharing the latest tips, news, and/or events in our cyber world.

Be safe and secure my friends!

Scattering the Seeds of Knowledge,

Ken Harris

Article highlighting conference

  My latest article in the Point of View Community Magazine highlights my experience performing and speaking at the 13th Annual Florida Pros...