Scam Soup


Lately I have been reading about a veritable alphabet soup of Internet scams.  Some are run-of-the-mill phishing or email scams, but some are rather innovative and utilize new attack vectors that I have not seen before.  In this post I will review some of these scams, including one that targeted me.

Economic Stimulus Scam

Cyber criminals frequently use events that are in the news as an opportunity to trick people into visiting malicious web sites where they can infect their systems with malware.  Recently, criminals have been using the economic stimulus bill being proposed by President Obama as a method to attract unsuspecting users.  One email asks the recipient to provide bank account information in order to receive a government deposit.  Another, which appears to come from a government agency asks the recipient to verify that they qualify for a payment by visiting a web site and inputting personal information.  Of course in both cases the criminals use the information to commit fraud and/or identity theft.  The FTC has released detailed information about these scams.

Parking Ticket Scam

This is truly an original scam that I thought was rather clever.  In Grand Forks, North Dakota criminals placed phony parking tickets on parked cars.  The ticket instructed drivers to visit a website where they could “view pictures with information about your parking preferences”.  When the user visits the web site it attempts to install malware on their computer.  This is believed to be the first scam of its type, however, it is likely that it won’t be the last.  I can imagine leaflets distributed on cars in mall parking lots advertising some bogus product with a URL to a malicious web site.  Expect to see more of this type of scam.

My Personal Vishing Experience

I recently received an SMS message that appeared to be from my bank.  I have pasted the message below (with bank information changed to protect my personal information):

FRM:[email protected]
MSG:State Bank CU urgent notification:unusual activity,please verify your online information at 877-555-8787.

I was immediately suspicious as I was not aware that my bank had my cell phone number and did not think they would contact me in this manner even if they did.  For fun I called the number in the text message and was directed to a full voice mailbox.  No doubt had the mailbox not been full I would heard a message asking me to leave my bank account information.  This is an example of a vishing attack which I have written about in a previous post.  Don’t be fooled by such attacks.  No banks request your account information by SMS or email.

Scammers are always looking for new ways to get your personal information.  And as I have shown, criminals will find new and innovative ways to obtain it.

Comments are closed.