Lets face it. An educational lecture on any sensitive topic could still be boring.
The subject of scams is no exception.
This is a global problem that will never go away in it's entirely.
As our technology get better, so will the skills of scammers to access our sensitive data for financial gain.
A Creative Passion blended with a Self Call to Action
Recently, I came up with a terrific fun idea with spreading world about cyber security awareness. It's purely educational but includes specks of entertainment.
Puppets.
Yes, I find this endeavor challenging and exciting to pass on what I learn on a continuous basis!
This is the introduction to my Youtube Channel that will eventually be home to many cyber security awareness videos
An Unlikely Pair...
The setting takes place in a fictional radio station. It stars host Cyber Sly, a former scammer, and cohost Alexander Midas, a former business man who's business crumpled after a cyber attacker accessed his customer's banking accounts.
Cyber Sly is a change man who now wants to make a difference in the world.
Alex Midas is an angry man who resents Cyber Sly and don't think computer criminals can change their behaviors.
Each episode will be 7 to 10 minutes in length with 3 segments on scenarios and tips involving malware, phishing, spoofing, identity theft, social media, targeting, iCloud, and so much more involving the latest news and updates happening in the world.
Having written monthly articles pertaining to cyber security awareness in the Point of View Community Newspaper at http://www.afampov.com, I feel I need to do more to get the word out on how
people can stay safe and secure from multitudes of scams (check out page 19!)
While computer criminals congregate on the dark web to share their deceitful tactics and organize plans to trick an unsuspecting victim, I feel we should be joining or creating platforms like this to educate ourselves.
"Cyber Brats" is a show that will be free and available on Youtube in June 2020. In the meantime, I like for you to subscribe to my blog to get the latest news and events regarding cyber security awareness.
This program is geared for adults with an emphasis on sharing insightful tips and suggestions to avoid being a victim to a scam.
I welcome any suggestions to this platform. Please leave any comments or questions below and I willrespond promptly.
Thank you for your time and I hope to be your source for informative news to help keep you safe
from scammers!
It is to our benefit to fathom the tentacles of social engineering tactics introduce by cyber attacker on a daily basis. Far and wide Investigations by Interpol, FBI, and the Toronto police revealed how deceptive participants are networking and exchanging information on how to be better at what they do (check out the video far below).
Several years ago, when I was oblivious to basic terminologies related to cyber security, I knew very little about social engineering orchestrated by cyber attackers. I thought it was a practice initiated by computer experts to combat viruses. Since I was no expert on such systems, I spent years with no interest in educating myself on technological systems.
It took me a long time to understand; but learning the basics of closing the door on cyber criminals in restricting access to systems or information does not require a profound knowledge of computers.
Social Engineering is actually a tactic to trick people into doing something they should not do, such as sharing sensitive information such as banking information, passwords, opening infected email attachments, etc.
A Senior Citizen is taken Advantage of
A recent case last December saw two men from New York, pretending to be a lawyer for a grandson in jail, swindle a Massachusetts grandmother out of $19,000. This poor woman was specifically targeted by way of a series of phone calls requesting for payments to be made in order to secure the grandson’s release.
You might ask yourself why should this story concern me? I would never be gullible for something like this.
True, but how often do we have elderly relatives or friends who could be potential victims for something like this? We can’t be certain WHO could fall for these scams but what I know for sure is the elders in our community are high risk targets.
It would be beneficial to keep ourselves updated with the latest news and events to educate ourselves and put our newly acquired knowledge into practice by checking on our loved ones.
More On Advanced Social Engineering
Advanced social engineering attacks can also come in a form of a fake or suspicious email. Generally, how many times per day do we see something like this? If this seems odd or not right, just contact the sender directly by phone. Why take a chance?
I think so far, the most bizarre story I heard of took place late last year in Kentucky when a woman was sentenced up to 30 years in prison for defrauding her employer for millions of dollars. Previously, she was a victim of a romance scam.
She was hoping to eventually meet someday while sending this person money from her retirement and savings. This cyber attacker claimed he was a business man and needed her to loan him money to close out deals.
Advanced social engineering attacks basically contains the same fundamentals. Cyber criminals creates a sense of urgency, often through fear, intimidation, a crisis, or using an important deadline to deceive victims.
The best defense is you. Be mindful of opening suspicious attachments, clicking on suspicious links, and sharing sensitive information. If something’s too good to be true, most likely it isn’t.
Criminals in Internet Cafes and Other Deceptive Methods
This video left me baffled concerning not only with the obvious signs missed by the victims; but also the blatant disregard of a moral compass by the cyber attackers who shared deceptive practice.
In this investigative video by ABC News In-depth in West Africa's Ghana, these orchestrator's behind romance scams carefully sought out targets with the following traits-
Widows
Those looking for engagement or marriage
Vulnerability with no ability to properly screen
Without giving away too much before you see this video, please understand how victims keep their guards down and quick to cater to the wishes of these internet predators.
This has become big business for gangs of criminals because of the lack of awarness regarding cyber fraud. in some cases cyber thieves are stealing images of U.S. military personally and using that to trick unsuspecting women.
The same applies to male victims. They think they are speaking to a woman in a different country. But they are really talking to teenagers in an internet cafe.
The male victims ending doing stuff on camera they shouldn't do and these inaappropriate incidents not only signifies the growing problem of online fraud; but it also exposes weaknesses on the part of the victim.
Please take a look at the video about (there's nothing graphic). Just a story about the problem in Ghana and the ties it has to drug smuggling, money laundering, and more.
Thanks for checking out my blog. If you like it, please subscribe above.
Every year while we fulfill our appetites with turkey and ham during the Thanksgiving holiday, cyber attackers stuff their naughty heads with ways to steal away our financial information or identity.
Holiday scams are highly prevalent from Black Friday throughout Christmas.
Our needs and desires during the winter solstice is at its peak while we are rushing to get things done. Balancing our priorities tend to knock us off focus and this deficiency makes us vulnerable to hackers.
Robocalls is only part of their Modus Operandi. Their unseen tentacles can strike from any direction. The best way to maximize our defenses is to understand and expect the type of online scams they will orchestrate.
Lets examine some of these crocked methods and the best practice we can apply in being proactive against cyber predators.
Phoney Websites
Unsolicited emails of a good deal is a tool by cyber attackers to trick victims into downloading malware. Their objective is to steal your identity and take your money. We can best avoid this scam by doing the following-
Review senders address and be on the lookout for spelling and grammar errors.
Ensure the website begins with HTTPS (secure site AND the S signals it is secure and information is encrypted).
Hover over link in question (to see where it will really direct you to).
Shipping Alerts
Fraudulent emails can also notify you of a shipping status. Don't get hooked by downloading malicious software.
Verify tracking numbers through company's legitimate site rather just click on a suspicious link. Call their customer service from there.
Review if any, previous emails from the business.
Be on the look out for spelling and grammar errors with email content.
Digital Cards
Scammers sometimes cordinates phishing scams by tricking you into downloading bad software.
Is the sender's name readable?
Are there prompts requesting personal information in order to proceed?
What looks suspicious?
Is there an exe at the end of the email? Certainly X out of that!
While we are on the subject of cards...
Santa's Letters/Natural Disasters/Tragedies
It's no secret cyber attackers will use current events to fool you into sharing personal information and even requesting for your to give money for phony charities. If you can make good practice of being mindful of these tactics you will be ok-
Be always suspicious of unsolicited emails
Research any company offering services or sales
Compare what the sender is offering to other markets
Check out the latest information with the Better Business Bureau
We live in a world where bad news is the focus a majority of the time. Cyber Attackers can take a terrible event, say like a mass shooting, and pretend to be a legitimate organization collecting donations for survivors or victims. Research this diligently before you consider giving.
The Elderly
Senior citizens are gullible targets for senior citizens during the holidays and beyond. They may pose as a grandchild or other relative who needs help as a result of an accident, arrest, or hospitalization. Here are somethings that can be done to offset this.
Call the family member in question directly before sending anything.
Talk to other family members about the contact
AVOID wiring money or rendering gift cards
Ask the suspicious caller only questions the relative in question would know.
Questionable Charities
Similar to pretending to be a relative, con artists pretend to be charities or needy persons. You can always verify a charities status at https://www.give.org.
Aside from this, your primary assessment should include suspicious content or information from the source providing it and a review of the charity donation plan.
If you find out its the real deal, consider donating with a credit card. If there is an issue afterward, your financial institution can assist your with reimbursement.
Forget about sending a gift card. Once it is in the hands of a cyber attacker, consider it lost forever.
Employment Scams
This is done primarily to fish for your private information. Don't be a candidate for identity theft! Prospective employers are not going to contact you if you don't complete an application.
If you get a call for a job offer you never initiated, that there alone is red flags.
Just apply for positions in person or directly on retailer's websites.
Avoid sharing personal information on the phone
Definitely don't pay for anything.
Weird Types of Payment
You may see or hear about a great deal for an awesome product or service in pop up ads and unsolicited emails. Beware and exercise caution.
Don't make requested payments with prepaid debit cards, wire transfers, or payments on apps such as Venmo.
Investigate. Investigate, Investigate.
Free Gift Card Scams
Cyber Attackers are mimicking specialty shops when they target people with ads on social media. Again, their intentions is to steal your identity by compelling you to share your personal information.
Never open a suspicious email as it could be a form of phishing.
Never trade your information to receive a gift card.
Refrain from clicking on the ad.
In event this happens, exit out of the website and activate your ad blocker.
Social Media Exchange
This is important because deliberate participation in this delivery exchange can lead all participants to face a stiff fine or prison time.
Known as the "Pyramid Scheme" or "Secret Sister Scam", this involves a single person purchasing a gift and getting several in return by use of the U.S postal service.
It is a federal violation. There had been cases of scamming participants who willfully engaged in this and sentenced anywhere from 2 to 5 years in prison in addition to financial retribution.
Of course don't give out your telephone number or address. This is a ploy to steal your identity.
Pet Scams
Families searching for a specific breeds are ideal candidates to be lured in this scam. Cyber Attackers uses fake pictures of adorable pets to empty your wallet.
Always look around at other pet shops or legitimate breeders.
Understand what local breeders have available.
Pay with a Credit Card
Check out customer reviews online
Do a reverse look up of pet online. Does the same picture appear on other websites?
Travel
Yes, who wouldn't want a good bargain on air travel or spectacular cruise.
If there is a marketer out there proposing a vacation package you must do your homework.
Research the area and services in question. Do the same with the agency, airline, and car rental.
You might end up somewhere that don't look nothing like the beautiful pictures you saw on the Internet or brochure. It is quite easy these days to manufacture eye catching images to win the trust of eager buyers.
Don't fall for it.
Be careful with email offers
Don't wire money to a stranger
Ask for travel references. Check customer reviews.
I think Holidays scams are busiest time of the year for Cyber Attackers because we are busy and this is a time when we are at vulnerable.
Thank you visiting my blog. I will share Cyber Security Awareness tips each week. Please subscribe to my blog to get the latest news and stories to help keep you safe.
In the way a magician uses timing and diversion to fool an audience, a cyber attacker can apply social engineering tactics to trick you into sharing sensitive data. Within the cyber security world, it is regarded as the art of human manipulation.
The objectives of these criminals are to fool you in doing the following-
opening an infected email attachment
sharing passwords
allowing a stranger into a physically secure area
sending sensitive information
Technology alone can't stop these computer criminals from using various methods such as phone calls, text messages, emails, social media access, and physical presence from getting their hands on information they should not have access to.
Examples of Techniques
Suppose you get an important message from your bank. You are informed your bank account had expired and your account will be locked. You get a unique phone number to call in and update your account.
You make contact and have to endure an automated system series of personal questions to prove your identity.
In reality, this is not your bank. There is no genuine concern in determining who you say you are.
This is an automated attack by cyber criminals seeking to record and steal information such as-
Birth date
Credit Card or Banking information
Home Address
Phone Number
As I mentioned before, their goals is to steal your identity and financial information.
Such attacks can also be a more complex for the gullible.....
Advanced Social Engineering Attacks
How would you react if you received an email apparently from your boss? It is short and urgent. It informs you law enforcement is conducting a secret investigation of the workplace and some people may have to go to prison.
This email further states you will receive a phone call from your employer's legal team in a short time and you must answer any questions they ask.
Then you get a call from a cyber attacker pretending to be a lawyer!
In such instances the caller's objective is to trick you into giving up as much information about yourself as possible. They will create a sense or urgency, often through fear, intimidation, a crisis, or a crucial deadline. They may use confusing or technical terms to trick you into providing sensitive information.
What You Can Do
Spot these attacks before they happen.
In the above scenario, wouldn't it be odd if an email message from your employer or manager appears odd, call and contact them directly about the message. It's possible that his or her account was hacked.
There other things that can look out suspicious.
The content of the email contains irregular grammar and spelling errors
Tone of the message is questionable
Hover cursor over any questionable link to display link's real origin.
If you are on the phone with a highly questionable person, just hang up.
Direct these matters to the help desk or computer informational team
Many years ago, when I was a Court Security Officer, I was having lunch with my superiors when I received a call from a Cyber Attacker warning me of an impending arrest warrant for me for failure to make my car payments (the caller didn't know I worked for the Sheriff Office).
At the time, I knew I had no existing car payments and the County Sheriff and other deputies were sitting near by eating, laughing, and talking sports.
I had fun with this caller as I pleaded for him to spare my life. I asked him if he could loan me the money to pay it and I would have my contractual killer friend deliver the money to him personally. My laughing frustrated this man to the point he hung up on me (I know I could've been more professional).
Make no mistake, your identity can be shared with a cyber attacker without your role in any of it. Take a look at this scenario that will blow your mind. This involves a customer service representative
sharing information about an account that could happen to anyone.
This takes no more than 30 seconds so brace yourself.
Quite diabolic isn't that?
As I studied this scene, the representative missed some cues-
Where was the husband and why didn't she request to talk to him directly?
Mom has an infant and an older daughter whom she is attempting to add to the account to make changes if needed? Talk about a disparity in age. How old is the older daughter mom? You trust her with what?? lol
How is it possible mom and dad don't remember the email they used to sign up for the account?
Initially, dad did not have mom on the account in the first place. What's up with that? Sorry, how do I know you two are not legally separated or something?
Mom claims she can't receive the text because she is talking on the phone with the operator. Really???
By fooling this customer representative, the fake mom was able to do the following-
Add herself to the account with a fake name and fake social security number
Set up her own personal access to the victim's account
Convince the support person to change the password, thus locking the real account holder out of his own account.
Social engineering is a diabolic trick and we must spot them before it happens. We can check our account activity on a regular basis while at the same time, taking initiatives not to disclose any personal data to those who should not have access to.
Technology alone cannot keep us safe and secure. We all have a responsibility in ensuring we are taking extra caution in our daily lives. We are the top defense against cyber attackers.
If you found this information helpful and useful, please susbcribe to my blog at the top. Every week I will be sharing the latest tips, news, and/or events in our cyber world.
We must equip ourselves with the internal tools we already have in enhancing our defense. Cyber Attackers know the importance of utilizing social media to increase their chances of deceiving the unsuspecting.
Like a contractor hired by a business to study the market for potential buyers, computer criminals spends a great deal of time phishing for those who are gullible.
What we say or post about ourselves on social media is like them stumbling upon a treasure chest.
Don't assume for a second this apply to just the elderly. It can happen to any group, especially college students. Their targets varies just as much as their methods.
At this time, Wanczyk was the winner of the $758 million power ball pot.
Fake postings by Wanczyk went up on so social media platforms promising people money if they opted to follow him and/or respond to private messages. Some tactics also included liking and sharing posts for a monetary prize.
But in order to receive it, they request for your banking information....
Sadly, victims fall for this social engineering all the time. As I said in the previous post, cyber attackers are determine to trick you into rendering them information they should not have access to.
The fact of the matter is, if it's too good to be true, then it's farthest from the truth.
In attacks such as this one in where college students were targeted with promises by scammers to offset books and tuition expenses, imagine a fisherman on a boat at sea. The fisherman is hoping the fish falls for his bait. He is trying to catch as many fish as he possibly can.
We must be aware of this in our way of thinking and not fall for this. The human mind naturally has wants and needs. Cyber criminals are using our instinctive passions against us.
Don't share your banking information with anyone on social media or even emails! It's not worth the risk.
INTRODUCING AN UPCOMING ADULT PUPPET SHOW
Coming in January 2020!
I find using puppets along with my blogging to share useful news and tips regarding cyber security awareness a fun and constructive way to connect with an audience (I certainly hope so).
Having worked as a stage actor in many productions, along with creative writing, and membership with Puppeteers of America, it was inevitable that I would blend all my passions into a short web series to cater to a mature audience (yes, adults).
Frankly, who wants to be bored with scribblings on how to be safe and secure from the never-ending threats by cyber attackers? I really think combining elements of education and entertainment an appealing idea.
Surely, there's room for improvement with the way I shoot video and next time, not only will I have the puppets better positioned, but also I will always use wide screen footage. Also, thanks my wife's suggestion, I am removing the dining portrait in the background. It doesn't fit with the audio video show theme.
"Cyber Brats" is show that will be no longer than 5 or 6 minutes in length. It takes place inside a fictionalized radio station.
Here are the cast of degenerate characters-
Host Cyber Sly
Cyber Sly is an ex con who served 5-years in prison for breaching the security operating system of a bank, stealing customers account data, and single handily causing the institution to crumble to the ground. His cooperation with the District Attorney and Feds in exchange for a lighter prison sentence resulted in the convictions of over 20 cyber attackers across the country. Many of his former friends would love to see him dead and there are existing contracts out on his life. One failed hit in prison almost cost him his life when his tongue was mistakenly severed instead of his throat (more on that later). Sly has turned his life around and strives to do the right thing.
Co host Monkey Midas
Monkey Midas is a fromer business owner who saw his regional ice cream chain collapse. This episode caused him to be a bitter man. This man hates all cyber attackers and he vents at Cyber Sly regularly. Midas is ignorant of cyber security precuations and this leads to his bickering with Sly.
Mr. Seal Deal
Mr. Seal Deal is the wealthy owner of Shadow World Radio Station and the creator of "Cyber Brats". He likes when Cyber Sly and Monkey Midas debate openly and feels this makes for good ratings. This guy is all about money and he is cheap.
Last known picture of fugitive Rocco the Raccoon
This SOB is the most wanted cyber thief in America. He had defrauded banks, retailers, celebrities, massive corporations, and is believed to be involved in many other scams. Rocco, Sly's former friend, likes to taunt authorities and sometimes like to contact the radio station to boast of his latest scam.
The structure of this blog will be set up with serious tips, videos, and latest news and events covering cyber security awareness. Afterwords the short video will follow. As a member of Puppeteers of America and with an interest in helping others, I am thrilled!
We can have all the best and latest antivirus kits for our devices and computers. But that alone can't safeguard our information. We must use the internal tools we already have to build our cyber security defenses.
If you find this blog interesting or helpful, please subscribe and share with your friends and family!
Can the average person fathom the magnitude of daily tactics by a cyber attacker? Do you know? Are you prepared in event a scammer tricks you into giving up personal or private information they should not have access to?
After some encouragement from friends, along with my natural desire to help others, each week, I will be sharing what I know about cyber security fraud from my experience in law enforcement, ongoing trainings, latest news happenings around the world, and interviews with experts and readers with a desire to share their feedback or suggestions.
With all that's been happening in the world, I hope this platform will be a source to help you safeguard sensitive data.
It's important to know that these cyber criminals are plotting on a regular basis to deceive unsuspecting victims in a variety ways. They typically rush you into making regrettable errors such as-
Opening an infected email attachment
Sharing passwords
Providing them restricted information they SHOULD NOT have access to
Being proactive against these types of attacks are not difficult. You have to understand, the best antivirus software won't stop all cyber security attacks. All of us have the responsibility to be mindful of the basic tools to protect ourselves, our families, and the organizations that employs us.
To sum it up, a floral delivery person arrived at a couple's North Brookfield home with a package containing flowers and a wine. This couple were not expecting this gift and had no idea who sent it.
The driver claimed not knowing the identity of the sender and indicated a greeting card was sent separately but appeared to be in transit. Baffled husband and wife paid a $3.50 delivery fee by credit card to ensure the items were delivery to a person over 21 years of age. Supposedly, this was for the courier company's record keeping along with a signature.
So, the couple computed the requested financial information on a mobile card machine and the driver provided them a delivery receipt.
Within the next few days, this couple discovered $4,000 dollars withdrawn from their banking account. Withdrawals of this money occurred from different ATM machines.
While law enforcement in this case described this as a new type of swindle, apparently it has been happening for years. For example, check out this similar story from 2014-
So, evidently this new type of scam have been happening for a number of years. However; I am sure cyber thieves are constantly brain storming new methods of deceit against unsuspecting victims.
Nevertheless, this is just one of many fraudulent schemes exercised by cyber attackers all over the world. Their impact is obvious in the daily news and victims who are brave to share their experiences on social media.
We as indvividuals must be the steel barrier against these type of scams.
If you like what I'm trying to do, please subscribe to this blog and share it with your friends.
As a former Special Police Officer, Court Security Officer, and Corrections Officer, I got a few nuggets of wisdom to pass on to all who want to keep themselves safe and secure from cyber predators. We're all in this together.
