Phishing - Even the Security Folks get Targeted Part II
Phishing schemes come in all different forms, shapes, and sizes. Hackers and thieves are smart and they will do whatever they think they can do to get access to your sensitive information. Some of these methods include emails, social media "like farming", pre-text calling, etc. The common thread that they all have is that they want to install some form of software, exploit, or script on your device to gain access to this information and either steal it or hold it hostage.
A couple of weeks back, I wrote a blog post about a phishing email that I received alerting me that my mailbox was almost full and that I needed to delete some emails. This was a weak attempt to get me to click on a link that would have most likely installed some form of Malware, Ransomware, or other virus on my computer. I didn't click on the link as it was a feeble attempt to trick me into doing exactly what they wanted me to do. In fact, I took some screen shots and then wrote the blog post referenced above. Click here to read that post.
So here we are, 2 weeks later, and one of my colleagues, a Compass IT Compliance Auditor who will remain anonymous, shared with me a story about a phishing attempt that happened to him just yesterday through the use of impersonation. This scammer was impersonating a tech support representative from Dell, which comes right on the heels of a US-CERT warning on these types of schemes. I will set the scene and then provide a transcript of the conversation that Compass Auditor had with some thief posing as a representative from Dell. Some key points that I should mention to set the stage include that this alleged representative called Compass Auditor, Compass Auditor did not call Dell. Second, Compass Auditor is a seasoned IT Auditor who immediately knew that this was a scam. He played along to see what he would be asked to do and provide material for this blog post (ok, I am kidding about him doing it for the blog post but it would be awesome if he did!). Here is the transcript:
So I got a call from "Dell Technical Support" saying that they are notifying me about malicious files that are on my computer.
Compass Auditor: Ok what can you do to help?
Scammer: If you are connected to the internet please confirm your service tag and express service tag and model.
Compass Auditor: They ramble off some numbers which match up, this is getting interesting. So then I am directed to locate the button with 4 flags.
Compass Auditor: button with 4 flags? I've never heard of it.
Scammer: He fumbles around trying to guide me to the 4 flags button, "windows start button", to open event viewer using the run command.
Compass Auditor: I finally "figure" it out and open event viewer.
Scammer: In the event viewer look at the admin events. See all those events, those are potential malicious files on your computer.
Compass Auditor: Wow that's a lot.
Scammer: So next, to get rid of the malicious files, press the delete button.
Compass Auditor: Ok got it (This is the first time I ever heard of deleting event logs like this but sure). Nothing happens when I press delete.
Scammer: The malicious files must have taken over so I need to access your computer and remove them manually myself.
Compass Auditor: Wow, okay, how are you going to do that?
Scammer: Open up the run box again and type in www.***.**/**** (Link removed to prevent anyone from clicking on it and installing malware on their device. Please note this was not a Dell website). This will connect you to the Dell secure server and I will remove the malicious files for you.
Compass Auditor: Why am I connecting to this site and not the actual dell site?
Scammer: This is the address you need to connect to and then I will connect to the secure server and then remove the malicious files.
Compass Auditor: I'm all set I'll just use the technical support website later.
Scammer: Well I am calling you back because you called saying that there was a problem with your computer.
Compass Auditor: When did I call you about that?
Scammer: I have a piece of paper that say you are having problems with your computer and it is running slow and to call you with assistance.
Compass Auditor: What date was that?
Scammer: There is no date on the paper.
Compass Auditor: If there's no date, then it didn't happen!
Scammer: Okay goodbye.
So there is the entire conversation, but there are some great, key points contained in the conversation that bear worth pointing out:
- When this scammer called Compass Auditor, he was able to provide him with the service tag and express service tag and model, which matched up to what was on Compass Auditor's machine. They were able to get this information somehow so they did some homework.
- The link that the scammer provided was not a Dell website. It was a vague, strange weblink that did not reference Dell in any way. This should raise a red flag, which it did for Compass Auditor.
- When Compass Auditor put up some resistance to clicking on the link, the scammer changed his tactic from "we are calling you because you have malicious files on your system" to "I am calling you back because you called saying there was a problem with your computer." This is a bait and switch tactic to attempt to confuse you into thinking that you called.
- When Compass Auditor questioned the information, specifically the date that he called, the scammer gave up and ended the call.
The bottom line is that Dell, Microsoft, HP, or any other company is going to call you to tell you that you have malicious files on your computer. If you get that call, hang up (or have fun with them like Compass Auditor did!) If they ask you to go to a website that is a shortened link or one that doesn't reference the company they are calling from, hang up (just make sure you don't click on the link). While most phishing and social engineering attacks come through emails, phone calls are still a viable way for these scammers to accomplish their goals. For an organization, this is important and you should be constantly testing your employees and training your employees on the latest methods of attacks out there. Train your employees. Test your employees through Social Engineering Assessments. Remediate areas of weakness. Repeat. Feel free to share some of the strangest scams you have been exposed to in the comments or on our Facebook or LinkedIn pages. Knowledge is power and the more we educate each other, the better off we will all be!
Contact Us
Share this
You May Also Like
These Related Stories
No Comments Yet
Let us know what you think