My First Post      My Facebook Profile      My MeOnShow Profile      W3LC Facebook Page      Learners Consortium Group      Job Portal      Shopping @Yeyhi.com

Pages










Showing posts with label fraud. Show all posts
Showing posts with label fraud. Show all posts

Thursday, December 3, 2020

Various Social Engineering Threats

Social engineering is the clever manipulation of people to gain access to privileged information. It can occur on the telephone, in person, or via email.


SHOULDER SURFING

Shoulder surfing refers to looking over someone's shoulder to obtain information. Be mindful of people nearby when working with sensitive business information. If you step away from your computer, lock it so that others can’t see or access confidential information.

Use a privacy screen to cover your laptop or tablet screen while in use. If you witness someone hovering, acknowledge the person to see what they need. Bring to your supervisor's attention if you are suspicious of their intentions.


TAILGATING

Tailgating is an unauthorized person attempting to gain access to secure office space. Be mindful of people entering behind you. Do not allow tailgating.

Refer anyone without a company badge to reception or security. If you feel threatened or notice suspicious behavior, report the incident to concerned department in your org. In the event of imminent harm, contact local emergency services.


EAVESDROPPING

Eavesdropping refers to secretly listening in on conversations to capture information. Be mindful of who is around when discussing or conducting company business. Do not discuss company business in hallways, shared building spaces, or public places.

Keep confidential discussions behind closed doors.


VISHING

Vishing (voice phishing) happens when you receive a phone call from someone impersonating a trusted source, like your bank, a client, or an employee. They may say there's a problem with your bank account, or credit card and direct you to a web site or phone number where you will be asked to provide personal or company information to verify your identity or account. Beware! They are trying to steal your money, identity, or gain access to organization systems. If you access the Vishing web site from your workstation or smart device, it's possible for hackers to access anything stored there.

Follow your policies and procedures; do not provide personal or payment information to unsolicited callers. Do not attempt to call the number back. Do not take direction from the caller about navigation or use of your tools and systems.

Do not disclose any information unless you are able to verify them, and they are authorized (e.g., if they state they're an employee try to reach them on IM). If you receive a call or a text you suspect to be vishing or smishing, contact spoof@majftech.com with as much information as is available.


SMISHING

Smishing happens when you receive a text message (SMS = smishing) from someone impersonating a trusted source, and the same threats apply as with Vishing.

Do not text scammers back. If you receive a call or a text you suspect to be vishing or smishing, contact spoof@majftech.com with as much information as is available.


PHISHING

Phishing is a form of social engineering in which a fraudulent message is sent to you with the intent of tricking you into opening an attachment, clicking a link, or responding to the message. Phishing typically occurs over email, but can happen during a phone call, through a chat program, in a text message, or even in-person!

Successful phishing attacks can steal your credentials (passwords), install malware on your computer, trick you into disclosing confidential company data, or convince you to take unauthorized actions that benefit the phisher. It is no surprise, that phishing is one of the most common attacks leading to data breaches you see in the news.cWith all the technological defenses in place to prevent phishing emails from landing in your inbox, it’s still one of our biggest security vulnerabilities! Our best resource in defending against phishing is YOU!



Learn the warning signs of such emails:

  • Unexpected sender or content
  • Threats, urgency, and secrecy
  • Phishing or Spam?
  • Promised lottery or super amazing deals


What to do If you think you have received a phishing email:

  • DO NOT reply to the message.
  • DO NOT click on links or open attachments.
  • DO report the email by creating a new email message, attaching the phish email, and sending to spoof@majftech.com.
  • DO NOT send or "forward" the phishing email to anyone as this can cause further exposure.
  • DO permanently delete the phishing email.
  • Does the message push for urgent action?
  • Does the message threaten bad things will happen if you don't do what it says?
  • Is it unusual to use email as authorization for wire transfer? 

Posted by at No comments:

Monday, March 5, 2012

SCAM : YouTube Service sent you message:

Your video on the TOP of YouTube

YouTube Administration sent you a message: Illegal video warning

etc. etc

This is a new scam that is in rotation these days. BEWARE of this and try not clicking on the link provided.

This weekend I got an email whose subject is as follows---
"""
YouTube Service has sent you a message:
Your video on the TOP of YouTube
To:toughjamy@yahoo.com

http://www.youtube.com/watch?v=xcUE2Gvr&feature=topvideos_mp
You can reply to this message by visiting your inbox.
"""

But on clicking the link and going to said URL. Somehow I didn't click on the click but copied URL to open it in different browser. I landed on a page giving me warning from Youtube itself.
The email originated from




I researched the 'headers' section of email and found the following:
It is spam. If you look at the headers, I guarantee you'll find that it was not sent by YouTube.

""""
X-Apparently-To: toughjamy@yahoo.com via 68.142.200.130; Sun, 04 Mar 2012 19:17:50 -0800
Return-Path:
Received-SPF: none (domain of urc.state.in.us does not designate permitted sender hosts) IG1lc3NhZ2U6IFlvdXIgdmlkZW8gb24gdGhlIFRPUCBvZiBZb3VUdWJlIAog IAoKICAKICAgIAoKICAgICAgCiAgICAgICAgCiAgICAgICAgICAKICAgICAg ICAgICAgCiAgICAgICAgICAgICAgCiAgICAgICAgCiAgICAgICAgCiAgICAg ICAgICBoZWxwIGNlbnRlcgogICAgICAgICAgfCBlLW1haWwgb3B0aW9ucwog ICAgICAgICAgICB8IHJlcG9ydCBzcGFtCiAgICAgICAgCiAgIAEwAQEBAQ--
X-YMailISG: QEsw7QEWLDs1NHRMTHBfsGRrVIRuCV3jp9QQ.7N9BUS7OCtJ fpQrxSU6fN_5nrgXbnAKvsXq3WvrSaqhptInsAhIJX23ZB.PiVlKXZU7ul6T J5Q35WZgKB88380z.7eloCBHqHdr4ytrgWmfMj8Y3ZcszbS9yS1N3wEdjG58 jCQGC9_mumP2_GNHbxVbshQ0lpqqf4Pzfb.UJh1228waZh.x8nRZqvFhNTQX hjIttKX5ykKEaDQCfh1WSvWv.mzZpbjehQ6y0uW7Vbzrta1hZV9AUZiBBB15 X5GrjPRZgN_yIIeFXuqWdEWbd2u7zKJgb2LR965l7uZtvwDBkF98eByJpCwZ 3bTSv12viIdpgsqsdW5525aqgJPJmUfH3j.E.Pi0wM2Xi2CV9pNc6jHTgICU eXswpS91gNJNDET3zNEb.wc2GOt4g8HMQze_4XB81eI3nChAPGE8OOgWQahs jJ_9EZ9DNnGArzaPL1.O68mjulZvfPaJQGdLJMfKsP95HP4OEk0R_RuEZesB A89i2xo1S_GbsmlJdc95Eq7Uw.sk63o4pJGGTmG.HLRXO1vUfTgBZ2FX_FQl ApTMeQAe.sKUCVS1K77.maxmh5hXfNHXul3ODqjCCToVU2RrplWEEKB4kYOA O2H7TJVtd3ceyp7LcVGqCGuDOHYsgrnGZH1M9jNdXXRTScbpGjjyZwcqg0y1 dsE3YwbUKUS1cUM.99kZ63SYTLmHs7fLTSLQFnnJ26jkWGq5Tcn5sStRtehI 1YedQwtU78Xl58JRnUIS8EG.QANKqx_goxcQPQGAbElbxsaQHBWD52Bpjp1y iS5JyW6txwYjhpAwa.AYs6zpAnNzfkraxDKBVc9xGM6XWOx0NA2GwPi0E20M pbjrhDkP_BtCQiGfNG7oeg7zMZ_4c_l1_0B28ITkHqUSXTSilEajB5GJ7Sqj 5ClClMo7UQfHve9NFJc.rN_9PAXhtc.H5hlGSnWysoIP5ac3wuFYdFLC3Mx_ yusPXC4marJ5Nis4Pk_IrVIGKuEhIIfOUVBjGgJTpDjougomLcjaGJHQkI3O AGnLWuIcBkkxh48-
X-Originating-IP: [72.55.174.39]
Authentication-Results: mta1095.mail.sp2.yahoo.com from=youtube.com; domainkeys=neutral (no sig); from=youtube.com; dkim=neutral (no sig)
Received: from 127.0.0.1 (HELO not-assigned.privatedns.com) (72.55.174.39) by mta1095.mail.sp2.yahoo.com with SMTP; Sun, 04 Mar 2012 19:17:50 -0800
Content-Type: text/html; charset="iso-8859-1"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
MIME-Version: 1.0
Subject: YouTube Service sent you a message: Your video on the TOP of YouTube
From: YouTube Service Add sender to Contacts
To: toughjamy@yahoo.com
Message-Id: <20120304221746 .071fe5d9b="" yahoo.com="">
Date: Sun, 4 Mar 2012 22:17:46 +0200 (CEST)
Content-Length: 1835
""""""

So, now i was pretty much qualified to know that this is Scam.

Do also read Youtube Video Scam Support Page redirected from Discussions For IT People

Our Security Team headed by Mohd Anwar Jamal Faiz and *SO* tried to explore other areas where similar emails were in circulation.
(email us on toughjamy@yahoo.com.) [ i removed the second email in 2020]

Not to our surprise, *SO* deduced same problem even in Appstore emails. Its subject is "Your Order cancellation notification"


Many people have reported of getting similar emails. The return address is an "@youtube.com" address, which makes it look legit. The actual links in the one email someone got were different than the one i got, so it's probably a pre-manufactured template or something that a bunch of scammers are using. There's one of these from Apple App Store floating around, too. It reads "Your Order cancellation notification" or some such.

Happy Surfing
-Anwar faiz
Posted by at 4 comments:

Tuesday, May 17, 2011

Hoax/Fraud email: Yahoo sevice account Closure Hoax

Hi All,
I have received this email twice and one of my frends also got the same. The message is attached below:
---------------------------------------------------------------------------
Last Warning!!!!!Monday, May 16, 2011 12:02 PM
From: "Yahoo sevice account" Add sender to ContactsTo: undisclosed-recipients

This is an Official alert to inform Yahoo! account users.

We regret to announce to you that with the rate at which we have newly registered members everyday, our data base is getting congested and now we have decided to under go deactivation of all unused account and some other of our account we find error on for both premium and free accounts.

Every account owner that receives this message has encountered this error and will have to update his/her account with the requested information below.
Please be sure to click the REPLY button first before attempting to fill the info.


Name: ................
ID: ..........
Current Pass word: .................
Date of Sign up(Optional): ..........

After you must have filled this information and have it sent back to us, your Yahoo! account will not be interrupted/terminated and will continue as normal.


WARNING: Account owner that receives this message and refuses to update his/her account within the next 48Hours will be terminated from the Administrator's dept.


Thank you for your usual co-operation. We apologize for any inconvenience.


Regards,
Yahoo! Account Services

---------------------------------------------------------

Now frends please remember that these type of emails are all scams. Never reveal your identity to them. Some red flags to notice a scam as can be seen here:
1) See the Sender "Yahoo sevice account". Spelling Mistake!! Not even SERVICE was spelt properly
2) Another, notice that it was not send you personally. Rather it was send to undisclosed recipients.
3) Why would Yahoo ask password and id details from you. Dont they have these details.
4) A simple header search of email tells that it is not coming from Yahoo.com. Though it seems but it is very easy trick. I can send you email from NASA, Bill Gates, US Prez, Any Superstar official email id, Without even an effort of 2 minutes. Some times later on that ;)

So please be aware of these types of scam. They can also be categorised in Phishing attacks.
Take care.
And enjoy. Yahoo not closing your account!!!
Posted by at 21 comments:
Subscribe to: Comments (Atom)