Payback: How to scam a scammer? Tell them you’re locked up and need bail money
This is a scary-good (and true) phishing attack story on A2U CEO Dan Dillman that highlights the importance of reminding your end users of cybersecurity tips.
Trick or threat? October is Cybersecurity Awareness Month and in the spirit of Halloween we’re shedding light on tricks and goblins – no joke – in this spooky tale. (First, let’s acknowledge that cybersecurity is a broad topic. In this post, we’re specifically highlighting an incident involving a phishing attack.)
Nowadays, attackers know that users won’t just open a random attachment or click on a link in an email so they pretend to be someone else in order to get you to take action.
Below, is a snippet of a rather elaborate and entertaining text conversation that A2U’s CEO, Dan Dillman had with a scam artist who was pretending to be Dan and thought he was texting A2U’s Vice President of Sales, Robert Hammond. So, Dan – the real one! – decided to have a little fun.
From there, Dan (as “Robert”) tells the scam artist that he attempted to buy gift cards with the A2U company credit card, it got flagged as fraud and now he’s getting arrested. Dan goes on to ask the scam artist for bail money (to which, the scam artist dismisses and just asks for gift cards again). Eventually, Dan tells the scam artist that he wasn’t texting Robert – he was texting Robert’s boss, Dan himself!
After reading the whole conversation and seeing Dan’s attempt to get even with the scam artist, it made for some great laughs around the office.
Despite an attempt to bring comic relief to a very frustrating situation, let this example be a reminder for all of us that there are plenty of new, creative ways that attackers will try to get their hands on information with a single email or text – and that’s a very serious matter.
It’s important to educate your end users on indicators that usually determine if it’s a scam. If there are grammatical errors, there’s an unusual sense of urgency and/or it relates to purchasing gift cards – there’s a good chance it’s a phishing scam. Make sure end users know to check that the phone number matches the person’s number who they are claiming to be and the same goes for emails – double-check that the email address is a legitimate company email address.
Pro tip: You can put a rule in place like this that helps address email phishing attempts.
As a reminder, ensure correct configuration to wireless devices and update software with the latest versions (turn on automatic updates and set your security software to run regular scans). This should go without saying, but don’t forget to create strong passwords and discuss with your end users the dangers of what information they’re openly sharing on social media. Social media is part of the fraud toolset. By doing a quick search on the internet, cybercriminals can gather information quickly and easily.
The bottom line is, please be sure your end users know about the scariest, common cybersecurity tricks to protect themselves and their data. If you’re interested in learning more about the monsters that creep in the world of cybersecurity, check out our partners Bitdefender and Thycotic who are helping A2U fight the good fight.