.comment-link {margin-left:.6em;}

Money

The www.FedPrimeRate.com Personal Finance Blog and Magazine

Monday, November 15, 2021

My Uncle Got Sucked Into A "Home Depot" Phishing Scam

So, I am on WhatsApp, checking out some family conversations, when I receive a message from my uncle.  Message reads:

"The Home Depot 40th Anniversary.  Click to enter to participate in the survey.  Have a chance to win $ 8,000! BeneficialYear.TOP"

Right away, red flags go up.  Looks extremely suspicious, but I click the link anyway, because I want to see what the scam looks like, so that I can warn others.

Here's a capture of the URL, and the page it took me to:




www.FedPrimeRate.com: Phishing Scam 1

www.FedPrimeRate.com: Phishing Scam Image 1

=======

When I reloaded the page, I was taken to a totally different URL:



www.FedPrimeRate.com: Phishing Scam 2

www.FedPrimeRate.com: Phishing Scam Image 2

First of all, if this is a survey from The Home Depot, then why on Earth would I be redirected to 2 different URLs? And why would one of the domain names use a .CN top level name, meaning it's registered in China?

Moreover: all the navigation links don't work, and the same if you try to "up" or "down" vote in the comments section.

As I investigated further, I found that Firefox is aware, and warning folks:

www.FedPrimeRate.com: Mozilla FireFox Warning - Deceptive Site Ahead

www.FedPrimeRate.com:
Mozilla FireFox Warning
- Deceptive Site Ahead

=======

Please people: don't forward suspicious messages to friends and family without checking them out.  You could end up doing serious harm to people you care about.

>>>   CLICK HERE FOR MORE SAFETY WARNINGS   <<<


>>>   CLICK HERE for SCAM ALERT: HOW TO AVOID BANKING AND OTHER TRENDING SCAMS; KNOW THE RED FLAGS   <<<

Labels: , , , , , , , , , , ,


--> www.FedPrimeRate.com Privacy Policy <--

--> SITEMAP <--

Wednesday, December 02, 2020

Business Email Compromise (BEC) Scams

This one is costing both companies and individuals big $$$$.  The scams never end.

From the FBI website:

"...Business Email Compromise

Business email compromise (BEC) — also known as email account compromise (EAC) — is one of the most financially damaging online crimes. It exploits the fact that so many of us rely on email to conduct business — both personal and professional.

In a BEC scam, criminals send an email message that appears to come from a known source making a legitimate request, like in these examples:

  • A vendor your company regularly deals with sends an invoice with an updated mailing address.
  • A company CEO asks her assistant to purchase dozens of gift cards to send out as employee rewards. She asks for the serial numbers so she can email them out right away.
  • A homebuyer receives a message from his title company with instructions on how to wire his down payment.

 

Versions of these scenarios happened to real victims. All the messages were fake. And in each case, thousands—or even hundreds of thousands—of dollars were sent to criminals instead.

How Criminals Carry Out BEC Scams

A scammer might:

  • Spoof an email account or website. Slight variations on legitimate addresses (john.kelly@examplecompany.com vs. john.kelley@examplecompany.com) fool victims into thinking fake accounts are authentic.
  • Send spearphishing emails. These messages look like they’re from a trusted sender to trick victims into revealing confidential information. That information lets criminals access company accounts, calendars, and data that gives them the details they need to carry out the BEC schemes.
  • Use malware. Malicious software can infiltrate company networks and gain access to legitimate email threads about billing and invoices. That information is used to time requests or send messages so accountants or financial officers don’t question payment requests. Malware also lets criminals gain undetected access to a victim’s data, including passwords and financial account information.

If you or your company fall victim to a BEC scam, it’s important to act quickly:

  • Contact your financial institution immediately and request that they contact the financial institution where the transfer was sent.
  • Next, contact your local FBI field office to report the crime.

  • Also file a complaint with the FBI’s Internet Crime Complaint Center (IC3).

How to Protect Yourself

  • Be careful with what information you share online or on social media. By openly sharing things like pet names, schools you attended, links to family members, and your birthday, you can give a scammer all the information they need to guess your password or answer your security questions.
  • Don’t click on anything in an unsolicited email or text message asking you to update or verify account information. Look up the company’s phone number on your own (don’t use the one a potential scammer is providing), and call the company to ask if the request is legitimate.
  • Carefully examine the email address, URL, and spelling used in any correspondence. Scammers use slight differences to trick your eye and gain your trust.
  • Be careful what you download. Never open an email attachment from someone you don't know, and be wary of email attachments forwarded to you.
  • Set up two-factor (or multi-factor) authentication on any account that allows it, and never disable it.
  • Verify payment and purchase requests in person if possible or by calling the person to make sure it is legitimate. You should verify any change in account number or payment procedures with the person making the request.
  • Be especially wary if the requestor is pressing you to act quickly..."


Business Email Compromise (BEC) Scams
Business Email Compromise (BEC) Scams


Labels: , , , , , ,


--> www.FedPrimeRate.com Privacy Policy <--

--> SITEMAP <--


bing

bing

FedPrimeRate.com
Entire website copyright © 2024 FedPrimeRate.comSM


This website is neither affiliated nor associated with The United States Federal Reserve
in any way. Information in this website is provided for educational purposes only. The owners
of this website make no warranties with respect to any and all content contained within this
website. Consult a financial professional before making important decisions related to any
investment or loan product, including, but not limited to, business loans, personal loans,
education loans, first or second mortgages, credit cards, car loans or any type of insurance.