Scam Radar — April 2024
Scam Radar — April 2024
Below are three new scams to keep on your radar, as well as some tips for how to avoid them. Be on the look out for yourself, your family, and your clients! THINK BEFORE YOU CLICK!
Cracking the QR Code
What is a QR code?
Have you ever seen a poster that had a jumbled-looking, square-shaped barcode printed on it? These unique squiggles make up a QR code. A QR code (Quick Response code) is an interactive link that you can scan with your smartphone. The link could take you to a website, start a file download, or open an app on your phone to take an action, like adding an event to your calendar. QR codes are fun, easy, and alluring because they can be placed on anything from business cards to a bag of chips.
How can cybercriminals use QR codes?
Unfortunately, since a QR code is nothing more than a fancy-looking link, cybercriminals can use them just like they would use a link in a phishing email. There are many free websites that allow you to create your own QR code that links to anything you choose. This means that the bad guys can create a QR code that links to a malicious website or downloads malware onto your device. Once they have created their malicious QR code, it can be emailed, posted to social media, printed out on flyers, or even made into stickers and placed on top of legitimate QR codes.
Tips to Safely Use QR Codes:
Follow these tips to stay safe when using QR codes.
Never scan a QR code from an unknown or untrustworthy source. Did you receive a random, anonymous flyer claiming you could win the latest iPhone if you scan the code? Don’t trust it!
When scanning a QR code, be sure to use a scanner app that provides a preview of the destination. This feature gives you a chance to review the URL and decide if the QR code is safe.
If you scan a QR code and the URL looks cryptic, or the website requires a login, or the site is unrelated to what you scanned, close out of your browser immediately.
Fake Financial File Phishing
In a recent phishing email scam, cybercriminals use vague financial terms to attempt to make you curious enough to click the attachment in the email. The subject of the email is “Remittance Summary,” and the malicious attachment is named “Payment Advice.” The body of the email only says, “Find attached payment advice for remittance.. Kindly revert.” The sender of the email appears to be legitimate, but it is actually sent from a fake sender address. If you download the PDF file, the malware will begin installing on your computer.
The attached malware is designed to gather sensitive information from your device. It can find personal data stored in your web browser, such as login credentials. It can also install a keylogger, which is a type of malware that records every key pressed on your keyboard. Whenever you enter your username and password, the keylogger can record exactly what you’ve typed and send it directly to the cybercriminals.
Tips to Avoid Similar Scams:
Be skeptical. If an email looks suspicious or contains unusual grammatical errors, immediately report it to your organization.
Check the email address carefully. Cybercriminals will often use email addresses that appear very similar to legitimate senders.
Never download unexpected attachments. If you’re not expecting an attachment or the email is from someone that you don’t know, don’t open it!
Leave a Message After the Phish
It’s no secret that cybercriminals are using AI technology to craft phishing emails, but did you know AI can also help them with voice phishing (vishing)? It’s surprisingly easy to teach AI software to sound like a specific person. All they need to recreate your voice is a short audio clip, like one from a recorded phone call or a video posted to social media. Once the cybercriminals have your voice, they can easily target friends, family members, and coworkers with AI-powered vishing.
Cybercriminals often use this tactic to impersonate managers and executives of an organization. In this scam, you receive an unexpected call from upper management asking you to help with an urgent project. The voice will direct you to wire money to a vendor in order to meet a looming deadline. Of course, if you follow their directions, you’ll actually be wiring money to the cybercriminals instead.
Tips to Avoid Similar Scams:
When you receive an unexpected message, contact the person using a reliable source. You can use a phone number you have on file, an official email address, or a messaging system like Teams or Slack.
If you’re speaking to the caller directly, ask questions that would be difficult for an imposter to answer correctly.
Even if the request is urgent, stop and think before you take action. Ask yourself questions like: Is this something in my job description? Or is there a procedure this person should follow?
For more information regarding scams, please visit the Federal Trade Commission (FTC) Consumer Advice website.
You can also find details about the signs of a scam, how to avoid a scam, and how to report a scam in this article by the FTC — How to Avoid a Scam.
Sources:
Cited in article.
Recent Posts
