We spotted an unusual phishing email which revealed a new scam your users will soon find in their inbox. Time to inoculate them before it becomes a problem!
Many online service providers like Microsoft, Google, Facebook, Twitter, and PayPal have adopted a policy to warn users via email when there is a possible security-related event like "unusual sign-in activity".
Copies of these emails have been used for credentials phishing for a few years, but the problem is these security notifications are now being used by bad guys as a new attack vector for a tech support scam.
These new "phish" point victims to a 1-800 number where either a scammer picks up, or the victim gets sent to voice mail hell for a while and their number is queued for a fraudulent follow-up call like the one below, which was sent to us by one of our customers -- who were well trained -- and did not fall for the scam.
PS: KnowBe4 uses HubSpot to host our website and for marketing automation so that is where this download link points to. It is safe to click, entertaining and instructive:
So, I suggest you send the following to your employees, friends and family. Feel free to copy/paste/edit:
"There is a new scam you need to watch out for. In the last few years, online service providers like Google, Yahoo and Facebook have started to send emails to their users when there was a possible security risk, like a log-on to your account from an unknown computer.
Bad guys have copied these emails in the past, and tried to trick you into logging into a fake website they set up and steal your username and password. Now, however, they send these fake security emails with a 1-800 number that they claim you need to call immediately.
If you do, two things may happen:
- You get to talk right away with a real internet criminal, usually with a foreign accent, that tries to scam you. They claim there is a problem with your computer, "fix" it, and ask for your credit card.
- You get sent to voice mail and kept there until you hang up, but your phone number was put in a queue and the bad guys will call you and try the same scam.
Remember, if you get any emails that either promise something too good to be true, OR looks like you need to prevent a negative consequence, Think Before You Click and in this case before you pick up the phone.
If you decide to call any vendor, go to their website and call the number listed there. Never use a phone number from any email you may have received. Here is a real example of such a call. Dont' fall for it!
source: https://www.knowbe4.com
Leave a comment!