The grandkid scam
This scam is particularly insidious because hackers use your own family against you! In this phishing attempt, elderly Americans might receive an email from their 'grandchild' that looks like this: "Grandpa! Help! I knew I told you I was going to be in Europe, but I didn't tell you that I was going to Ukraine because I didn't want you to worry. But now I'm stuck in Kyiv and I need a Bitcoin to…." You get the idea.
Before you dismiss this as something no one would ever fall for, think again. Today's variants can some with real photos harvested from social media making this con seem all too real.
We need your support
In this scam, the hacker is attempting to appeal to your charitable side. For example, the email may ask you to help children orphaned by Russian aggressors; or aid homeless pets; or help Ukrainian refugees; etc.; etc.; etc. Don't fall for these requests for money. Instead, only donate to verified and trackable organizations – like the organizations in this Washington Post story.
If you get me out of here, I will be your wife.
Ukrainian bride scams were common even before the invasion. Now, with over 1 million Ukrainian refugees, they're likely to be more successful than ever. This is another one of those scams that many people believe they would never fall victim to... but think again. In 2021, the FBI reported romance fraud victims lost a cool billion bucks. Don't fall for it.
Classic phishing
Who hasn't gotten a message that purports to be from your bank or credit card company saying that something has happened to your account, and you must fix it immediately? The email then says you must click a link and log in at the Web address below to set things right.
These emails prey on your sense of panic but think before you click. Never, and I mean never, click on any links from emails saying your account is in trouble. Call your bank first or login from the native site to verify.
Spear-phishing
Ordinary phishing is easy to spot once you know what you're looking for. Spear-phishing attacks, where the message looks like it's coming from a friend or a work colleague are much harder to spot.
To catch these, the easiest technique is to verify before you respond or click on anything. I find it helpful to simply ask the sender why they need the requested information? Also, check the sender's email address – if it looks off it is probably a phishing attempt. Always keep in mind that just because a message looks like it's coming from a co-worker, doesn't mean that it's actually coming from a co-worker.
Spear-phishing with malware
What about when they don't ask you for anything, but just ask you to look at a file? Yeah, that's probably a trick, too. For example, "You need to see these horrible photos from Kyiv!" or "You won't believe that the State of Kentucky's Teachers Retirement System was the second-largest shareholder for Sberbank of Russia!" (Wait, that last one is real.) If anything looks like clickbait, don't open the file.
For that matter, unless you expect a file to arrive via email from a colleague, don't open it. Period. And, by the way, what are you doing trading files by e-mail anyway? Why aren't they using the office file server or the corporate cloud file system?
Listen, e-mail is invaluable – but you must use it safely. Now more than ever, you need to treat it cautiously. E-mail is often the front door to your company, and you need to make sure you don't open it to just anyone.
Besides teaching your team members the right way to handle e-mail, I strongly suggest you invest in anti-phishing tools or services. It's better to spend money to keep trouble out instead of letting it in — and spending a fortune recovering from wiperware or ransomware. | | |
