Friday, October 21, 2022

It Looked Credible

Phishing is a type of social engineering where an attacker sends a fraudulent (e.g., spoofed, fake, or otherwise deceptive) message designed to trick a person into revealing sensitive information to the attacker or to deploy malicious software on the victim's infrastructure like ransomware. Phishing attacks have become increasingly sophisticated and often transparently mirror the site being targeted, allowing the attacker to observe everything while the victim is navigating the site, and transverse any additional security boundaries with the victim. As of 2020, phishing is by far the most common attack performed by cybercriminals, the FBI's Internet Crime Complaint Centre recording over twice as many incidents of phishing than any other type of computer crime. (Wikipedia, emphasis mine)

I have emphasized increasingly sophisticated (above) for good reason, for the text I received on the weekend was certainly that.

I have overwritten the personal data, above

It looked genuine, for we had just made a purchase from Apple, and it would be delivered by UPS. In addition to Apple and UPS, it contained Sue's name, the correct postal code, and was texted right to my phone.

Understandably, people get fooled by phishing messages like this. In this case, with all of the correct information, it looked pretty genuine, but no matter how credible the message looked, I had to think that Apple would not direct me to a mysterious text/phone number. I went to the Apple site just to verify that I was right to be suspicious, and, of course, I found that all was in order and that UPS required no additional fee. 

Never call or text the number or what seems to be a genuine link, but always head to the actual site on your own, using public and trustworthy links.

We also get phished via texts purporting to be from Revenue Canada — no, the government will not ask for Amazon cards for payment — as well as our cellular provider. In the case of our cellular company, the text also looks quite credible. The recent attempt stated that we had a rebate coming, and in light of some fairly recent activity, it did seem somewhat plausible. Once again, I refrained from replying to a mysterious number but checked with my actual account just to make doubly sure.

It's easy to fall prey. This happened to a blogger friend, and withdrawals were being made from his bank account before he realized what was happening. It all got straightened out but necessitated the  headache of changing accounts and credit cards etc.

Scary stuff. Be very aware, and use two-factor identification wherever possible.

And by the way, the package from Apple via UPS arrived yesterday, just as they declared it would. I hasten to add that there was no additional shipping charge.

22 comments:

MARY G said...

We got the pretend UPS here as well. Yes, some of them are really a good imitation. In this case, it was the company address on the email that alerted me. We would not have received a delivery from someplace in California. But, yes, it is a good policy to check your own interface. And I check my bank accounts on line daily for suspicious activity. It only takes a couple of minutes.
Thanks for this. Good info.

Ed said...

We get some from time to time that have been real enough for me to check like you did just to verify it was a phishing attack. I was worried about my oldest daughter becoming a victim but having been brought up in the digital age where we've always had smart phones, it has been a non issue. She just sighs and deletes them.

Marie Smith said...

I got a suspicious email yesterday from our bank. It certainly looked genuine but of course, I deleted it. I’d contact the bank before I opened anything on-line.

Boud said...

I get emails now and then saying a sum will be charged to my bank account soon, always in a day or two, always for an odd number that could be a genuine charge. I don't click. Just delete. The first one was alarming but when nothing happened I realized it must have been phishing.

The thing is not to cooperate politely!

Patio Postcards said...

An appropriate & timely warning.

We had a phishing email from a friend asking us to purchase an Apple gift card for her as she was away & had forgotten her niece's birthday. Mr Man was quick to complain about friend's request, I said straight away - don't reply, it's not how friend would talk, so I knew a fraud. Sure enough after a phone check in, her email had been hacked & highjacked.

We have had two calls telling us our grandson is in jail (an impossibility for several reasons) but I replied "good, let him rot there if he's stupid enough to do the crime" the caller hung up on me. LOL

William Kendall said...

I got an email yesterday that might have been genuine, but I decided to delete anyway. A former co-worker and not one I'd want to stay in touch with anyway.

DJan said...

I got scammed a few years ago, thinking I was helping a friend, whose email account had been hacked. It was a pricey but useful lesson. My husband usually keeps me from making these kinds of mistakes. Trusting people are vulnerable to these scofflaws!

Barbara Rogers said...

The most difficult ones are on FB where they ask, what was your favorite.?..when young? Your first kiss was where? or You first tasted a pizza was when you were how old? Stuff like that elicits some kind of lame response, but apparently they collect other data from your FB through these. Good to have read of your way to foil the scammers!

Marcia said...

Good you caught that. You have to wonder if there isn't a mole for scammers in Apple since so much of the email was correct.

Debby said...

I am not yet getting texts. The fact that you had an Apple order, and you were expecting a package UPS made me think that there is someone collecting the information and passing it on to scammers.

Margaret said...

I've gotten a few of those too. (and emails) They used to be very amateurish but have become more and more sophisticated. My mom gets phone calls from "Apple" in which they try to tell her that she's bought something or that her iCloud has been compromised. She enjoys playing with them, asking how that could have happened when she doesn't have a computer, a smart phone or internet. :)

Anvilcloud said...

@Barbara. Yes, I don't touch those posts, but it is hard to refrain sometimes.

gigi-hawaii said...

Wow, thanks for the advice!

Vicki Lane said...

A good reminder. They, whoever they are, are so devious.

RedPat said...

I tend to not click on anything.

Red said...

I get these messages everyday. The one about the parcel just goes on and on. good information you supplied. we always need reminder.

PipeTobacco said...

I get them a lot too. My U has us do trainings to spot them, so I have gotten very, very suspicious. And our U will send out fake phishing emails too….. to catch folks and then add more tutorials to folks who foolishly respond.

PipeTobacco

roentare said...

I received this type of texts over 20 times a day. So are the scammer calls. I just don't answer calls anymore letting them go to mailbox if they ever leave a scammer message.

Tabor said...

I recently saw a special news piece on CNN that showed how very easy it is to be hacked. Passwords are stolen from sites and sit out there until a thief finds them. We certainly get emails that are suspicious all the time. I need to change me passwords onthe more important sites. This should be done yearly I guess. I also should implement two source validation and get a password protected software. So much to do.

peppylady (Dora) said...

We all need to wise to these scams. There is T.V show Phishing. I watch it a few times, and how much time these people go to hurt or ruin someone life.
Coffee is on and stay safe

Kay said...

Oh yes, I've almost been fooled too. My daughter and son-in-law keep warning me to be careful and not click on any links or give out information.

This is a good reminder and warning.

Jenn Jilks said...

It is so sad people think it fair game to prey on others. I am deeply suspicious.