Scammers: Not Bright, Just Preying on Greed

in #bbh2 days ago

I received an email today. It wasn't a very good one, but had a strange balance of really clever, and really dumb.

In reality it was just yet another phishing type email trying to exploit greed to get a response.

scam4126798_640.jpg
Image by Sammy-Sander from Pixabay

The email looked like this....

Scammail.jpg

The clever parts:

  • The image came straight through, bypassing the normal routines that turn an image into a little box with a cross in and a "download content" message.
  • It's a pretty, professional-looking and visually attractive image.
  • The wording is clever, because it knows that crypto people tend to sign up for (or at least investigate) quite a variety of places which may be crypto-earning opportunties, and may not remember all of them a year later. The claim of using device downtime is at least quite imaginative and vaguely credible.
  • The email was to an address I don't give out widely at all. It's mostly used as a login for crypto exchanges rather than one I use for communication purposes (which is why I've redacted it). That tells me that one of the exchanges is selling data or has a leak that's being passed to bad actors.
  • The "From" email has been spoofed so it isn't a Gmail or Hotmail address. Those things are a dead giveaway for fraud !

Now for the dumb bits;

  • They don't know my name. Quoting a random user ID is no substitute.
  • The amount they are saying you claim just isn't credible as a reward for something that is supposed to just be going on in the background.
  • They don't mention the name of the service they claim to be, and they don't have an email address which ties to it. Dumb dimwits. They failed Scamming-101.
  • I'm just about clever enough to know what I've signed up to, and know I wouldn't sign up to something which could cause my ISP to hit me with a penalty for exceeding bandwidth allowances.

So what is it intended to do ?
They want you to click the link. I'm not that stupid. But at a guess it'll do one, some or all of the following;

  • Ask you to log into a fake site by entering wallet keys and enough credentials to access your wallet.
  • Say the amount is large enough to require a KYC process, which of course then gets you to give them copies of passport, driving license or other official ID that could be used for identity theft and further fraud.
  • Install software onto your device that will crawl around and send them any banking or crypto info they find.
  • Install a keylogger onto your device to pick up your login details to banking, Amazon, eBay, crypto exchanges and other sites.
  • Find your mobile phone number to enable SIM-swap fraud so they can use 2FA with the password info they've collected.
  • Install ransomware onto your device and demand crypto to let you have access.

And that's just a start !

It just goes to show, you have to be careful out there. Know what you've signed up to, and treat any unexpected email or call as fraudulent until proven otherwise. Someone contacting you by phone or email may well not be who they say they are !

Posted using The BBH Project

#scams #security #inleo #btc #proofofbrain #slothbuzz #vyb
2 days ago in #bbh by
100%
    1.79 VYB
    • Pending Payout
    • 1.79295293 VYB
    • in 6 days
    56 votes
    0