Social engineering is the tactic used to take the con game to the masses.\u00a0 Today, con artists operate on a large scale using email and other mass communication tactics to dupe unsuspecting people into their traps and out of their money. \u00a0Mass communications make it easy to play the numbers.<\/p>\n
I am a former computer security officer my training helps keep me out of some trouble.\u00a0 However, you don’t need to be a professional background to protect your identity.\u00a0 You just need some common sense to avoid a lot of trouble.<\/p>\n
If you have email, sooner or later you will receive correspondence from someone who wants to do you harm.\u00a0 They may offer you an opportunity to make money or may trick you into believing they have a business relationship with you.\u00a0 Because this tactic is effective, the con artist continues to use it.<\/p>\n
Here is how it works:<\/p>\n
1) I NEED YOU HELP (YOUR BANK ACCOUNT) – You receive a message requesting your help. The sender needs to put money into your bank account.\u00a0 It doesn’t matter who they say they are or why they need to put money into your account. Once you provide the access they seek to deposit funds, they remove your money.\u00a0 Bank access works both ways – money in and money out.\u00a0<\/p>\n
2) YOUR ACCOUNT MAY HAVE BEEN TAMPERED WITH (ROBBERY and or ID THEFT) – \u00a0\u00a0You receive a message stating that your account has been tampered with or confirmed.\u00a0 It doesn’t matter what the account is.\u00a0 It may be your bank, your stock account, eBay, PayPal, or any number of agencies that conduct online business.\u00a0 The message shocks and scares people into acting without thinking.\u00a0 The victim responds by clicking the link to log in and check their account.\u00a0 To do so, you provide your account and password and then its too late.\u00a0 The site you went to (via the link provided) looks like the real site.\u00a0 It may even transfer you to the real site with your account so that the screen says the password is invalid.\u00a0 You reenter the password and see that you account is OK.\u00a0 What happened was the first stop you made that looks exactly like the legitimate site collected your account and password, and then passed you on to the real site where you reentered your password and alleviated your fears.\u00a0 The con artist has your account and password and may account your account without you ever suspecting a thing until it’s too late.<\/p>\n
Most of the tactics work using fear of loss and your desire to help (so you were offered 10%) for your help…\u00a0 Human emotion is used to manipulate your actions by some unknown person who you may just give your account and password to.<\/p>\n
So, how do you protect yourself?<\/p>\n
1) Don’t respond to email solicitations.\u00a0 Think twice.\u00a0 Even if the message looks like its from someone you know and trust.\u00a0 They may have been duped or your email address book may have been hacked by a virus.\u00a0 Use the phone to call the organization if it looks familiar to you and you suspect it may be legitimate.\u00a0 You wouldn’t give a door to door solicitor your back account, SSN, or other private information. Why would you do it online?\u00a0 Answer: Social Engineering.\u00a0 People stop thinking and just act in a predictable way.<\/p>\n
I do not have a CHASE BANK ACCOUNT, but you might.\u00a0 I received this email today and will show you how to identify it as a fraud, just in case you think it may be real and feel the need to check you bank account.\u00a0 And if you do, type in your own URL to get to the bank.\u00a0 The con artist knows we are lazy and will click the link that was provided.<\/p>\n
Here is a copy of the original message (with my highlighting):<\/p>\n
\u00a0—–Original Message—– Note: This is a service message regarding the Chase Online Form.<\/p>\n Dear customer:<\/p>\n As part of the new security measures, all Chase bank customers are required to complete Chase Online Form. Please complete the form as soon as possible.<\/p>\n To access the form please click on the following link:<\/p>\n http:\/\/chaseonline.chase.com\/Secure\/webform\/OSL.aspx?LOB=7435974394465384679081346347874986894 <http:\/\/chaseonline.chase.com.http.org.kg\/Secure\/webform\/OSL.aspx?LOB=7435974394465384679081346347874986894><\/p>\n Thank you for being a valued customer.<\/p>\n \u00a0Sincerely,<\/p>\n Online Banking Team<\/p>\n \u00a0<\/p>\n In my mail software, I select the view mail headers option.\u00a0 Software is different. In Microsoft Outlook, it’s a right mouse click on the message and select the \u00a0“view options”.\u00a0<\/p>\n Here is the “view options” look at the same message with the forgery clues reviled.<\/p>\n 1) Received: from \u00a0prod-infinitum.com.mx\u00a0 is not chase.com (the domain in the From: address). Also <\/strong>yahoo.com is in the Received From header.\u00a0 The mail was forged to say it was from chase and forged again to show that is was from prod-infinitum.com.mx\u00a0 \u00a0and sent through yahoo mail to bury the real sending domain tracks. <\/strong>\u00a0<\/p>\n —–Original Message Headers—–<\/p>\n Received: (qmail 29842 invoked from network); 17 Nov 2008 20:55:38 -0700<\/p>\n Received:<\/strong> from dsl-189-153-180-170.prod-infinitum.com.mx <\/strong>(189.153.180.170)<\/p>\n \u00a0 by mail.advancedmediawebs.com with SMTP; 17 Nov 2008 20:55:37 -0700<\/p>\n Received-SPF<\/strong>: none (mail.advancedmediawebs.com: domain at yahoo.com does not designate permitted sender hosts<\/strong>)<\/p>\n Received<\/strong>: from [189.153.180.170] by f.mx.mail.yahoo.com<\/strong>; Mon, 17 Nov 2008 22:30:01 -0600<\/p>\n From: “Chase bank” <support@chase.com<\/strong>><\/p>\n To: <info@hospitalsystemsgroup.com><\/p>\n Subject: please confirm your online banking records <message ref: 3652653936><\/p>\n Date: Mon, 17 Nov 2008 22:30:01 -0600<\/p>\n Message-ID: <01c94904$076c3a80$aab499bd@HRRSL14><\/p>\n MIME-Version: 1.0<\/p>\n Content-Type: multipart\/alternative;<\/p>\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 boundary=”—-=_NextPart_000_0006_01C94904.076C3A80″<\/p>\n X-Priority: 3 (Normal)<\/p>\n X-MSMail-Priority: Normal<\/p>\n X-Mailer: Microsoft Outlook, Build 10.0.2627<\/p>\n X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106<\/p>\n Importance: Normal<\/p>\n \u00a0<\/p>\n The bottom line is that you should never respond by providing any personal information online. \u00a0Protect your money and personal identification.\u00a0 Treat every email that asks for your personal information as suspect.<\/p>\n","protected":false},"excerpt":{"rendered":" Social engineering is the tactic used to take the con game to the masses.\u00a0 Today, con artists operate on a large scale using email and other mass communication tactics to dupe unsuspecting people into their traps and out of their money. \u00a0Mass communications make it easy to play the numbers. I am a former computerRead more<\/a><\/p>\n","protected":false},"author":7,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-69","post","type-post","status-publish","format-standard","hentry","category-features"],"_links":{"self":[{"href":"https:\/\/dev.sunlakesofarizona.com\/blog\/wp-json\/wp\/v2\/posts\/69","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dev.sunlakesofarizona.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dev.sunlakesofarizona.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dev.sunlakesofarizona.com\/blog\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/dev.sunlakesofarizona.com\/blog\/wp-json\/wp\/v2\/comments?post=69"}],"version-history":[{"count":3,"href":"https:\/\/dev.sunlakesofarizona.com\/blog\/wp-json\/wp\/v2\/posts\/69\/revisions"}],"predecessor-version":[{"id":72,"href":"https:\/\/dev.sunlakesofarizona.com\/blog\/wp-json\/wp\/v2\/posts\/69\/revisions\/72"}],"wp:attachment":[{"href":"https:\/\/dev.sunlakesofarizona.com\/blog\/wp-json\/wp\/v2\/media?parent=69"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dev.sunlakesofarizona.com\/blog\/wp-json\/wp\/v2\/categories?post=69"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dev.sunlakesofarizona.com\/blog\/wp-json\/wp\/v2\/tags?post=69"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
\nFrom: Chase bank [mailto:support@chase.com<\/strong>]
\nSent: Monday, November 17, 2008 11:30 PM
\nTo: info@hospitalsystemsgroup.com
\nSubject: please confirm your online banking records <message ref: 3652653936><\/p>\n
\n
\n