- Phishing (2) Scamming (3) Spam (2) Spearphishing (1) Technology (17) 📖 Reading time 2 minutes
My wife just got one hell of a targeted scam. Spearphishing level.
She’s a sociology grad student. She got email apparently from her department head, but a faked addr (name.org@my.com)
“I am in a meeting right now working on the study of the development of children of same-sex couples, based on data from the US Census. That is why I am contacting you through mail. I should have called you, but calls are restricted during the meeting. I don’t know when the meeting will be rounding up, And i want you to help me out on something very important right away”
That’s an amazingly plausible and targeted message. But she’s in the field right now.
So she sends back a message asking if he meant that for her. That’s before she notices the email address.
She gets back this:
"need you to help me get a Itunes gift card from the store,i will reimburse you back when i get to the office.
I need to send it to someone and it is very important cause i’m still in a meeting and i need to get it sent Asap.
Thanks"
At that point she notices the email address.
That’s one hell of a targeted scam. Soc. grad students from their dept head. Totally plausible intro. And you can’t say no when the dept chair asks a favor.
She’s a plausible target for government spearphishing because of her work. So I ask her to see if other students got it.
And lo and behold, she manages to stop someone who was just about to buy two $100 iTunes gift certificates for the scammer. Lot of money for a grad student. Three other thank you’s in minutes. Almost certainly other people have fallen for it.
That’s a frightenly specific and targeted attack for something that apparently was just aimed at making a few thousand bucks. But I guess the return on investment is likely to be really high.
Lesson: Never think you don’t have to worry because nobody would bother targeting you.
Previous
Fire (and lots of it): Berkeley researcher on the only way to fix cryptocurrency
Feb 04, 2019Kee Hinckley
Text goes here.