Anyone Can Be Scammed and Phished, With Examples
blog.knowbe4.com
I recently read an article about a bright, sophisticated woman who fell victim to an unbelievable scam. By unbelievable, I mean most people reading...

Key Takeaways

  • Intelligence and “street smarts” don’t prevent scams, they just make you less likely to fall victim.
  • Anyone can be scammed or phished given the right circumstances.
  • Examples of sophisticated scams are given, including fake customer support, fake conference invites, and social engineering tactics.
  • Believing you’re unscammable can make you more vulnerable.
  • Stay vigilant, educated, and skeptical to protect yourself.

Summary of Examples Given:

  1. Fake Customer Support: After a frustrating experience and posting on the vendor’s Facebook, the author received a seemingly legitimate email from “customer service” offering a replacement refrigerator. Only after calling the real vendor did he discover it was a scam.

  2. Phony Conference Invite: An all-expenses-paid trip to speak at a foreign conference seemed too good to be true. Clicking the provided link revealed a fake website attempting to steal login credentials.

  3. Bad Water Main Ploy: The author sends fake text messages posing as a local water or sanitation service, tricking victims into revealing personal information and potentially compromising accounts.

  4. “New Highway Coming Through”: A convincing phone call claims the county needs to survey the victim’s property for road widening. The call aims to gain personal details or lure them into opening malicious documents.

  5. Credit Card Fraud: A professional-sounding caller impersonates a credit card company, claiming fraudulent activity and requesting confirmation details. This allows them to steal money and make unauthorized purchases.

  6. Email Password Hash Hijacking: An email containing a malicious link can capture your password hash, even if you don’t click on it. This vulnerability targets integrated Windows Authentication across various platforms.

  7. Hobby Friend Hacker: Attackers befriend victims in online communities, gaining trust over months before sending malicious links disguised as harmless content.

  8. Fake Job Offers: Dream job offers with unrealistic benefits and remote work options often hide malicious intentions like stealing data or installing malware on your work device.

  9. Fake Hardware Replacement: Victims using specific hardware (e.g., crypto wallets) receive seemingly legitimate replacement devices containing malware to steal their assets.