{"id":1503,"date":"2018-08-12T14:28:40","date_gmt":"2018-08-12T14:28:40","guid":{"rendered":"http:\/\/kmccullough.com\/kblog\/?p=1503"},"modified":"2018-08-12T14:28:40","modified_gmt":"2018-08-12T14:28:40","slug":"scams-spams-and-nasty-schemes","status":"publish","type":"post","link":"https:\/\/kmccullough.com\/kblog\/scams-spams-and-nasty-schemes\/","title":{"rendered":"Scams, Spams, and Nasty Schemes"},"content":{"rendered":"<p><em>Author&#8217;s Note: This was first posted on the Classic and Cozy blog, but the subject is important, so I&#8217;m reposting it here.<\/em><\/p>\n<p>It\u2019s a jungle out there\u2026and in here, too. I\u2019m talking about the Internet, and right now, email specifically. You just can\u2019t be too careful when dealing with email.<\/p>\n<p>Because I\u2019m both an author and a web designer, my main email address is pretty well-known across the Internet. Certainly the spammers and scammers know about it. I currently get 20-30 spam emails a day. Most of them are annoying, but pretty innocuous, trying to sell me goods or services I don\u2019t need. The weight loss tips, get rich quick schemes, special tools, prescription drug, and great rates on shipping from China offers are aggravating mostly by their sheer bulk.<\/p>\n<p>But some of them are less innocuous. By now the Nigerian prince or defecting diplomat scheme is so well-known as to be the butt of numerous jokes. But people fell for it. Plenty of them. And, having seen the amount of money to be made, the schemers and scammers have moved on to more sophisticated tricks.<\/p>\n<p>For a while I got five or six notices a day from various banks that I had an urgent message and needed to log into my account. Generally poor grammar and wording were a dead giveaway that those messages didn\u2019t really come from their supposed senders, along with the fact that I didn\u2019t actually have an account at any of those banks.<\/p>\n<p>The first time I got an email purporting to be from one of my web clients saying she\u2019d been mugged in some foreign country and needed help, I was both concerned and suspicious. I hadn\u2019t heard of this scheme, so I actually responded with a request for more information. The reply I got was so unlike my client, I knew it was a scam and ignored all further emails related to it. I later got four more versions of that scam relating to other friends or clients.<\/p>\n<p>The scammers are getting better at it, though. The emails telling me I\u2019ve won a $50 gift certificate from Amazon look very legit. The messages saying there is a problem with my Paypal account carry the Paypal logo and are nicely worded. It\u2019s only when you put your cursor over the link to see where it\u2019s really going that you can tell they\u2019re trying to get you to enter your Amazon or Paypal login credentials on a page that most definitely isn\u2019t attached to either site.<\/p>\n<p>Any attempt to get someone to click on a bad email link or open a malware-laced document is generally called a Phishing attack. But it gets worse. What are sometimes called \u201cspear-Phishing attacks,\u201d where the link or attached document is tailored to a specific environment, can cause an unfortunate click to produce widespread devastation.<\/p>\n<p>I\u2019ve gotten emails purporting to be business documents from a co-worker. I don\u2019t work in a corporate environment, but if I did, an email from purchasing@suchandsuch.com claiming to have a spending report attached might trick me into opening it or clicking on a link.<\/p>\n<p>Those are perilous emails because a click on a bad link or document can give hackers access to an entire corporate network. Thousands of businesses have been hit with ransomware attacks. The city of Atlanta\u2019s computer network was shut down for weeks when held for ransom. My local church\u2019s computer system was also disabled for several days due to ransomware. Those attacks can almost always be traced back to someone clicking on a bad link or opening a document containing malware. The infamous hacking of the Democratic party started with a Phishing attack.<\/p>\n<p>A few days ago, though, I got an email that topped all the others for me personally in terms of the general nastiness of the scam. It was basically a blackmail attempt. It said that I\u2019d visited a porn site and while I was there, the sender had installed malware on my computer, turned on my web cam, caught me in a compromising action on the camera, stolen all my contacts information and would send the video to all of them if I didn\u2019t pay their demand of sending 3,000 Bitcoin to the sender.<\/p>\n<p>I\u2019m an author. I do research all over the web, including some of its shadier corners. I\u2019ve probably even been to a porn site a time or two, though I tend not to linger in such places. Otherwise I knew that the rest was pretty much impossible (in my case), so I didn\u2019t take the threat very seriously. I suppose there are people for whom some of this might be a real possibility and such a note would worry them.<\/p>\n<p>What did actually give me pause was that the subject line contained my name and an old password I once used in a couple of places. I imagine the sender got that from somewhere on the dark web, where all sorts of hacked data, including some from famous huge data breaches like the Yahoo and Equifax debacles, is available for sale. And don\u2019t kid yourself. Your information is up there somewhere, too.<\/p>\n<p>I no longer use that password, and haven\u2019t for some time, but this was a good reminder of why you should never use the same password in different places and why it\u2019s a good idea to change those passwords occasionally.<\/p>\n<p>Apparently I wasn\u2019t alone in receiving this email, according to this article I found, which echoes the conclusions about it I came to about it:<br \/>\nhttps:\/\/www.businessinsider.com\/new-email-scam-uses-old-password-fake-porn-threats-webcam-video-bitcoin-2018-7<\/p>\n<p>Stay safe, my friends!<\/p>\n<p>Some email safety tips:<\/p>\n<p>\u2022 Don\u2019t open emails from unknown sources.<br \/>\n\u2022 Never, ever open an attachment unless you\u2019re very sure of what it is and who sent it to you.<br \/>\n\u2022 Keep automatic open of attachments turned off in your email program.<br \/>\n\u2022 Don\u2019t click on links in emails unless you\u2019re very sure of what it is. Remember that your friends\u2019 email accounts can be hijacked, and spammers can spoof the names and email addresses of people you know into the \u201cFrom\u201d field.<br \/>\n\u2022 Any time you get an email from a bank or financial institution saying you have a message, don\u2019t click the link. Go to the institution\u2019s site and log in. If the message is legit it will be posted to your account.<br \/>\n\u2022 Keep your computer\u2019s virus protection up to date.<br \/>\n\u2022 Don\u2019t log into your email account on open, public wi-fi.<br \/>\n\u2022 Change all of your passwords periodically and never use the same one at two different places.<\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Author&#8217;s Note: This was first posted on the Classic and Cozy blog, but the subject is important, so I&#8217;m reposting it here. It\u2019s a jungle out there\u2026and in here, too. I\u2019m talking about the Internet, and right now, email specifically. <span class=\"excerpt-dots\">&hellip;<\/span> <a class=\"more-link\" href=\"https:\/\/kmccullough.com\/kblog\/scams-spams-and-nasty-schemes\/\"><span class=\"more-msg\">Continue reading &rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[76,81,80,77,79,78],"class_list":["post-1503","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-email","tag-hackers","tag-safety","tag-scams","tag-schemes","tag-spam"],"_links":{"self":[{"href":"https:\/\/kmccullough.com\/kblog\/wp-json\/wp\/v2\/posts\/1503","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kmccullough.com\/kblog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kmccullough.com\/kblog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kmccullough.com\/kblog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kmccullough.com\/kblog\/wp-json\/wp\/v2\/comments?post=1503"}],"version-history":[{"count":1,"href":"https:\/\/kmccullough.com\/kblog\/wp-json\/wp\/v2\/posts\/1503\/revisions"}],"predecessor-version":[{"id":1504,"href":"https:\/\/kmccullough.com\/kblog\/wp-json\/wp\/v2\/posts\/1503\/revisions\/1504"}],"wp:attachment":[{"href":"https:\/\/kmccullough.com\/kblog\/wp-json\/wp\/v2\/media?parent=1503"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kmccullough.com\/kblog\/wp-json\/wp\/v2\/categories?post=1503"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kmccullough.com\/kblog\/wp-json\/wp\/v2\/tags?post=1503"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}