Tag Archives: Spoofing

Errant Literary

Scam Terminology

Leave a comment

A Thesaurus of funny names for serious topics

  1. Pharming
  2. Phishing
    1. Spear phishing
    2. Angler phishing
    3. Whaling
    4. Clone phishing
  3. Quishing
  4. Sextortion
  5. SEO poisoning
  6. Smishing (SMS phishing)
  7. Social engineering
  8. Spoofing
  9. Vishing (Voice phishing)

Pharming

Redirecting users to fake websites without them clicking on a link. 

Phishing

Phishing is the practice of sending fraudulent communications that appear to come from a legitimate and reputable source, usually through email and text messaging.

The attacker’s goal is to steal money, gain access to sensitive data and login information, or to install malware on the victim’s device.

Spear phishing

Targeted phishing attempts are aimed at specific individuals within an organization. 

Angler phishing

Using fake social media accounts or profiles to trick users into revealing information. 

Whaling

A highly targeted form of spear phishing aimed at high-profile individuals like executives or CEOs. 

Clone phishing

Clone phishing is a type of phishing attack where cybercriminals replicate a legitimate email, often a follow-up to one previously sent, and then resend it to the same recipients, substituting malicious content like links or attachments, to trick victims into divulging sensitive information or installing malware. 

Here’s a more detailed explanation:

How it works:

Cybercriminals intercept a legitimate email (e.g., a customer service message, a newsletter, or a follow-up email). 

They then create a nearly identical copy of the email, often with slight variations to make it look more authentic. 

Crucially, they replace legitimate links or attachments with malicious ones. 

They resend the cloned email to the same recipients as the original, aiming to exploit the trust established by the initial legitimate communication. 

Why it’s dangerous:

Clone phishing attacks are harder to detect than standard phishing attempts, as the emails appear more genuine and are often sent from a legitimate email address. 

Recipients may be more likely to trust a reply to a legitimate email than a new message from an unknown source. 

The malicious links or attachments can lead to malware infections, credential theft, or other cyberattacks. 

Examples:

  • A cybercriminal might clone a PayPal balance email, replacing the link to the legitimate PayPal site with a fake one. 
  • They could clone a company’s newsletter signup confirmation email, replacing the attachment with malware. 
  • They could clone a customer service email, adding a malicious link or attachment. 

How to protect yourself:

  • Be wary of emails that seem too similar to legitimate ones, especially if they contain urgent requests or ask for sensitive information. 
  • Always double-check the sender’s email address and domain name for any discrepancies. 
  • Avoid clicking on links or opening attachments in emails that seem suspicious. 
  • Use strong passwords and enable multi-factor authentication (MFA) for your email accounts. 
  • Stay informed about the latest phishing scams and how to identify them. 

Quishing

“Quishing,” short for QR code phishing, is a type of cyberattack where malicious actors use QR codes to redirect victims to fake websites or applications, often to steal sensitive information or install malware. 

Here’s a more detailed explanation:

How it works: Cybercriminals embed QR codes in seemingly legitimate emails, documents, or even physical locations (like posters or magazines). 

The deception: These QR codes appear to lead to a legitimate website or application, but instead, they redirect users to a fake version designed to trick them into revealing personal or financial information. 

Why it’s effective: QR codes can bypass some email security filters, as they are often treated as images, making them difficult to detect. 

Common tactics: Cybercriminals often use urgency or create a sense of importance to encourage users to scan the QR code quickly, without thinking. 

Examples:

  • Fake invoices with a QR code for payment. 
  • Emails from seemingly legitimate sources (like HR departments) with a QR code to a “mandatory survey”. 
  • QR codes on products or in magazines that lead to fake websites. 

Risks:

  • Identity theft: Victims can have their personal information stolen. 
  • Financial fraud: Attackers can gain access to bank accounts or credit cards. 
  • Malware infection: Devices can be infected with malware. 

How to protect yourself:

  • Be cautious of unsolicited QR codes: Be wary of QR codes from unknown or unexpected sources. 
  • Look for red flags: Check for misspellings, grammatical errors, or unusual requests in emails or messages. 
  • Don’t scan QR codes without context: If you’re unsure of the source or purpose of a QR code, don’t scan it. 
  • Verify the website: If a QR code leads to a website, double-check that it’s legitimate by typing the address directly into your browser. 

Sextortion

Sextortion occurs when a hacker sends you an email that appears to have come from you. The hacker claims to have access to your email account and your computer.

They claim to have your password and a recorded video of you.

The hackers claim that you have been watching adult videos from your computer while the camera was on and recording.

The demand is that you pay them, usually in Bitcoin, or they will release the video to family and/or colleagues.

SEO poisoning

Also known as SEO Trojan, it is a strategy where hackers work to become the top hit on a search using a search engine. The web address typically redirects to a virus or malware that infects the unwitting victim.

Smishing (SMS phishing)

Smishing, short for SMS phishing, is a type of cyberattack that uses text messages to trick victims into revealing personal or financial information, often by clicking on malicious links or providing sensitive data. 

Here’s a more detailed explanation:

What it is: Smishing is a phishing attack conducted via text messages (SMS). 

How it works: Cybercriminals send deceptive text messages that appear to be from legitimate companies or institutions, such as banks, retailers, or even government agencies. 

Common tactics:

Urgency: Smishing messages often create a sense of urgency, asking recipients to take immediate action, such as verifying an account, resolving an issue, or claiming a prize. 

Fake links: The messages include links that, when clicked, lead to fake websites designed to steal login credentials, financial information, or install malware. 

Impersonation: Attackers impersonate trusted entities to gain the recipient’s trust and make them more likely to click on the malicious link or provide information. 

Examples:

  • A text message claiming that your bank account has been suspended and asking you to click a link to verify your account. 
  • A message stating that you’ve won a prize and asking you to click a link to claim it. 
  • A text message from a shipping company stating that there’s a problem with your package and asking you to update your shipping address. 

How to protect yourself:

  • Be cautious of unsolicited text messages, especially those that request personal or financial information. 
  • Never click on links in text messages without verifying their legitimacy. 
  • Don’t share sensitive information via text messages. 
  • Be wary of messages that create a sense of urgency or ask you to take immediate action. 
  • Report suspicious text messages to your mobile carrier or law enforcement. 

Social engineering

The broader practice of manipulating people into divulging sensitive information or performing actions they wouldn’t normally do. 

Spoofing

Impersonating another individual or organization, often with the intent of gathering information. 

Vishing (Voice phishing)

Vishing, short for “voice phishing,” is a type of cybercrime where attackers use phone calls or voicemails to trick individuals into revealing sensitive information, such as financial details or personal data, often by impersonating legitimate institutions

Here’s a more detailed explanation:

How it works: Attackers use various techniques, including caller ID spoofing (making the call appear to be from a trusted source) and creating a sense of urgency, to manipulate victims into divulging information. 

Examples of vishing scams:

Pretending to be a bank or credit card company, informing the victim of a suspicious transaction or account problem, and requesting verification details. 

Impersonating a government agency or law enforcement, threatening legal action, or demanding immediate payment. 

Offering a prize or gift in exchange for personal information. 

Common tactics used in vishing attacks:

Caller ID spoofing: Falsifying the caller ID to appear as if the call is coming from a legitimate, trusted institution, such as a bank or government agency. 

Pretexting: Creating a fabricated scenario or pretext to extract information from the target. 

Automated Interactive Voice Response (IVR) systems: Mimicking legitimate IVR systems to trick victims into providing information. 

Wardialing: Software that collects and calls specific area codes. 

VoIP tools: These tools create fake phone numbers and mask an attacker’s real identity. 

Dumpster Diving: Digging through trash to find personal data documents. 

How to protect yourself:

  • Be cautious of unsolicited calls, especially those from unknown numbers or those that claim to be from institutions you don’t expect to be contacting you. 
  • Never share sensitive information over the phone, such as bank account numbers, passwords, or Social Security numbers. 
  • Verify the identity of the caller by hanging up and calling the organization directly using a known phone number. 
  • Report any suspected vishing attempts to the Federal Trade Commission (FTC) at Link: http://www.ftc.gov 382-1222.