bin7.net

How to avoid online scam

· 7min · Dmitry Scherbakov
cover
Table of Contents

Introduction

Online scam attacks have became more and more common in the last 5 years (starting from the covid-19 lockdown period). The real problem is: there is no some sort of “just-works” protection solution from them, since everything comes down to who outplays each other - you or scammers. In this article, I will start with some obvious stuff and navigate towards more complicated topics.

Indian tech support scams

The first type of scam we will go through is not necessary an "online" one (explanation: some tech support scams take place during the phone calls). I am talking about the tech support scam. Unfortunately, since this scam is more well-developed in south countries like India, Pakistan and other arabic countries, it is pretty much impossible to experience one in european countries. The idea here is to get you to execute some malware that will either steal your credentials or allow hackers to remote control your PC - these 2 targets are the most common ones, not necessarily for this type of scam. The first and, in fact, the most common question people ask is: how on earth you end up calling scammers instead of official tech support entities? The main way scammers promote themselves is via online advertisements. Noticed that first 2-3 search results in Google, Yandex or even DuckDuckGo which have "Ad" badge near them? Of course, you also have to take into the consideration that vendors don’t always provide end users with official tech support for some products, or tech support is provided via third-party store people got the item from (unfortunately, most people don’t realize that). Hopefully, these scammers are not always super smart and not even tech-savvy, so it is pretty easy to detect unwanted actions. The most hilarious thing here is that, since, as I have already mentioned, scammers often reside in countries like India, you might immediately notice something strange after you hear their voice. There is a tone of YouTube "scamming the scammers" videos, featuring exactly this type of scam. Anyways, this scam isn’t very interesting to us as we move on to something more advanced, I’m not even going to talk about how to defend yourself from this.

The Nigerian prince scam

Nigerian prince scam

The second type of scam is the so-called Nigerian prince scam. This has been insanely popular in the last year. The idea is super simple: I will send you super expensive goods, but first you have to pay a little bit of money. My personal opinion is that you have to have a room temperature IQ in order to fall for this. However, it is not always so easy to detect this kind of scam. Especially, when it gets mixed with something like social engineering, which we will discuss a little bit later as it is considered to be more advanced technique. In this case, the only solution is to have fresh set of eyes to look at what’s going on and give you an advice.

Social network hijacking attacks

The third type of scam is the hijacking scam. Before I start talking about it, I have to point out that it does not really have its own name, I just decided to call it "hijacking scam". It targets famous people in social network like bloggers and actors. Scammers first try to hijack social network account (using other scam methods, some of which will be discussed later in this article) with a decent subscriber/follower/friend/whatever count and then use it as a form to distribute either malware or information about other scams. Everybody’s known YouTube channel, named LinusTechTips, was once (2023) hit by an attack like this. Basically what happened is that somebody from Linus team ran some malware which has stolen their main YouTube channel. Not long after this happened, Linus’s channel name was changed to TeslaLiveOnline and hackers started a stream with Elon Musk, Jack Dorsey and other famous people talking about the future of cryptocurrencies and if you give us some Bitcoin or Etherium, we are gonna double it for you. Since Linus hopefully managed to get his channel back in just 3 hours, not so many people got scammed, but hackers earned approximately 10K USD. Now, to avoid this crap happening to you (even if you don’t have that many subscribers Linus had), you should follow one simple advice: check everything you download from internet, especially from suspicious websites or emails. Unfortunately, antivirus scans are not so ideal as they might seem (we will not discuss why here, that’s a completely different story).

How AI is used to generate deepfake content

Now, before I unleash the second scam type, we need to talk about deepfakes, sometimes with support of generative AI. They play a significant role for malicious actors, since you can easily generate anything ranging from basic fake news report to some kind of impersonation content (we will see later).

Social engineering attacks based on stolen data

Getting to the more complex stuff, here are so-called social engineering attacks. Let’s say you are working in a company and recently some metadata about your company staff has been leaked. By metadata I mean something like names, surnames, job titles, etc. Using this information and impersonation techniques with deepfakes involved, hackers can reach to your colleague, pretending to be you, and ask for some more sensitive information. And this only the some basic way of dealing with stolen credentials. it’s pretty obvious that hackers are free to do whatever they want with them. These scams are especially dangerous, because in the worst case, they can lead to the entire company being taken over. If you are the owner of the company, which was hit with a data breach, you should immediately notify your employees about the incident, encourage them to be careful, force them to change or get rid of easily guessed passwords. If you are a simple company member, just be careful if your colleagues are reaching you with irregular questions and requests.

Social engineering attacks are not always used to target companies. In fact, they are used more against simple (and stupid) people (typically woman) who at the first glance do not seem to have much tech experience to at the very least be able to defend yourself. Attackers first start by gathering the data about their target, analyzing behavior on different social network, looking for possible relatives, family members, friends, etc. After the enough data is gathered, hackers start to approach the target. Obviously, the methods used might vary from one attack to another.

The poor french woman story

Poor french woman

Social engineering attacks are the backend for a wide range of other scams. Mentioning all of them here would infinitely extend the article. I will go through one scam that has blown up the internet recently. It was even assigned with a name "Romance scam". This scam, on my opinion, is intended to target only woman, because the main idea here it to catch to victim in period of mental exploitation, typically after the breakup. You might have heard a story about a poor French woman who was scammed for more than 850,000$. The process lasted over a 1.5 years and involved various different methods and psychological tricks. Scammers were able to pull this off specifically because of mental difficulties woman had after a breakup.

Conclusion

Online scams and scams in general are pretty complicated topics, because the possibilities here are endless, limited only by human imagination. You have to be extremely careful, because it is not always easy to detect and prevent the scam from happening.