Today we are going to discuss a top tactic preferred by cybercriminals and that is the use of what is known as Impersonation fraud or more commonly as Business email compromise (BEC). Since these rarely involve malware, it is especially hard for traditional security software to catch them. Listen in to find out more.
For more tech tips, news, and updates visit – CraigPeterson.com
Automated Machine-Generated Transcript:
Hey, here we go Craig Peterson here. And shout out to everybody who is watching this live on video up on YouTube and on Facebook, which is kind of cool. Actually, we’re going to be doing some hopefully some cool stuff here over the next little while as we get some of the newer technologies into the studio going to be doing live interviews and, and putting the videos up and everything else. So you can you can see me if you just go to Craig Peterson comm slash YouTube, for instance, you can see the video will make sure it gets saved up there, in case you’re listening, and you want to go back and see what my little studio was like. So this is part of it. One of these days, maybe we’ll give you a tour of the studio and all the equipment that we have here. But anyways, it is primarily an audio show a lot of people getting on podcast, we’ve been thinking about maybe putting up some of the podcast as video podcasts as well. But that’s a whole separate thing. So for now, YouTube and Facebook. And you can find all of those just by going to Craig Peterson comm slash Facebook. And for those of you who are watching this, you’ll see at the bottom, we’ve got a special offer for this week. Last week, we gave out this quick start guide. And the Quick Start Guide is really designed for people who wanted to get their businesses going. And this is it here I printed it up. I’ve got it in my hand, you can see it on the cameras if you’re watching live or the replays. But we I go through a whole ton of stuff in here never given this away for free. So that was last week, we got a house flying here. And this week, we are doing something a little bit different. We have our password cheat sheet. And we’re going to be making some more of these things. Hold fully, you got all the security summer stuff, if you had signed up for the security summer. And you know, I’ve sent out 28 of these cheat sheets, almost 100 pages of information about what you should be doing as a home user, as a business user, as someone who’s retired etc. If you missed any of them, let me know when I’ll be glad to get those out to you. And the easiest way to get ahold of me is just email me at Craig Peterson calm. If you’re the type of person who really loves to use texting, you just pick up your phone, and you can text me directly at 855-385-5553. So let’s get started. Today we’ve got a number of articles, we’re going to talk about this massive spike that is costing businesses here in the US and around the world, over $12 billion dollars in the last couple of years. It is really, really, really huge. And what I’m going to do, as we through this, if you’re watching live or watching in the replay, I’m going to put up the article up on the screen that I’m talking about. So you can kind of see it, and you can follow along a little bit at home. But business email compromise. This is something where the bad guys are going and sending typically phishing emails. And nowadays, it’s not just regular phishing, we’re talking about spear phishing emails. And spear phishing emails are when someone does a little bit of research on you. So they find the name of your company, they find out what kind of business you’re in, they go to your web play website, and they find out who the CFO is who the CEO is who the bookkeeper is, right? So many of us put all of that stuff up on the website. And now they have enough information to do a very targeted marketing campaign. Right? It you want to talk two people as individuals. And what better way to do that than to switch from Hey, jury in print, I need to get out of jail. So I’ll send you some money. And you just send some of it back to the point of today where it is a lot more complicated because they know about you. Now I gotta talk about a friend of a friend here. Her name is Laura. I’m sure she’s still around. She might even be listening. Hi, Laura, wave to her there on the camera. But here’s what’s happened with Laura. She had a great little business doing photography, and she got an invite to do some photography for somebody out west. And that was she lived in the East Coast at the time. No, actually, she lived in the mountains, the Midwest, Colorado, I think maybe. And they the person wanted her to do a photoshoot for her on this beach in California. So this person says, Okay, so here’s what I’m going to do, how much you’re going to charge and you set it all up, basically. And she says, Well, I’m going to charge whatever was three grand, I can’t remember the number. And so the other guy on the phone said, Man, I already got a check written out here. For five grand Would it be okay? If you just refunded me the difference? Do you see where we’re going? Yeah, the difference is the Prophet the bad guy was going to make because that check that they were going to send Laura wasn’t any good. And it takes a week or two for checks to clear when you’re talking about international tech checks. It takes even longer. So they’ll often ask you, as they did with Laura, what can just wire me the difference. Now they’re playing these games with cars as well, I was looking for cards. In fact, I was looking for another Ford truck. And we found a great deal on a Ford truck. So we thought, Oh, hey, this is going to be good. We’re going to make you know this deal. And, man, this is such a cheap price. What I did and what I would advise you to do if you’re kind of stuck in this same thing is I took the pictures from the ad, I think it was on eBay, if I remember right. So the pictures from the ad on eBay. And I took them to Google. Now Google has an image search feature, you’ve probably used it before to look for images of celebrities or other people. But you can also upload a photo. And you can ask Google, where else does this photo appear? Now one of my son’s was doing some volunteer work for this dating site. And what he was doing is taking pictures that people were posting for their profiles. He was running them through the Google image search search and seeing if it was really them. And much of the time, it wasn’t it was some celebrity or some other person who knows what these people looked like. In many cases, these accounts were fake accounts that they were using for these types of scams. Now, when this scams are for end users like you and me, and that’s one thing and and I was smart enough to double check, you know, thank God I knew, right? Who knows this stuff. And I did a search, I found that they had taken some pictures from a car dealers website, who actually had this truck, they were the ones with the truck, and the truck that the car dealer website had there was the same use truck. But it was $10,000 more than the scammer wanted. So what happens a lot with these truck and car scams is they have this scam going right. And they get people to bite, they get them to pay them the money. And they’ve set up these fake accounts on YouTube or elsewhere. So they wire the money. And while they don’t wire they send them a check, right? Or the car shows up and they have to pay, but there’s always a
refund involved. And the refund is you refunding the money.
So they may sell say while the shipping cost is only going to be $500 I thought it was 1500 dollars. So I overpaid you because you’ll get a check and it’s for too much. And you’ll you might contact them and say well, what’s going on here, this is more than I thought you were supposed to pay me. So some people will do that. Some people who are a little dishonest won’t. But at any rate, the scammers going to ask for that money back and then people send them the money. And so now the scammer just made 1500 bucks. Now in this case, what we’re starting to see is a major problem. This is a report out for mine cast. And it’s talking about how the business email compromise scam has ramped up 200 hundred and 69% from last quarter to this quarter. And this is an article we’re talking right now on June or July, October right mid October. So a massive spike in emails that had dangerous business email compromise stuff in it. So what they’re doing is they’re finding out about you, they’re getting your email address. And then they’re sending you dangerous file types. It might be PDF, it might be a.xz, it might be a.ba T might be a.com. And they are sending them to people’s inbox. Very, very dangerous malware attachments are in these things spam and target inbox is. This quarterly report by line cast reviewed more than 216 million emails from a half a million users. So think about how many spam emails these guys are getting. So all the emails that were scanned by these different emails security systems, and successfully delivered 28 million or spam, and 28,000 contain malware attachments. And 28,000 had can dangerous file types. So 60,000 was the bottom line of the messages contained business email compromise stuff, impersonation, fraud, scammed, a lot of different words for them. So be very careful, one of the biggest ones and we picked up a new client over this one. This is called a vendor email compromise. This is kind of a new technique that’s been discovered. And it involves the intruder sitting on a target network and observing communications. They get a hold of the emails that might be coming out from the billing department might be from a manager and they now know who they’re sending emails to what the what they’re talking about how much is normally built. Very interesting article, it’s up on dark reading. There are some links to the original, you know, articles that were talking about this, and you’ll see all of this up. But Craig Peterson calm Of course. And you also should have gotten this in your weekly email. Now if you didn’t get that. Go ahead and right now to Craig peterson.com. Right on the homepage, there’s a sign up. And when you sign up today, you will get my password special report. This is a 10 page special report going through the pros and cons of different password managers. The cost, what you might want to look at why you would use them what kind of passwords all of that stuff. So just go right now. To Craig Peterson calm. Of course you’re listening to Craig Peterson you’re watching me live Facebook, YouTube, and on the radio WGAN so stick around We’ll be right back and talking about line to your bank.
Transcribed by https://otter.ai
More stories and tech updates at:
Don’t miss an episode from Craig. Subscribe and give us a rating:
Follow me on Twitter for the latest in tech at:
For questions, call or text: