Scherzer International Security Training 2021

Previous Lesson
Next Topic

Internet Scams (aka Social Engineering) – 2021

Scherzer International Security Training 2021 Social Engineering 2021 Internet Scams (aka Social Engineering) – 2021

Phishing

Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication.

An example of Phishing where you would be requested to enter your network credentials.

Email Spoofing

Hackers will often send out emails that will appear to come from a legitimate source but actually be used as a way to gain access to the network by asking for a person’s username and password.

If something doesn’t seem right about an email, please contact Technical Services or the original sender. As a note, we don’t terminate or expire accounts via email.

For the record, Scherzer International doesn’t use the following email addresses:

  • Admin
  • Administrator
  • IT Support
  • HelpDesk
  • Postmaster
  • Human Resources
Example of Spoofing, notice how the sender’s email doesn’t match the content of the email.
Another example of Spoofing. Look for threats (if you don’t do this “ASAP”, the language seems off, or unfamiliar or generic names such as “Help Desk” or “Human Resources”.

On a side note, the IRS won’t call you or email you. If your bank emails you to perform a certain action, go directly the bank’s website, don’t click on the links within the email.

Neighbor Spoofing

For example your phone number is 818-227-5555 and you receive a call from 818-227-6666 or 818-127-5555 this is most likely an example of “Neighbor Spoofing”. If you don’t recognize the number it or the digits seem off (e.g. 127). There are some things you can do to protect yourself from falling victim to neighbor spoofing:

  • If you don’t recognize a number and aren’t expecting a call, simply let it go to voicemail. By answering or declining the call on your phone, you’ve let the scammers know they have a valid phone number and that you’re likely to respond to calls from unknown numbers. As a result, the phone number may be added to a list and sold to other scammers.
  • Never give out personal or confidential information in response to an unexpected call. If you think the call is it is legitimate, hang up and call the phone number listed on the supposed caller’s website to confirm that the caller is genuine.
  • Be skeptical regardless of what the caller ID says. Email addresses aren’t the only thing that can be spoofed, phone numbers can as well.
  • Scammers often try to employ urgency (“Do this now, or else”) to pressure you into divulging information immediately.

Phone Calls from Remote Places

Spammers will often call their victim with a phone number and not leave a message, prompting the victim to call back since it follows the US/Canadian phone number sequence of (3-digit number) followed by a three + four-digit number (e.g. (999)-555-1212)) the victim is then charged a ridiculous per-minute charge.

Numbers to avoid calling back are:

  • 473
  • 809
  • 284
  • 649
  • 876
  • 844
  • 855

Other numbers to be mindful of:

  • 242- Bahamas
  • 441 – Bermuda
  • 784 – St. Vincent & Grenadines
  • 246 – Barbados
  • 473 – Grenada, Carriacou, and Petite Martinique
  • 809, 829, 849 – Dominican Republic
  • 264 – Anguilla
  • 649 – Turks and Caicos
  • 868 – Trinidad and Tobago
  • 268 – Antigua
  • 664 – Montserrat
  • 876 – Jamaica
  • 284 – British Virgin Islands
  • 758 – St Lucia
  • 869 – St. Kitts & Nevis
  • 345 – Cayman Islands
  • 767 – Dominica

Previous Lesson
Back to Lesson
Next Topic