The story of one text-based scam shows how easy it is for literally anyone to become a cybercriminal. It also shows how the amateurs should leave it to the professionals.
In 2015, scammer Losif Florea, sent approximately 500,000 test messages to mobile phones of Alabama residents, asking them to verify their banking information (authorities believe he got the phone numbers from a marketing company). Of that half-million, 50 people did click the link and provided Florea with account numbers, names, and ZIP codes, along with their associated debit card numbers, security codes, and PINs. Florea created fake debit cards within hours and stole a total of $18,000 over a period of months. He was sentenced in February of this year to server nearly 3 years in prison.
While a relatively small scam in the larger scheme of cyberattacks, this attack demonstrates that by having access to large numbers of potential victims and a reasonably decent-looking spoofed website, anyone can engage in cybercriminal activity. He was caught because his plan of how to use the credit card information was pretty simplistic and helped to identify him. More sophisticated scammers find ways (such as using money mules) to help limit their exposure and, yet, ensure they receive a payoff.
This simple scam also shows how, by exposing large numbers of potential victims to a scam, there is nearly always a payoff for the scammer. Users within organizations are no exception and need to be educated via Security Awareness Training to not fall for this or any other type of phishing or social engineering scam.
Florea represents the newbie scammer that got caught.The cybercriminals targeting organizations like yours are much more experienced, much smarter, and are much more successful at their craft. Make sure your users are prepared; if they can fall for a novice scam like Florea’s, they will fall for one that’s far better executed by professional cybercriminals.