Copyright infringement scammers have begun using phone calls to contact potential victims, according to Paul Ducklin at Naked Security.
These scammers typically send emails or message users on social media sites informing users that something they’ve posted is violating a copyright. The scammers tell the user that their account may be deactivated unless they take action by clicking on a link that leads to a phishing page. Naked Security recently observed one of these emails that contained a phone number rather than a link, enabling the email to more easily bypass security filters.
Ducklin offers the following recommendations for users.
- “Learn in advance how your online services handle disputes or security issues. Don’t get taken in by warnings you receive by email. Find your own way to the real site and use the service’s own help pages to find out how the service will contact you, and the correct procedure to follow if they do. Forewarned is forearmed.
- “Never make contact via emailed links or phone numbers. If you need to login to a site such as Instagram for some official purpose, find your own way there, for example via a bookmark you created earlier, or by using the official mobile app. That way, you’ll avoid putting your real password into the wrong site. If you need to call your bank, or any other company you do business with, look up the phone number on previous correspondence that you know came from that company. Links, email addresses and phone numbers in text messages or emails could have come from anyone, and probably did.
- “Never give away information or change account settings because you’re told to. Once you have called a scammer’s phone number, they may ‘helpfully’ guide you towards installing software, changing settings or reading out private details as a prerequisite to ‘assisting’ you. Don’t do it. Find someone you already know and trust instead (e.g. a member of your own IT team from work, or a trusted friend in your own circle) and ask them directly.”
New-school security awareness training can enable your employees to recognize social engineering attacks.
Naked Security has the story.