{"id":287398,"date":"2019-02-07T11:35:37","date_gmt":"2019-02-07T17:35:37","guid":{"rendered":"http:\/\/itblog.lcisd.net\/?p=287398"},"modified":"2019-02-07T11:35:43","modified_gmt":"2019-02-07T17:35:43","slug":"ouch-newsletter-personalized-scams","status":"publish","type":"post","link":"https:\/\/itblog.lcisd.net\/?p=287398","title":{"rendered":"OUCH! Newsletter: Personalized Scams"},"content":{"rendered":"\n

Overview<\/strong><\/h2>\n\n\n\n
\"Computer<\/a><\/figure><\/div>\n\n\n\n

Cyber criminals continue to come\n up with new and creative ways to fool people. A new type of scam is \ngaining popularity\u2014 personalized scams. Cyber criminals find or purchase\n information about millions of people, then use that information to \npersonalize their attacks. Below we show you how these scams work and \nwalk you through a common example. The more you know about these scams, \nthe easier it is for you to spot and stop them.<\/p>\n\n\n\n

How Does it Work?<\/h3>\n\n\n\n

Email or phone call scams are not new, cyber criminals have been \nattempting to fool people for years. Examples include the \u201cYou Won the \nLottery\u201d or the infamous Nigerian Prince scams. However, in these \ntraditional scams cyber criminals do not know whom they are targeting. \nThey simply create a generic message and send it out to millions of \npeople. Because these scams are so generic, they are usually easy to \nspot. A personalized scam is different; the cyber criminals do research \nfirst and create a customized message for each intended victim. They do \nthis by finding or purchasing a database of people\u2019s names, passwords, \nphone numbers, or other details. This type of information is easily \navailable due to all the websites that have been hacked. It is also \ncommonly available on social media sites and in publicly available \ngovernment records. The criminals then target everyone they have \ninformation on.<\/p>\n\n\n\n

One common trick cyber criminals use is fear or extortion to force \nyou into paying them money. The attack works like this. They find or \npurchase information on people\u2019s logins and passwords obtained from \nhacked websites. They find your account information included in such a \ndatabase and send you (and everyone else in the database) an email with \nsome personal details about you, including the original password you \nused on the hacked website. The criminal refers to your password as \n\u201cproof\u201d of having hacked your own computer or device, which is of course\n not true. The criminal then claims that while they hacked your computer\n they also caught you viewing pornography online. The email then \nthreatens that if you do not pay their extortion fee, they will share \nwith your family and friends evidence of embarrassing online activities.<\/p>\n\n\n\n

The catch is, in almost every situation like this the cyber criminal \nnever hacked your system. They don\u2019t even know who you are or which \nwebsites you\u2019ve visited. The scammer is simply attempting to use the few\n personal details they have about you to scare you into believing they \nhacked your computer or device, and to trick you into paying them money.\n Remember, bad guys can use the same techniques for a phone call scam \nalso.<\/p>\n\n\n\n

What Should I Do?<\/h3>\n\n\n\n

Recognize that emails or phone calls like these are a scam. It\u2019s \nnatural to feel scared when someone has personal information about you. \nHowever, remember the sender is lying. The attack is a part of an \nautomated mass-scale campaign, not an attempt to directly target you. It\n is becoming much easier for cyber criminals today to find or purchase \npersonal information, so expect more personalized scams like these in \nthe future. Some clues to look for:<\/p>\n\n\n\n