PHISHING and other SHINGs

The email is sent from a public domain such as gmail.com (i.e., paypal_bill_johnson@gmail.com) or from a domain having a name similar to a valid one (i.e., helpdesk@goog1le.com). I bet not many will notice that the letter L in google is actually number 1).

The email requests sensitive information. No company will send an email asking for your password or social security number, nor will they send you a login link.

The email has terrible grammar.  Since AI services can now be used to write emails, the number of phishing emails with bad grammar is declining.

The email has a suspicious attachment. 

The message has made you panic.  It will state that your computer or bank account has been compromised and ask you to respond or perform actions immediately.

The email appears to come from a government agency.  The government will never do that. Scammers send messages claiming to be the IRS demanding immediate payment or claiming to be the FBI demanding your personal information.

AI-Based Vishing. AI software exists that can mimic a person’s voice, fooling employees into thinking that they are speaking to their supervisor or manager.

Robocall. A prerecorded message dials every number in the area code asking for victim’s names and other information. Thankfully that kind of vishing is becoming less common since most people are now familiar with robocall and just hangup.

Tech Support Call. Scammers might pretend that your computer needs an update or repair and ask for your password.  Or you might get a message that there has been a car recall, and you must provide information for a company to issue repair instructions.

Caller ID Spoofing. Your phone might show a legitimate caller ID, for example from the police department, tax agency or client. Those attacks are harder to spot.

Financial Alerts. Text message pretending to be a bank claiming that there has been suspicious activity. In which you are asked to click on a link to change your password.

Package delivery notification. A fake message claiming that package could not be delivered asking the recipient to click on a link to track the package.

Tax Alert. Messages from the IRS or other government agencies asking to click on a link to resolve the situation, which often includes a request for immediate payment.

Charity Scams. Smishers claim to be from a charity or non-profit organization, asking victims for a donation and providing a link allowing them to contribute.

Restaurant menu. A number of restaurants instead of printing menus provide you with QR image to view menu on your cell phone. It is very easy for hackers to replace valid QR stickers with fraudulent ones that take the person to a malicious site when scanned.

Postal Quishing. There are numerous instances of postal emails impersonating FedEx, UPS, and/or DHL with fraudulent QR images for you to scan to follow the delivery of your package.

Impersonation Emails. Those coming supposedly from Crypto Wallet, DocuSign, File Sharing, and number of other services.