Five eye-opening text scams (aka smishing) that could fool anyone. These scams are sneaky, the criminals have done their homework before spear phishing their victims.
- How they bypassed Mike's multi-factor authentication in seconds.
- How they hacked an entire 9th grade with this nasty text scam.
- How deep fake was used in this dating scam.
- How Donna's Office365 account was hacked.
How They Bypassed Mike’s Multi-Factor Authentication in Seconds
Mike, a senior executive had 2-factor authentication enabled on his office365 account, so the attacker needed the verification code to take over Mike’s account. So he texted Mike a fake enrollment notification. In this example, the attacker used an Employee Emergency Notification Service, however, it could have been to any other service that the company uses (That’s why we should share less about what apps we are using).
To make it look legit, the attacker gave Mike the option to click YES or NO. It made Mike feel like he was in control and significantly increased the chances that he would continue. For more details about this attack see a step-by-step explanation of how this spear-phishing scam unfolded here.
How They Hacked an Entire 9th Grade With This Nasty Text Scam.
An entire 9th grade was hacked in a direct message chain attack. Basically, what happened was once the attackers hacked one account they used that account to attack the victim's contact list. Here is how it happened. Emma and Mia are friends, so when Emma texted Mia that she is on the 2021 Top Ugly List... you can imagine how Mia felt. Mia didn't know that Emma's account was hacked and it wasn't Emma who was texting her, it was the attacker. For more details about this attack see a step-by-step explanation of how this spear-phishing scam unfolded here.
How Deep Fake Was Used in This Dating Scam
Dating scams are VERY common! After all, you are ready to meet a new stranger. This is like a haven for scammers. You and the scammer are both emotionally ready... In this case, the Fake Kristi is randomly texting with the hope someone will respond. Many people are on tinder, so Kristi knows someone will eventually take the bait. Unfortunately for Scott, he took the bait. Kristi isn't waiting, she immediately starts flirting with Scott. For more details about this attack see a step-by-step explanation of how this spear-phishing scam unfolded here.
How Donna's Office365 Account Was Hacked
They targeted Donna from Marketing. Donna doesn't report to Nick the CFO, so the scammers assumed she doesn't have Nick's phone number in her contact list. Also, they sent the text message over the weekend to make it feel more urgent and probably Donna wouldn't want to talk over the phone on a weekend. For more details about this attack see a step-by-step explanation of how this spear-phishing scam unfolded here.
How Dave's Instagram account was hacked
This one scam could have been out of a movie. Poor Dave, he doesn't know what's coming. It's not uncommon for a friend to send you a message that they changed their phone number. Amy is using this and a bit of flirting to get Dave to click on a link. What's even scarier about this scam is the URL. Can you spot what's wrong with it? At first sight, it looks legit, however, if you take a close look at the second "a" in Instagram, you will find that it's not an "a", it's a Greek Alpha "α"... That is sneaky! Most people would not have spotted this at first sight.
So What's Next?
Awareness is key! Anyone can fall for this type of scam, even the most tech savvy. That is why training is so important. So share this page with your team or signup free to Wizer Security Awareness Training and continually educate your team about current threats and how to avoid them.