Go Back

next level dating scam - spear phishing and DEEP FAKE

#Common Scams #Family #Teens

Full Video of The Spear Phishing Attack

 

Dating scams are VERY common! After all, you are ready to meet a new stranger. This is like a haven for scammers. You and the scammer are both emotionally ready... In this case, the Fake Kristi is randomly texting with the hope someone will respond. Many people are on tinder, so Kristi knows someone will eventually take the bait. Unfortunately for Scott, he took the bait. Kristi isn't waiting, she immediately starts flirting with Scott.

Kristi took this one to the NEXT level. The pic she sent in the text message is computer-generated, SHE doesn’t exist… so if you try to reverse image search, you won’t find her which makes this scam even more effective.

Next, she moves to start collecting some personal info about Scott. Even though she asked Scott where he is from, in fact, she already knows... Scammers often use breached databases, so when we said at the beginning that it was a random phone number, it wasn't actually that random. In many cases the scammers will also have your social profile, address, and many other details you provided when you registered to different sites online.

 

Fake Kristi is also from Rochester... Kristi just waited for Scott to ask her something. The Scam will be way more effective if Kristi will respond with a phishing link to something Scott asked instead of asking him to click on a random link. If Scott wouldn't have asked “Where about?”, Kristi would have continued the chitchat, she had enough info about Scott to earn his TRUST.


The last part of the scam worked. Scott clicked on the Fake Google Drive link. Look at the "I" in the URL, it’s a Latin “I” and not a standard "I". Also, the google drive link is drive.google and not google.drive. But Scott didn't have a chance, by now he is deep into the scam, he trusts Kristi and he is the one that asked for the "link”.

Once Scott logged into the fake google login page, Kristi stole his credentials. Scott got a notification that his password has changed and it's game over for him. Kristi Won this one!

 

How to Avoid THIS Spear Phishing Attack

1) Don't Automatically trust anyone, even if you think you know them, or they feel trust worthy. Digital identities aren't the same as meeting someone in person.

2) Make sure you have MFA turned on. It’s better to use Authenticator Apps (Such as Google or Microsoft Authenticator) or even a hardware security key instead of Text based authentication.
 
4) Never share security codes with anyone - including automated systems that contact you out of the blue.
 
5) Share less! The more an attacker knows about you the easier it is to hack you.
 
6) Don't reuse passwords. Websites and Apps get breached and if you reused a password attackers will try to use the same password everywhere. 
 
7) Use Wizer Free Security Awareness to train your team

 

 
Gabriel Friedlander

Gabriel Friedlander

Gabriel Friedlander is the Founder & CEO of Wizer, whose mission is to make basic security awareness a basic life skill for everyone. Wizer has been rapidly growing since being founded in 2019, and now serves 20K+ organizations across 50 countries. Before founding Wizer, Gabriel was the co-founder of ObserveIT (acquired by Proofpoint). With over a decade of experience studying human behavior, he is a prolific content creator on social media, focusing on online safety to elevate public understanding of digital risks. His engaging 1-minute videos have captured the attention of millions worldwide, going viral for their impactful messages.

Follow me on LinkedIn