START FREE NOW CONTACT SALES

Full Video of The Spear Phishing Attack

 

Dating scams are VERY common! After all, you are ready to meet a new stranger. This is like a haven for scammers. You and the scammer are both emotionally ready... In this case, the Fake Kristi is randomly texting with the hope someone will respond. Many people are on tinder, so Kristi knows someone will eventually take the bait. Unfortunately for Scott, he took the bait. Kristi isn't waiting, she immediately starts flirting with Scott.

Kristi took this one to the NEXT level. The pic she sent in the text message is computer-generated, SHE doesn’t exist… so if you try to reverse image search, you won’t find her which makes this scam even more effective.

Next, she moves to start collecting some personal info about Scott. Even though she asked Scott where he is from, in fact, she already knows... Scammers often use breached databases, so when we said at the beginning that it was a random phone number, it wasn't actually that random. In many cases the scammers will also have your social profile, address, and many other details you provided when you registered to different sites online.

 

Fake Kristi is also from Rochester... Kristi just waited for Scott to ask her something. The Scam will be way more effective if Kristi will respond with a phishing link to something Scott asked instead of asking him to click on a random link. If Scott wouldn't have asked “Where about?”, Kristi would have continued the chitchat, she had enough info about Scott to earn his TRUST.


The last part of the scam worked. Scott clicked on the Fake Google Drive link. Look at the "I" in the URL, it’s a Latin “I” and not a standard "I". Also, the google drive link is drive.google and not google.drive. But Scott didn't have a chance, by now he is deep into the scam, he trusts Kristi and he is the one that asked for the "link”.

Once Scott logged into the fake google login page, Kristi stole his credentials. Scott got a notification that his password has changed and it's game over for him. Kristi Won this one!

 

How to Avoid THIS Spear Phishing Attack

1) Don't Automatically trust anyone, even if you think you know them, or they feel trust worthy. Digital identities aren't the same as meeting someone in person.

2) Make sure you have MFA turned on. It’s better to use Authenticator Apps (Such as Google or Microsoft Authenticator) or even a hardware security key instead of Text based authentication.
 
4) Never share security codes with anyone - including automated systems that contact you out of the blue.
 
5) Share less! The more an attacker knows about you the easier it is to hack you.
 
6) Don't reuse passwords. Websites and Apps get breached and if you reused a password attackers will try to use the same password everywhere. 
 
6) Use Wizer Free Security Awareness to train your team

 

 

Gabriel Friedlander
Written by Gabriel Friedlander

I founded get-wizer.com in early 2019 with a mission to make basic security awareness training free for everyone. Since then Wizer has been rapidly growing with over 3000 organization who signed up for our free training. And in 2020 we partnered with several local counties to offer free Citizen Training. We believe that in this day an age, security awareness should be a basic human skill.