Thanks to KnowBe4 – an online internet safety and security training company for this new scam alert. There’s an unusual phishing email making the rounds which revealed a new scam you could soon find in your inbox.
Many online service providers like Microsoft, Google, Facebook, Twitter, and PayPal have adopted a policy to warn users via email when there is a possible security-related event like “unusual sign-in activity”.
Copies of these emails have been used for credential phishing for a few years, but the NEW problem is that these security notifications are now being used by bad guys as an attack vector for a tech support scam.
These new “phishing email” points victims to a 1-800 number where either a scammer picks up, or the victim gets sent to voice mail hell for a while and their number is queued for a fraudulent follow-up call like the one below.
PS: KnowBe4 uses HubSpot to host their website and for marketing automation so that is where this download link points to. It is safe to click, entertaining and instructive:
So, I suggest you send the following alert/information to your employees, friends and family. You’re welcome to freely copy/paste the information below for sharing.
“There is a new scam you need to watch out for. In the last few years, online service providers like Google, Yahoo and Facebook have started to send emails to their users when there was a possible security risk, like a log-on to your account from an unknown computer.
Bad guys have copied these emails in the past, and tried to trick you into logging into a fake website they set up and steal your username and password. Now, however, they send these fake security emails with a 1-800 number that they claim you need to call immediately.
If you do, two things may happen:
1) You get to talk right away with a real internet criminal, usually with a foreign accent, that tries to scam you. They claim there is a problem with your computer, “fix” it, and ask for your credit card.
2) You get sent to voice mail and kept there until you hang up, but your phone number was put in a queue and the bad guys will call you back and try the same scam.
Remember, if you get any emails that either promise something too good to be true, OR look like you need to do something to prevent a negative consequence, Think Before You Click and or this case before you pick up the phone.
If you decide to call any vendor, go to their website and call the number listed there. Never use a phone number from any email you may have received. Here is a real example of such a call. Don’t fall for it!