…many scams work by panicking victims into taking some unwise action, whether it’s parting with their credit card details or opening a malicious program, claiming that some problem or illegal action is associated with their computer or IP address, such as transmitting malware or visiting paedophile or other pornographic sites…
Here’s a somewhat novel social engineering attack, flagged by John Leyden in The Register: a voicemail phishing scam (vishing, if you must) that threatens victims with heavy fines and even imprisonment as a result of their visiting the Wikileaks site. The attacker leaves a message including a number victims are supposed to ring to sort out the “problem”, and though the calls have a caller ID, it isn’t valid.
Of course, they need not have actually visited the site (and even if they had, it’s not illegal to do so, though it may be unwise if you’re US military (and therefore banned from accessing it) or if you’re using your employer’s resources.
I say “somewhat” novel because although I haven’t come across a scam that makes this particular misuse of the Wikileaks issue. But of course, many scams work by panicking victims into taking some unwise action, whether it’s parting with their credit card details or opening a malicious program, claiming that some problem or illegal action is associated with their computer or IP address, such as transmitting malware or visiting paedophile or other pornographic sites.
So the first take-home message is, don’t panic! In fact, beware of any attempt to rush you into action: and that’s as useful a rule of thumb when offered unsolicited double-glazing deals as it is when contacted by phoney law-enforcement agencies.
David Harley
