Our Favorite Tech Trickery from 2021
On this last business day of 2021, you’ve by now probably had your fill of ‘best of’ lists, but please consider our own list of ‘favorite’ tech scams we’ve encountered in the past year. The sad truth is that human beings have tried to trick one another into doing things against their best interests from the dawn of time. This trickery in itself is obviously nothing new, but technology has enabled the tactics and methods to evolve greatly over the years. I mean, would your great grandparents ever think that something called ‘spear phishing’ would ever exist? Here are a few of our favorites tech scams that we encountered in 2021:
- Jessica Alba wants to talk to me? If you thought this past year that a lot of famous people seemed to be taking an interest in you, it wasn’t because of that 2020 bread-baking video you posted. In an attempt to garner more email opens, email marketeers (and scammers) are sending an increasing volume of messages appearing to be “from” trending movie and music stars. Human nature: if you recognize the from name, even if you don’t know from where exactly, you are more likely to open the message or at least pause and think about it. This trick isn’t necessarily new, but it saw a big uptick in 2021. I alone got emails from Ben Affleck, Ana de Armas, Billy [sic] Eilish and, yes, Jessica Alba. Sadly, none of them invited me to go with them to any awards ceremonies.
- My CEO is emailing me on a Sunday. It must be important! In a similar type of phishing scheme—this could be considered more spear-phishing, scammers are using LinkedIn recruiter tools to easily find out names of company executives and company hierarchy; and sending bogus emails posing on their behalf; especially on weekends when inboxes are generally less taxed. But the new wrinkle here is that this tactic is no longer the domain of straight scammers—salespeople seem to be doing it too. I’ve gotten a lot of pitches for lead lists and design consultants from people whose names are only a letter off from some of my colleagues; and that’s no coincidence.
- My Username and Password? Sure, it’s… Cybercriminals have found a simple yet elegant new way to circumvent P2P (person-to-person) payment site security and multifactor authentication. The scam starts with a text message about a suspicious bank transfer that never really happened. Any response to the text elicits a phone call from a scammer pretending to be from the financial institution’s fraud department. To “verify the identity” of the customer, the fraudster asks for their online banking username, and then tells the customer to read back a passcode sent via text or email. In the background, the fraudster has initiated the “forgot password” feature on the financial institution’s site, which is what generates the authentication passcode delivered to the member. You don’t want to know what happens next.
Have a favorite scam attempt you remember from this past year? Please let us know, and we may highlight it in a future Tech Essentials article. Also, for our newer readers, we ran a series this past year on ransomware attacks that may be of interest:
Feel free to contact us to discuss how RMail and RSign are made specifically to thwart even the cleverest cyber scams.
Here’s hoping you have a great New Year and an even better 2022.