Scam victims

Razvan C

Hello, we rely a lot on data and numbers to create and research the best technologies for scam prevention, but in real life, one of the most valuable insights comes from real people and their experiences. So, if you have ever been scammed ( almost scammed) or you know someone who is a victim, please share your experiences and any other relevant info. It will help a lot when designing the next generation of consumer products.

Thank you for your attention and participation :)

TaxiMagicien42

Hello,

About 3 weeks ago, one of my acquaintances contacted me completely panicked and told me that her bank account of the Societe Generale (a French bank) was hacked a few hours after she clicked on a fraudulent link from the fake email of the bank (see link below).

https://www.numerama.com/cyberguerre/1400400-attention-a-ce-mail-de-la-societe-generale-cest-une-arnaque.html

Since this person is completely new in the field of "cybersecurity", I moved to his home, to carry out for him, the "first" important steps (change the password of their bank account, enable two-factor authentication, and contact the bank to report the fake email).

Unfortunately, the hacker had already debited the bank account of almost five thousand euros.
I said to my knowledge that she absolutely had to file a complaint with the French authorities, which she did.
In short, it took me about 24 hours to clean up his computer (update Windows and applications; remove malicious browser extensions replacing all passwords; create two secondary emails; Deletion of unused accounts and the completion of a "customized" tutorial on best practices).

I have already mentioned here, and other members have said so, the importance of educating the average user to adopt good practices in the digital world beyond using a reliable security solution. In my entourage, I see that too many people novice in cybersecurity think that the "computer hacker" is only interested in large companies and therefore a security suite is not necessarily useful to them.

Based on this assumption, I always wonder how I could demonstrate to these people that a solution Bitdefender for example, could avoid those big problems without me being one of your "volunteer representatives". By saying this, I don’t mean to offend Bitdefender and its employees.

Regards,

Alexandru_BD

Hi @TaxiMagicien42 and thank you for sharing this unfortunate event with us. Yeah, it's really scary to think of it and I'm sorry to hear this has happened to your acquaintance.

I think the problem is that being safe these days doesn't just boil down to having the best antivirus on your devices, or just the top-notch detection. Learning ways to protect our digital identity and spot scammers is just as important. Because when they can't get past an antivirus, they will employ tricks of deception and make the user do things that will compromise him, and it's crucial to identify them. I can't stress this enough, personal data is worth its weight in gold, but not everyone realises how important is to safeguard it and not everyone is aware of the advanced insidious methods in which scammers can trick people into revealing sensitive information to them.
Like you said, making some people understand that scammers don't just go after big fish, but also hunt people like me or you is a challenge. The reality is that scammers will take anything they can get their hands on.

I think that the main argument when urging people to be vigilant about scams is not necessarily related to a specific product, although dedicated software can protect you, obviously, and represents a solution that gives you peace of mind. It's also about a consensus that scammers are patient individuals and operate with tact because they know that they can get benefits from ordinary people, because the benefits obtained from people they scam add up, that is, I think we must see the big picture here. The compromised data of each individual they manage to trick brings them a profit when sold on the dark web, then the accounts that they brake into also add up, no matter what amounts we are talking about.
Put in perspective, if a scammer manages to trick a million users into transferring 1 dollar to him, he will have a million dollars. Another argument is the fact that in this day and age, large companies have learned how to better protect their assets by employing advanced cybersecurity, and can be more difficult to compromise/deceive, so the efforts of scammers must also be greater. As such, some bad actors channel their malicious actions towards the most vulnerable. So, they leave some baits and wait for ordinary people to fall prey and unfortunately this happens every day in the world.

And here I will even give you a personal example. A long time ago, when I was not being the most cautios person on the Internet, I provided my old personal email address and phone number on a website (I don't remember exactly what it was about, I think it was a relatively new online shopping platform on the market). Shortly afterwards, I received a call from an international number (I think from Cyprus, if I remember correctly) and the person on the other end of the line informed me that I had just entered a lottery for a US visa (a classic scam). Obviously, I realized that something was wrong, especially when I knew that I had not participated in any such lottery and the person calling out of the blue was telling me that it was a unique opportunity and that I had to hurry and pay a fee over the phone, otherwise someone will take my place - the 'sense of urgency' tactic.⚠️

Obviously, I ended the call and blocked that number, then began the detailed work of verifying and securing my accounts as best I could. Of course, a few days later I received a few more calls from unknown numbers, but I guess they stopped calling when they realised that they had no luck with me.
Now, for someone who really believed that he would have won that "lottery", it would have been a disaster. Because the criminals would have obtained not only a "fee" payment, but also the personal details and access to the respective account, taking everything they could.

Now, I've learned a lesson by following my gut and common sense that time, of course. So I didn't became a victim. But maybe others were not so fortunate. What could I have done then to prevent this scam attempt? To check the legitimacy of the website/platform where I was going to place the order, before entering my contact details. And a capable antivirus would have helped as well, as I'm pretty sure it would have blocked that url preventing me from entering any data there. But my PC was unprotected, because I had recently purchased it and had not yet installed an antivirus at that time.

This rule applies even today. Protect your devices and buy products only from sites you trust and if you have any doubts, or you received an "extraordinary" special offer out of the blue that looks too good to be true, always double-check the source and do some extensive research before jumping in the cart.

TaxiMagicien42

Good evening @Alexandru_BD

I broadly share your opinion. Most of my friends and acquaintances do not understand the importance of protecting their mail because it is not a financial data. They have difficulty applying good practices to keep their data safe because they feel it is too complicated and time-consuming to implement.

It’s extremely hard to get them to admit that the hacker is not only interested in big fish and that all the stolen data is selling for a lot of money.

I am a persevering person, and I intend to make them understand the importance of applying good practices to preserve their digital identity.

Regards,

Flanksy

Good Day Everyone,

I would like to share some information regarding scam sites that I have seen during the time when I was away from the community. I would like to point out that I am not pointing fingers to any party but would share where most of the victims I have seen here in my country fall victim to. So in the past months, I have seen alot of goverment aid adds sometimes posts from normal people stating that they have gotten aid on facebook by asking them to click the site and it'll redirect them to another webpage requesting them to sign in with their SSO accounts to access the e wallets in which I assume will allow the attackers to get control of their data and the victim then in a few days realises that their bank accounts have been drained. Unfortunately, over here the victims are those who are retired and those who are not well known about what is going on in the digital world and of course those without an AV

During this time, I also decided to click on one of the link with my AV being active in a sandbox that I have to see what I find and the first red flag I get before clicking on the link is that the link is in http instead of https as well as the add is marked sponsored. All goverment sites involving these kind of aid will be secured and also comes from the goverment official page instead of links and adds on social media to curb phishing.

So I then click on the link, some of it are blocked by my BD Total Security Av and some of the pages take me to the site where it's requests the user to key in phone numbers and sometimes some websites request the users to sign in with their SSO with certain e wallets that is available here in the country. There was even 2 websites which was blocked by my AV where the website tried to download a exe file, in which I have also submitted to BD for analysis. So by taking note of these websites that wasn't blocked, I then sent these to BD lab to report that it is a false negative on these websites. There are still more websites/links/adds like this being posted till today but I am sure that the BD teams are working tirelessly to shield us users from these scams and I hope that this post does help abit to assist them from a users pov who are not well known or have fallen bait to social engineering.

All I would like to advice to the community is that before you do click on any links that you think its too good to be true, always try to call/get to the official hotline of the organization to cross check with them if there is such kind of aids/programs going on before submittting curcial/private information which can cost you a fortune. At the same time as well, it would be better if you are well equipped with an AV so that you have that extra protection should you accidentally click on any phishing/scam links.

Cheers and surf safe everyone😊✌️,

~Flanksy~

Alexandru_BD

https://community.bitdefender.com/en/discussion/comment/342429#Comment_342429

@TaxiMagicien42 essentially, I think we can split the preventive measures in two steps. First, simply get an antivirus because this will really do most of the job. This is not at all complicated or time-consuming to do, just get the product, read the user guide so you know how it works and how to make the best of it, set it and forget it, just let it do the rest. Then the second step would be to learn to spot the red flags, so you don't fall into a trap.

To be one step ahead of scammers, it's important to gather knowledge about how they operate. At the end of the day, it's about taking care of ourselves and the ones we love.

Alexandru_BD

@Flanksy thank you for sharing your findings with us and for reporting the scam sites to Bitdefender Labs. 👍️

Judging by your description of the scams you've encountered, this looks like something known as "government grant scams". These are fraudulent schemes where scammers impersonate government agencies or officials, promising free money or grants in exchange for a fee or personal information. They can come up as ads and websites promising “free money" from the government, but they can also be spreaded in the form of text messages or emails. These scams exploit people's trust in government institutions and often target those in financial need, so like you've said, they prey on the retired and vulnerable. They display attractive titles to lure people into clicking those links and from there it's really going down the rabbit hole.

Common sense tells us that one should never have to pay to receive a government grant. If someone asks for money, it's a scam. If it sounds to good to be true, 99% of the cases it's a scam.

TaxiMagicien42

https://community.bitdefender.com/en/discussion/comment/342449#Comment_342449

Hello,

More specifically, my entourage and my acquaintances believe that it is the "good practices" which are long and tedious to implement. Then, as for their protection software, the real-time protection is voluntarily disabled because according to these people it would slow down the performances of the pc.

Regards

Flanksy

https://community.bitdefender.com/en/discussion/comment/342450#Comment_342450

Hiya @Alexandru_BD, you're right😉and yeap if it sounds to good to be true, 99% of the cases it's a scam.

Best Regards,

Flanksy✌️