bad actor – Scriptingthewhy.com

Quick note: if you’re viewing this via email, come to the site for better viewing. Enjoy!

gentleman sitting down with breakfast at a laptop — A mail-order bride doesn’t sound like a bad idea after all.
Photo by Jack Sparrow, please show support by following @pexels.com

So you get an email from someone you don’t know, more likely they’re someone who promises you something that’s usually too good to be true, like in my case a nice comfy job that would pay six figures and all I had to do was work from home.

My start date is still pending. In other cases, it could be presenting you the opportunity to hold money for them because they claim to be a rich prince (or princess) with a lot of money, and they’ll reward you handsomely for completing such a task for them.

If you haven’t gotten any of these emails, you’re the lucky one out of the bunch because other people can attest to having their spam inboxes littered with these emails.

If you have ever been unfortunate enough to complete your interaction with any of these individuals, you’ll be sad to know, you’ve just been phished (and no, it’s not what you think it is).

Don’t know what I mean? Well, you’re in luck because I’ll be going over what, how, who, and more or less how you can be more aware when checking your DMs.

gentleman pointing a handgun — Hi, I’m Sarah69lover…and you’ve just been catfished.
Photo by cottonbro studio, please show support by following @pexel.com

Phishing with Dynamite

Phishing is not what the name states although it parallels and before you ask, no none of this happens with actual fish. Phishing is the act of contacting someone posing as a contact the victim may know or trust to extract money, and information, or to provide them with problematic malware.

Malware could be installed to either gather information without you knowing, wreak havoc on your computer, or simply a combination of the two.

There are a few various forms of phishing, all come with interesting versions of the original name. You have spear-phishing, whaling, smishing, vishing, and email-phishing.

Email phishing is the most common type of attack people fall victim to. In the other attacks, in a nutshell, an attacker is targeting you directly, an attacker is aiming for the most important individual in the company (more like CEO type person), an attacker tries contacting you via text with a link, and the last one is a voice call impersonating someone from a company like Microsoft.

There are two other types of attack which get even more interesting, there’s sextortion which is the attacker contacts you with a threat of revealing a recording from your webcam watching “adult time” material (been on the hub, I know that’s an actual brand, trust me I’m not proud) and search engine phishing (or SEO poisoning) where attackers prop themselves high up on the search engine only for you to click on their link and be redirected to emptying out your pockets or worse, releasing the hounds on your computer by downloading malware.

Criminals have many interesting ways of trying to get your money and that list continues to grow.

man looking with evil intentions — I never intended to rob people, but life insisted I do.
Photo by cottonbro studio, please show support by following @pexel.com

Emailing with Delicious Intent

Who are the people that do this and how could they do this to someone you might ask? Well, for one, it could be anybody, attackers come in all shapes and sizes.

That sweet old lady at the end of the street you live on who gives cookies to children with a smile and everyone in the neighborhood waves to could also be the same prince or princess seeking to pull money from your bank account.

And to the second part of your question, well, really, come on, the economy, might be a controversial thought but people would be less inclined to commit a crime if economic hardship wasn’t a thing.

Many people today are in the “have not” section of society and the cost of living rising each year applies pressure on people to venture into areas they wouldn’t have considered the year before, theft being one of them.

I’m not saying I condone it, but I understand it.

Woman seated in front of laptop — Can’t find me a date on tinder? Looks like it’s phishing time.
Photo by Dan Nelson, please show support by following @pexel.com

Two Times a Fool

You might be thinking to yourself, “who falls for this? I mean just how? Most of the emails I come across are poorly structured and or in bad English.” Well, just because you didn’t fall victim doesn’t mean your adolescent entrepreneur or Gam-gam won’t.

In fact, most victims are either in their 20s or in their mid-late 40s, so that’s either an “I’m still trying to figure it out, oh this link says it can make me rich” or “I’m about to hit a mid-life crisis and my Nigerian princess/wife is still not here.”

People who worked for big-name companies and even some big-name IT companies often become complacent and fall victim to these attacks.

So no matter what the target size is, the effects of phishing are felt around the world.

keyboard keys spelling the word "scam" — If you can read this, click the follow or subscribe button. It’s not a scam likely, promise.
Photo by Mikhail Nilov, please show support by following @pexel.com

Phishing Abroad

At this junction, you’re probably thinking, “I don’t want to fall victim to this, how do I protect myself or is there a career path to learn more so I can protect others?” You’re in luck, protecting yourself from phishing is possible but to quote Run-DMC, “it’s tricky”.

As mentioned earlier, attackers find interesting ways to pull money and information out of you. Some ways you could protect yourself are by double checking the email for grammar, misspelled words, and links that may seem fishy (saw what I did there) an example of this would be the word “google” spelled in the link as “go0g1e”, and finally double checking the person contacting you.

If they’re asking for information that they should have on hand and you’ve had no dealings with them or their company, swipe left because it’s a scam likely. Do you want to protect others?

There are countless entry-level cybersecurity jobs and for most of them, you don’t need a degree. An Information Security Analyst is one of the most common entry-level jobs, in which they are responsible for system and network security analysis.

You can learn the necessary skills on your own through a Bootcamp (which I wouldn’t recommend since they can get pricey) or by grabbing some online courses. I currently hold a certificate for Cybersecurity Analysis provided by IBM via Coursera.

It may be just a certificate that doesn’t hold much weight as a certification but passing the quizzes and projects wasn’t an easy ride.

It’s been over three paychecks and she’s still not here. I don’t know how much more money I can send her.
Photo by Andrea Piacquadio, please show support by following @pexels.com

Made it this far and found this to be entertaining? Then a big thanks to you and please show your support by cracking a like, scripting a comment, or plug-in to follow.

Would like to give sincere thanks to current followers and subscribers, your support and actions mean a lot and has a play in the creation of each script.

Think you have what it takes to enter the world of cyber security?

Script a comment below about a time when you got a suspect looking email.

Quick note: if you’re viewing this via email, come to the site for better viewing. Enjoy!

point of view of road with mountains in the distance — Either see how far you’ve come or how far you have to go.
Photo by Matt Hardy, please support by following @pexel.com

Beginning to an End

It has been a rough ride trying to look for a job in Information Technology (IT). All I want is to change careers and improve my quality of living. Is that too much to ask? Pouring countless hours into Bootcamps, completing online courses, and doing code-along projects.

Fixing up my resume to suit resume screening needs. At this point, things have been pretty interesting, to say the least. After months of facing countless piles of rejection, something came through finally.

I finally got my big break, and this was going to be my meal ticket into the big wide world of IT, and with studying areas such as cloud computing, Python programming, and machine learning, it was clear I was on my way to the big leagues. Someone reached out to me and offered me an interview.

My thoughts were, I finally made it past the computer screening. Someone looked at my resume and envisioned the potential.

light at the end of the tunnel — Not all lights at the end of the tunnel are created equal.
Photo by Xi Xi, please support by following @pexel.com

Moth Set Ablaze

This company wasn’t to the likes of Microsoft, but it wasn’t too small either. I was determined to make this work, even if I stumbled, I was going to give it my all. Like Vin Diesel, I was doing this for “family”.

They gave me a bit of information about their company such as whom they were backed by and what role they are recruiting for. Day came to interview… which was an email by the way. Googled it (it’s a thing) but didn’t think too much of it.

The interviewer was late for the time we agreed to (didn’t think too much of that either), readily filling out this questionnaire. Some questions were easy, others had me trying to figure out how to word my responses.

Whatever the case may be, this was my light at the end of the tunnel, and I wasn’t going to let this slip by since I worked so hard to get here. Tried not to be too in my head. It’s not like I was sitting across from them where I could judge how the question is being asked.

Man in brown jacket sitting on couch thinking. — Despite the opposition, by determination I will make it.
Photo by Andrea Piacquadio, please support by following @pexel.com

Promise with a Dash of Doubt

After filling out the questionnaire and sending it back. I anticipated,” thank you for your interest, despite the fact we are desperately hiring, we decided to go with other candidates”.

However, to my surprise, I received an email the next afternoon congratulating me on the interview and that the board wanted to move forward with my application and grant me the position of application engineer.

I was informed to keep an eye on my email because I would be receiving an offer letter for employment from human resources (HR) to fill out to start my hiring process. My dreams were coming true, and I could finally and wholeheartedly say I was a part of the oh-so-coveted IT world. I could see greatness on the horizon.

businessman giving a contract to someone to sign — This offer may seem good now but give it time.
Photo by Andrea Piacquaido, please support by following @pexel.com

Beware of The Hand That Feeds You

Later that night, something wasn’t sitting right. I kept reviewing the email that was sent which included that I was going to receive a check via paycheck or electronic deposit that was going to use for purchasing my soon-to-be home office equipment.

This had me promptly questioning with a; “Say what now?” But I quickly dismissed it with an “oh well, I need a job, and if this is going to be my foot in the door. I’ll take it”.

But something still didn’t sit right. I couldn’t just be given a job this quick, and it is a six-figure salary. After scanning the questionnaire several times and viewing there was a street address. I decided to go and see if my having the job was real.

I tracked all my way to this lovely building (which held Microsoft by the way), walked in, knocked on the door, and was greeted by an older fellow who had an AirPod in his ear. I explained my situation and asked if there were any hiring managers around, I could talk to, but before I could get the words out, he replied “It’s a scam, I’m sorry”. My suspicions were correct, how nice.

businessman on smartphone smiling. — When they’re trying to scam you, but they don’t know who they’re dealing with.
Photo by Andrea Piacquadio, please support by following @pexel.com

Turning Tables

Instead of feeling sorry for myself, I decided to make the best of my situation. I waited for my offer letter to be sent to me, which I received right as I was being informed this was a scam. I took to LinkedIn to see If I could connect with these people.

However, turn out to be a dead end. The names did not match the faces. I decided to have some fun to offer up some good spirit and email them a proactive email. I sent the one (the interviewer) an email telling them how happy and hopeful I was to get this position and how I couldn’t wait to start working.

That I wanted to know more about him and how well he was connected to the company and the board. Also, I needed the requisition id number since I needed a list of my duties of what was going to be expected of me. And to the other (HR) email informing them that I would not be needing money for the office equipment since I already have the items.

It has been a while now, so I presume they cut their losses.

amazed man looking at laptop screen. — This guy must know his stuff, he asked for the requisition id number.
Photo by Andrea Piacquadio, please support by following @pexel.com

Look Out!

When dealing with a situation like this there is a two-prong attack.

The Interviewer (attacker one)

-Will reach out for a role, you may or may have not applied to. This person will engage and offer an email interview or interview in some form of messaging service.

The hiring manager or human resources manager (attacker two)

-Will send the offer letter and request to purchase office equipment or mini-office equipment.

List of office or mini-office items

MacBook
Dual Monitors
External hard drive/backup system
Laptop Stand
A high-quality webcam
Comfortable desk chair
Hp LaserJet Pro M15w Printer
Computer Hardware and Software
High-Speed Internet Access
Stress Ball