Tag: phishing emails

Programming, Security, Tech

Phishing with Love

Quick note: if you’re viewing this via email, come to the site for better viewing. Enjoy!

Erica: I sure hope that the latest script from Z-Daddy behind you.
Sean: What is your obsession with Scriptingthewhy!?
Photo by vjapratama, please support by following @pexel.com

Throughout the history of mankind, there is one emotion that has driven us to do many things. Some of these may be crazy and unconventional, but the result is done with good intentions…sometimes.

It’s the one emotion that no one can seem to live without unless you have no desire for it because you believe you’re cold-hearted, at this point I would cautiously call you a monster and bid you a good day. What is this emotion I’m alluding to?

It’s called love, love is a very interesting and powerfully intoxicating emotion we humans have.  If there is anything to know about love, it’s a good thing. However, if you’re rifling through piles and piles of emails from the weekend only to find one saying “ILOVEYOU” in the subject line followed by a “click here” attachment might not be the love you may want at the current point in time.

Don’t know what I’m talking about? Let me script to you what I mean.

Kim: You don’t even know why I’m mad at you.
Tim: It’s because I didn’t read that script thingy.
Kim: That and you didn’t change the toilet paper roll this morning.
Photo by Katerina Holmes, please support by following @pexel.com

A Lovely Chain Letter

As mentioned earlier, you’re rifling through all of your emails from the weekend, and you find one saying “ILOVEYOU”. While this may seem like someone sent this with the intent to brighten up your day and give you all of those cute, warm fuzzy feelings like reminiscing about grandma’s home cooking, the bad news is it’s not.

This event is referred to as the “Love Bug” or “Love Letter for You”, in other words, you’re getting duped with a computer virus, if you click on the attachment. Just when you thought someone was falling head over heels for you.

That’s a solid question Z-Daddy, I think I was in calculus with my crush Brinda Adams. I wonder if she knows that I exist.
Photo by Pavel Danilyuk, please support by following @pexel.com

Frat Worms in College

Here’s a question for you, can you remember what you were doing in the year 2000? If whatever you were doing doesn’t involve sitting in your room making computer viruses, congrats, you’re a part of the majority. I know there is someone reading this script saying “Actually, I was reverse engineering them because of lack of friends.”

Back in the heyday of the year 2000, on May 4th of that year. A 24-year-old college student from the Philippines, by the name of Onel de Guzman had created this computer virus to steal passwords for internet access because he couldn’t pay for it.

This is very reminiscent of trying to tune to the right frequency on the old-school cable box to get the pre-hub before the now prominent hub, black and orange baby. Page 153 and still can’t find anything, we’re all so broken.

At this junction and for my own sanity, I have to make it known that in some sources ILY is referred to as a virus but overall, it’s a worm. The difference is, viruses tend to come in ones or twos, and they muck up a few files in your computer system whereas worms on the other hand, just need you to open the door, and from there, one can multiply and muck up a whole network. Worms are like the frat boys of the computer world, once in, they like to party.   

YES, I AM LOVED…by a guy? Oh whatever, it’s 2023 I’m not judging, I just need someone to hold me and say it’s going to be all right.
Photo by Andrea Piacquadio, please support by following @pexel.com

Loving Dollar Decline

Here’s a scenario on the ILY process, yes, I know you’re dying to know. So, let’s say you are friends with Tom, and you get a message from Tom saying “ILOVEYOU” in the subject line. You open the email and see there’s an attachment. With you knowing Tom, you open the attachment thinking nothing of it but that’s when having to explain to someone why you ghosted them, and spontaneously pop back up begins.

This triggers an event of messages being re-sent to, not only everyone in your list of contacts but their list as well. Do you see how it wormed its way into your life? This scenario is what happens on small scale but on a larger one, ILY found its way into corporate networks due to Microsoft Outlook being widely used at the time which resulted in files of every type being wiped from the hard drives and in just about 10 business days resulted in 45 million users and cost about $10 billion in damages. That’s $3.5 billion in today’s currency, the power of the good ole American dollar, am I right?

Jake: So, I walked up that computer virus and was like “What’s up”.
Z-Daddy: Jake…you know that’s not help you deal with computer viruses, right?
Jake: Pfft, whatever bro, waited long enough and screen went off. Mission accomplished.
Z-Daddy: That’s…never mind.
Photo by Rusian Alekso, please support by following @pexel.com

Effects and After Effects

Now while this worm had spread its way across many, many, many systems, some of which include the Pentagon, CIA, and U.S. Army, and even ventured to the United Kingdom, this one isn’t much to worry about. A part of it was caught on a server that was quickly turned offline and with no other servers to send information to, there was nowhere for it to spread.

Many large companies had to make the decision to completely turn off their emailing systems. As we all may know, being able to email can convey information and information is money, so you can picture a lot of money was lost throughout this whole endeavor. At this junction you have nothing to worry about, however, this doesn’t mean one can run around clicking on emails with “ILOVEYOU” in the subject title.

Being aware of a potential cyber-attack could make a world of difference when it comes to protecting your computer and your life in general. If you get an email from someone you know and you’re curious about it, check with them on another medium (i.e., text message or phone call) to ensure that it was them that sent the email.

Of course, you should have anti-virus and malware protection on your computer and that it and your operating system is up to date as the older systems have vulnerabilities that are not patched. To touch back onto Guzman, while he has one of the world’s first global computer viruses (worm) under his belt which affected 45 million, charges against him and his buddy were dropped, and he regrets unleashing ILY.

When ILY did its thing and pretty much destroyed email by storm, Guzman was so shaken up that he took a year off from working with computers. He now runs a phone repair shop with his buddy in the Philippines.

She sent I love you and the attachment was her. Thank you, Z-Daddy, for keeping us aware.
Photo by Nataliya Vaitkevich, please support by following @pexel.com

Made it this far and found this to be entertaining? Then a big thanks to you and please show your support by cracking a like, scripting a comment, or plug-in to follow.

Would like to give sincere thanks to current followers and subscribers, your support and actions mean a lot and has a play in the creation of each script.

Do you think there’s something I may have missed about ILOVEYOU? Script a comment below.

Programming, Security, Tech

Fishing Made Fun with Bots!

Consider following on social media!

Quick note: if you’re viewing this via email, come to the site for better viewing. Enjoy!

You know, every time I read one of these scripts, I learn something new.
Photo by Andrea Piacquadio, please support by following @pexel.com

Okay, so the threat isn’t coming from the future to wipe us out as we once thought. Maybe, and by maybe meaning actually, the threat is here with us in the present day. They attack us every day when checking our email or simply picking up the phone because the scam likely function wasn’t working this go around.

The rise of ChatGPT has not only given people that little nerdy kid to complete their essays for them but people are using a bot to trick a bot in order to land job interviews. But again, with good intentions soon follows malicious ones. 

We’re going to be going over what kind of attack this is, who is using it, its functionality and effects upon release and what are some ways you could protect yourself from being on the receiving end of a malicious connection.

I haven’t been living underneath a Volvo, but I guess hiding isn’t doing me any good neither.
Photo by Mizuno K, please support by following @pexel.com

The Attack

Like most of the computing world and people who haven’t been living underneath a VW 1984 Volvo, that’s a little easter egg for all the old faithful readers. If you’re not one, feel ashamed. Again, for the better part of the internet, most people already know what phishing emails are, but in case you’re unfamiliar and have been living underneath that Volvo, worry not, we have you covered on that one.

Phishing is the act of posing as someone or as part of an organization that an individual may or may not know. The whole objective is to get you (the victim) to interact with the provided link and give up your sweet, sweet information. Once this happens, a number of things can happen, however, the main result is you lose money in some form or fashion.

Who is Greg from accounting, and why did he send me a link?
Photo by Andrea Piacquadio, please support by following @pexel.com

Who Could It Be Now

Unfortunately, no individual or group has been named for using ChatGPT for malicious scams but that doesn’t mean we can’t tell you why they’re doing it. Scammers vary in diversity in ethnicity but many of them don’t diversify in skill level and sometimes… in common sense. Yes, scammers will even try to scam cybersecurity professionals, we don’t know why they do it but, it’s a thing.

Scammers typically use social engineering attacks, mainly phishing. Why? Because it’s easy to obtain an email address for a company, however, they have resorted to spicing up these emails by using ChatGPT.

For those who don’t know what ChatGPT is, we’ll tell you. ChatGPT is a chatbot that is trained to offer humanlike responses in dialogue. In a nutshell, you ask it a question and it gives you something it thinks an average person would say.

Enjoy the read so far? Why don’t you consider subscribing so you can keep up to date?

Thomas: I told you we lure in more people with ChatGPT.
Simone: Shut up Thomas and keep entering their credit card information.
Photo by Tima Miroshnichenko, please support by following @pexel.com

That Sinking Feeling

How do scammers use ChatGPT to improve their phishing emails you ask? Well, simple, the same way people are using this little chatbot to beef up their resume to outsmart the resume reviewer bot. The scammers simply input into ChatGPT something professional to say to you, adding a few official logos here and there, and before you know it you have what seems to sound like an official email from someone you may know or that job opportunity you’ve been looking for.

Once you fall victim to the scam a number of things can happen and none of them are good. Interaction with a malicious link or attachment could have your system compromised by downloading or visiting a redirected site for a drive-by download, at this point depending on the programming in the payload, the file could execute with or without your interaction.

This, in turn, leads to a back door being created for data exfiltration—this is the act of collecting all the information on your machine and sending it to a command-and-control server for either personal use or marketing on the darknet, and possibly seizing control of your machine at a later date.

Learn the scam, then you can play ball.
Photo by RDNE Stock project, please support by following @pexel.com

The Prevention

So, what are some ways one could be able to protect oneself in the vast sea of the internet? Well, double-checking with people who send you emails with attachments to verify it was indeed them is one way of helping yourself.

Always carefully read the body of the message to see if you can spot any misspellings or grammatical errors as this will tip you off into saying, “I know Greg from accounting might be a bit special, but he wouldn’t write something like this.”

If you have encountered a phishing email and downloaded something or interacted with their link, changing all passwords on all accounts you own will be your next best course of action as this will quickly hinder the attacker’s progress into mucking up your life.

Pair this action with monitoring your accounts for any suspicious activity and keeping your financial institution’s number on speed dial in case you have to make that call saying, “Um, yeah, that latest activity wasn’t you,” will see you better in the years to come.

ChatGPT may be helping the scammer’s game, but common sense and a little know-how still outperform all.

I never thought protecting my information would be this easy. Thank you Scriptingthewhy. Love you Z-Daddy!
Photo by Andrea Piacquadio, please support by following @pexel.com

Made it this far and found this to be entertaining? Then a big thanks to you and please show your support by cracking a like, sharing this with whomever, scripting a comment, or plug-in to follow.

Would like to give sincere thanks to current followers and subscribers, your support and actions mean a lot and has a play in the creation of each script.

Do you feel like there is something I may have missed on Phishing with ChatGPT? Script a comment below.

Security, Tech

Being able to phish is important, here’s how…

Quick note: if you’re viewing this via email, come to the site for better viewing. Enjoy!

gentleman sitting down with breakfast at a laptop
A mail-order bride doesn’t sound like a bad idea after all.
Photo by Jack Sparrow, please show support by following @pexels.com

So you get an email from someone you don’t know, more likely they’re someone who promises you something that’s usually too good to be true, like in my case a nice comfy job that would pay six figures and all I had to do was work from home.

My start date is still pending. In other cases, it could be presenting you the opportunity to hold money for them because they claim to be a rich prince (or princess) with a lot of money, and they’ll reward you handsomely for completing such a task for them.

If you haven’t gotten any of these emails, you’re the lucky one out of the bunch because other people can attest to having their spam inboxes littered with these emails.

If you have ever been unfortunate enough to complete your interaction with any of these individuals, you’ll be sad to know, you’ve just been phished (and no, it’s not what you think it is).

Don’t know what I mean? Well, you’re in luck because I’ll be going over what, how, who, and more or less how you can be more aware when checking your DMs.

gentleman pointing a handgun
Hi, I’m Sarah69lover…and you’ve just been catfished.
Photo by cottonbro studio, please show support by following @pexel.com

Phishing with Dynamite

Phishing is not what the name states although it parallels and before you ask, no none of this happens with actual fish. Phishing is the act of contacting someone posing as a contact the victim may know or trust to extract money, and information, or to provide them with problematic malware.

Malware could be installed to either gather information without you knowing, wreak havoc on your computer, or simply a combination of the two.

There are a few various forms of phishing, all come with interesting versions of the original name. You have spear-phishing, whaling, smishing, vishing, and email-phishing.

Email phishing is the most common type of attack people fall victim to. In the other attacks, in a nutshell, an attacker is targeting you directly, an attacker is aiming for the most important individual in the company (more like CEO type person), an attacker tries contacting you via text with a link, and the last one is a voice call impersonating someone from a company like Microsoft.

There are two other types of attack which get even more interesting, there’s sextortion which is the attacker contacts you with a threat of revealing a recording from your webcam watching “adult time” material (been on the hub, I know that’s an actual brand, trust me I’m not proud) and search engine phishing (or SEO poisoning) where attackers prop themselves high up on the search engine only for you to click on their link and be redirected to emptying out your pockets or worse, releasing the hounds on your computer by downloading malware.

Criminals have many interesting ways of trying to get your money and that list continues to grow.

man looking with evil intentions
I never intended to rob people, but life insisted I do.
Photo by cottonbro studio, please show support by following @pexel.com

Emailing with Delicious Intent

Who are the people that do this and how could they do this to someone you might ask? Well, for one, it could be anybody, attackers come in all shapes and sizes.

That sweet old lady at the end of the street you live on who gives cookies to children with a smile and everyone in the neighborhood waves to could also be the same prince or princess seeking to pull money from your bank account.

And to the second part of your question, well, really, come on, the economy, might be a controversial thought but people would be less inclined to commit a crime if economic hardship wasn’t a thing.

Many people today are in the “have not” section of society and the cost of living rising each year applies pressure on people to venture into areas they wouldn’t have considered the year before, theft being one of them.

I’m not saying I condone it, but I understand it.

Woman seated in front of laptop
Can’t find me a date on tinder? Looks like it’s phishing time.
Photo by Dan Nelson, please show support by following @pexel.com

Two Times a Fool

You might be thinking to yourself, “who falls for this? I mean just how? Most of the emails I come across are poorly structured and or in bad English.” Well, just because you didn’t fall victim doesn’t mean your adolescent entrepreneur or Gam-gam won’t.

In fact, most victims are either in their 20s or in their mid-late 40s, so that’s either an “I’m still trying to figure it out, oh this link says it can make me rich” or “I’m about to hit a mid-life crisis and my Nigerian princess/wife is still not here.”

People who worked for big-name companies and even some big-name IT companies often become complacent and fall victim to these attacks.

So no matter what the target size is, the effects of phishing are felt around the world.

keyboard keys spelling the word "scam"
If you can read this, click the follow or subscribe button. It’s not a scam likely, promise.
Photo by Mikhail Nilov, please show support by following @pexel.com

Phishing Abroad

At this junction, you’re probably thinking, “I don’t want to fall victim to this, how do I protect myself or is there a career path to learn more so I can protect others?” You’re in luck, protecting yourself from phishing is possible but to quote Run-DMC, “it’s tricky”.

As mentioned earlier, attackers find interesting ways to pull money and information out of you. Some ways you could protect yourself are by double checking the email for grammar, misspelled words, and links that may seem fishy (saw what I did there) an example of this would be the word “google” spelled in the link as “go0g1e”, and finally double checking the person contacting you.

If they’re asking for information that they should have on hand and you’ve had no dealings with them or their company, swipe left because it’s a scam likely. Do you want to protect others?

There are countless entry-level cybersecurity jobs and for most of them, you don’t need a degree. An Information Security Analyst is one of the most common entry-level jobs, in which they are responsible for system and network security analysis.

You can learn the necessary skills on your own through a Bootcamp (which I wouldn’t recommend since they can get pricey) or by grabbing some online courses. I currently hold a certificate for Cybersecurity Analysis provided by IBM via Coursera.

It may be just a certificate that doesn’t hold much weight as a certification but passing the quizzes and projects wasn’t an easy ride.

It’s been over three paychecks and she’s still not here. I don’t know how much more money I can send her.
Photo by Andrea Piacquadio, please show support by following @pexels.com

Made it this far and found this to be entertaining? Then a big thanks to you and please show your support by cracking a like, scripting a comment, or plug-in to follow.

Would like to give sincere thanks to current followers and subscribers, your support and actions mean a lot and has a play in the creation of each script.

Think you have what it takes to enter the world of cyber security?

Script a comment below about a time when you got a suspect looking email.