Tag: phishing emails

AI, Cloud Talk, Programming, Security, Tech

Social Pain Points

Consider following on social media!

Quick note: if you’re viewing this via email, come to the site for better viewing. Enjoy!

Monk 1: I have been reading on this site called “Scriptingthewhy,” they seem on the level.
Monk 2: How!? We don’t have internet in the temple.
Monk 1: Oh yes we do, I’ve seen your browser history.
Photo by Nishant Aneja, please support by following @pexel.com

Since the dawn of time, the one thing humans enjoy doing is communicating with one another. Just try to think of a day when you didn’t have a social interaction with someone. You can’t, but if you can then you may be something more to worry about than a serial killer.

Serial killers may do not-so-great things to people but at least they socialize. Anyhow moving along, we’re social creatures, it’s how we’re built, how we live together in not-so-perfect harmony, and it’s how we exploit each other. How?

Well, if you’re using these two apps on your phone or computer, you should watch out for some sneaky stuff going on while you’re logged in. In this we’re going to be looking at what kind of attack this is, who is using it, its effects upon release, and what are some ways to communicate with your fellowman securely.

Trish: I feel like I fell in love with a scammer.
Dave: Hm, that’s funny because you catfished me Cougarlove6tothe9 at yahoo.
Photo by Polina Zimmerman, please support by following @pexel.com

The Attack

If you are familiar with the following two applications, Slacker and Discord, then you might want to monitor for some activity in the days to come and if you don’t use these applications then still monitor anyway as this is one of the security best practices.

The Slacker application is a software tool that allows users to communicate and collaborate with each other in real-time. It can be used for various purposes, such as project management, team chat, file sharing, video conferencing, and more.

The Slacker application aims to improve productivity, efficiency, and creativity among its users. Slacker can also be a land of confusion because another trait of most humans working jobs they’re not too thrilled about is disorganization. Discord application is another popular platform for online communication and collaboration.

Discord allows users to create and join servers, channels, and voice chats, where they can share text, images, audio, and video. Discord also supports bots, which can provide various functions and features to enhance the user experience.

Discord is widely used by gamers, streamers, educators, and communities of various interests and topics. However, while these applications offer good, cybercriminals use them to distribute malicious links that appear to be legitimate or to embed Discord functionality into their malware to control or steal data from infected devices.

Cougarlove6tothe9 just joined your Slacker and Discord? Who the heck is this?
Photo by Andrea Piacquadio, please support by following @pexel.com

Who Can It Be Now

Are you wondering who has been using this kind of attack? Well, when it comes to attacks like this, most of the time no one individual or group has been appointed for using phishing attacks.

The reason for this is that the perpetrators of phishing attacks are often unknown and untraceable, as they use various techniques to hide their identity and location.

Phishing attacks are not attributed to any specific person or group, as they can be carried out by anyone with malicious intent and some technical skills. Therefore, there is no definitive answer to the question of who is behind phishing attacks, as they can originate from anywhere and anyone.

Enjoy the read so far? Why don’t you consider subscribing so you can keep up to date?

Sarah: Z-Daddy is saying that anyone of us could be the hacker.
Beth: Just blame it on Tom, he’s the one in front of the computer. They’re going to let him go in a week anyway.
Photo by Edmond Dantes, please support by following @pexel.com

That Sinking Feeling

So how would something like this work? For those who never had those interesting emails saying you won some type of giveaway, or your prince or princess is waiting for you, we’ll explain.

In a phishing campaign, the email or message is sent with the intent to trick the victim into interacting with the malicious link. Once the link is clicked and depending on the payload code, a number of things can happen.

This ranges from creating a backdoor to stealing information from the machine, the attacker coming, and going as pleased without the victim knowing, and/or impersonating you completely.

These attacks can target individuals, organizations, or even governments. Discord has become a handy mechanism for cybercriminals. With growing frequency, they’re being used to serve up malware to victims in the form of a link that looks trustworthy.

In other cases, hackers have integrated Discord into their malware to remotely control their code running on infected machines, and even to steal data from victims. This leads to a real “How could you!?” moment.

Nope, not falling for this again. Cougarlove6tothe9 I’m changing all my passwords, and you are blocked from contacting me.
Photo by Karolina Grabowska, please support by following @pexel.com

The Prevention

There is nothing wrong with the applications themselves however, when interacting with individuals online it is better to be on guard as phishing attacks can take many forms, such as fake emails, websites, phone calls, or text messages that appear to come from legitimate sources.

To prevent phishing attacks, users should be careful and vigilant when interacting with any online communication that asks for sensitive information. Some tips to prevent phishing attacks are, do not click on links or open attachments from unknown or suspicious senders.

Verify the identity and authenticity of the sender before responding to any request for information. Use strong and unique passwords for different accounts and change them regularly.

Enable two-factor authentication whenever possible to add an extra layer of security. Install and update antivirus software and firewall on your devices. Report any suspicious or fraudulent activity to the appropriate authorities or organizations. But for a better and more solid outcome, just do not engage the email or message.

So, this is why you guys Scriptingthewhy so much? Ok, we’ll add it to our standup meetings.
Photo by Jopwell, please support by following @pexel.com

Made it this far and found this to be entertaining? Then a big thanks to you and please show your support by cracking a like, sharing this with whomever, scripting a comment, or plug-in to follow.

Would like to give sincere thanks to current followers and subscribers, your support and actions mean a lot and has a play in the creation of each script.

Do you feel like there is something I may have missed on phishing? Script a comment below.

AI, Cloud Talk, Programming, Security, Tech

I got scammed, here’s how.

Quick note: if you’re viewing this via email, come to the site for better viewing. Enjoy!

point of view of road with mountains in the distance
Either see how far you’ve come or how far you have to go.
Photo by Matt Hardy, please support by following @pexel.com

Beginning to an End

It has been a rough ride trying to look for a job in Information Technology (IT). All I want is to change careers and improve my quality of living. Is that too much to ask? Pouring countless hours into Bootcamps, completing online courses, and doing code-along projects.

Fixing up my resume to suit resume screening needs. At this point, things have been pretty interesting, to say the least. After months of facing countless piles of rejection, something came through finally.

I finally got my big break, and this was going to be my meal ticket into the big wide world of IT, and with studying areas such as cloud computing, Python programming, and machine learning, it was clear I was on my way to the big leagues. Someone reached out to me and offered me an interview.

My thoughts were, I finally made it past the computer screening. Someone looked at my resume and envisioned the potential.

light at the end of the tunnel
Not all lights at the end of the tunnel are created equal.
Photo by Xi Xi, please support by following @pexel.com

Moth Set Ablaze

This company wasn’t to the likes of Microsoft, but it wasn’t too small either. I was determined to make this work, even if I stumbled, I was going to give it my all. Like Vin Diesel, I was doing this for “family”.

They gave me a bit of information about their company such as whom they were backed by and what role they are recruiting for. Day came to interview… which was an email by the way. Googled it (it’s a thing) but didn’t think too much of it.

The interviewer was late for the time we agreed to (didn’t think too much of that either), readily filling out this questionnaire. Some questions were easy, others had me trying to figure out how to word my responses.

Whatever the case may be, this was my light at the end of the tunnel, and I wasn’t going to let this slip by since I worked so hard to get here. Tried not to be too in my head. It’s not like I was sitting across from them where I could judge how the question is being asked.

Man in brown jacket sitting on couch thinking.
Despite the opposition, by determination I will make it.
Photo by Andrea Piacquadio, please support by following @pexel.com

Promise with a Dash of Doubt

After filling out the questionnaire and sending it back. I anticipated,” thank you for your interest, despite the fact we are desperately hiring, we decided to go with other candidates”.

However, to my surprise, I received an email the next afternoon congratulating me on the interview and that the board wanted to move forward with my application and grant me the position of application engineer.

I was informed to keep an eye on my email because I would be receiving an offer letter for employment from human resources (HR) to fill out to start my hiring process.  My dreams were coming true, and I could finally and wholeheartedly say I was a part of the oh-so-coveted IT world. I could see greatness on the horizon.

businessman giving a contract to someone to sign
This offer may seem good now but give it time.
Photo by Andrea Piacquaido, please support by following @pexel.com

Beware of The Hand That Feeds You

Later that night, something wasn’t sitting right. I kept reviewing the email that was sent which included that I was going to receive a check via paycheck or electronic deposit that was going to use for purchasing my soon-to-be home office equipment.

This had me promptly questioning with a; “Say what now?” But I quickly dismissed it with an “oh well, I need a job, and if this is going to be my foot in the door. I’ll take it”.

But something still didn’t sit right. I couldn’t just be given a job this quick, and it is a six-figure salary. After scanning the questionnaire several times and viewing there was a street address. I decided to go and see if my having the job was real.

I tracked all my way to this lovely building (which held Microsoft by the way), walked in, knocked on the door, and was greeted by an older fellow who had an AirPod in his ear. I explained my situation and asked if there were any hiring managers around, I could talk to, but before I could get the words out, he replied “It’s a scam, I’m sorry”. My suspicions were correct, how nice.

businessman on smartphone smiling.
When they’re trying to scam you, but they don’t know who they’re dealing with.
Photo by Andrea Piacquadio, please support by following @pexel.com

Turning Tables

Instead of feeling sorry for myself, I decided to make the best of my situation. I waited for my offer letter to be sent to me, which I received right as I was being informed this was a scam. I took to LinkedIn to see If I could connect with these people.

However, turn out to be a dead end. The names did not match the faces. I decided to have some fun to offer up some good spirit and email them a proactive email. I sent the one (the interviewer) an email telling them how happy and hopeful I was to get this position and how I couldn’t wait to start working.

That I wanted to know more about him and how well he was connected to the company and the board. Also, I needed the requisition id number since I needed a list of my duties of what was going to be expected of me. And to the other (HR) email informing them that I would not be needing money for the office equipment since I already have the items.

It has been a while now, so I presume they cut their losses.

amazed man looking at laptop screen.
This guy must know his stuff, he asked for the requisition id number.
Photo by Andrea Piacquadio, please support by following @pexel.com

Look Out!

When dealing with a situation like this there is a two-prong attack.

The Interviewer (attacker one)

-Will reach out for a role, you may or may have not applied to. This person will engage and offer an email interview or interview in some form of messaging service.

The hiring manager or human resources manager (attacker two)

-Will send the offer letter and request to purchase office equipment or mini-office equipment.

List of office or mini-office items

  • MacBook
  • Dual Monitors
  • External hard drive/backup system
  • Laptop Stand
  • A high-quality webcam
  • Comfortable desk chair
  • Hp LaserJet Pro M15w Printer
  • Computer Hardware and Software
  • High-Speed Internet Access
  • Stress Ball

Made it this far and found this to be entertaining? Then a big thanks to you and please show your support by cracking a like, scripting a comment, or plug-in to follow.

Would like to give sincere thanks to current followers and subscribers, your support and actions mean a lot and has a play in the creation of each script.

Have you ever encountered what could be a scammer?

Script a comment about how you handled the situation.