We are masters at these frameworks and many more.
With a stroke of luck, you have just been informed that you are the recipient of your long lost Nigerian uncle's vast fortune that he is leaving to you after he has passed. God rest his soul. The only thing that is needed is your bank account information, some personal information like your SSN, and to agree to providing a commission to those that are taking time out of their day to send you this money.
If you haven't received an email like that by now then you are definitely hidden from reality or your spam checker is the best there ever is or ever could be.
The unfortunate fact is that there are less than ethical people out there that will prey on overly ethical people. Additionally, there are always people that are willing to take a chance of sending several hundred dollars in hopes of getting several million in return.
We are here to tell you that these are all scams. The intention is to either get you to send money or to send some form of information that would allow these people to steal from you in the future. That is, assuming, that just clicking the link to be able to respond doesn't compromise your device with some form of malware.
According to various sources, in 2019 almost $667M was lost to imposter scams, identity fraud was at $1.7B, and generally older Americans lose around $2.9B per year. The unfortunate fact is that there is a criminal economy based around scamming people and plenty of victims to keep that economy going.
So how do these scams work? First almost all of them start with an email of sort. These emails can come in a variety of flavors though ranging from Nigerian uncle scams to requests to partner with foreign investors. Clearly, the intention is to entice the victim to either click the link or respond with some sort of enthusiasm.
So, assuming that the victim "clicks the link", then there is a high probability that the attacker now has access to the victim's computer (see the Arrakis phishing article) and, unfortunately, the game could very well be over for the victim.
However, assuming the victim didn't click the link and simply responded, then the attacker has other options available. Generally, the attacker is almost always not working alone. The simple fact that a victim has responded has now put that victim on a list that everyone in the attacker group will be aware of. Once the victim responds with any amount of exploitable data or, even worse, the victim has transferred money then the attacker that started the attack takes lead. After it is clear to the attacker that they have gotten as much as they can from the victim then another member of the attackers team will start up a different attack to keep the momentum going and hopefully sucker more money out of the victim.
This process repeats over and over until either the victim is out of money or the victim has figured out the scam.
How can you protect yourself, your family, your friends, and your coworkers?
First, and likely the most important, is understand the attack methodology and noticeable features of the attack itself. These attacks almost always are through some form of electronic transmission with email being the most common followed by text messages. Attacks through voice are rare because the attacker almost always doesn't speak the English language in a manner that gives the victim the impression that English isn't their first language. Thus the only way the attacker can solve that problem is to remove voice as a method of detection.
This leads the attacker down the path of email or text message however this is based on their understanding of the English language and grammar. You will see wording that is contrary to normal language such as "brain cage" instead of "skull" or messages that start with "hello dear". Other key indicators would be the title of the person emailing the victim...unless the victim routinely interacts with royalty then it's extremely unlikely to get a random email from a "prince". Another common sense indicator would be areas of business. For example, if a dentist was receiving a business proposition from a person from Dubai for the purposes of investing in an oil drilling operation the first question that should come to mind is what is the connection between the two...why would someone from Dubai connect with a dentist in Spokane, Washington in order to be more profitable in drilling for oil?
Another great indicator of an attack is how the email is composed. Almost all attacker emails either want to give you something and the victim is the only person who can make this happen...or...the email reads like the person is in trouble, but in a safe place, but can't go anywhere unless you help. A common example would be a person you know that indicates they are on vacation in Paris, got robbed, and can't pay for the hotel room with the hotel manager holding luggage/passports as hostage until you pay. Obviously, in this case, the person you know was likely already compromised. Another example would be anyone claiming they needed support due to war (Iraq, Syria, etc...) with frozen assets in some country and the person who needs help in another country. In this case they need to transfer the frozen asset to the victim and will eventually ask for personal information to make that transfer happen. Another great, and currently popular, scam is when the attacker indicates they have screen shots of the victim surfing adult websites and possibly masturbating. This leads into the attacker attempting to blackmail the victim. Obviously if the victim has no webcam then this would be an easy one to figure out.
To relate this subject to legitimate business operations, most sales people have a grading system to determine the value of a client in relation to client needs, likelihood of wanting to do business, and if the client has budget. The same process happens with scams, with the attackers giving you points for opening an email, more points for responding, and the most points for falling victim to the attack.
Arrakis has experience in dealing with these scams as well as supporting victims getting out from under the attack. Unfortunately, victims come to us after the attack is well underway. At this point the best and only thing to do is stop the bleeding.
Contact us if you feel you have been compromised or have suspicious activity that could give you the impression you are compromised. Your safety is our priority and we are sensitive to your needs.
