Tag Archives: Social Engineering

Incident response against scammers

20121109-101917.jpg

Not the first time helping friends respond to such situations. Email accounts getting taken over, fake distress call for monetary help broadcast to all contacts, emails and contacts getting wiped, email settings being configured to allow continued access to the victim’s emails/account, etc.

Also, not the first time seeing Nigerian IPs in the “culprit” list. Even if they’re zombies/proxies, seeing Nigerian IPs only does make it look pretty…unlikely 😉

Those Darned Telemarketers

Beware of the Wily Old Fox

Social engineering, … is understood to mean the art of manipulating people into performing actions…

Yet another example today of a stupidly simple, yet effective and easy to pull off trick that telemarketers use: pretending that you have “won” or are entitled to Something Good (which probably isn’t). Not as if someone else has not tried this before.

Got a call from 65345723, masquerading as someone from UOB this time.

Miss T: Hello, I’m calling from UOB. Would like to ask you if you’ve done your holiday resort redemption yet?
Me: Huh? What’s that about?
Miss T: Oh, I guess you have not done it yet. You see, we have this redemption thing for UOB members, you just need to come over to UOB tower…
Me: (smiling at this point) Oh…but I don’t have an UOB account, heh.
Miss T: Oh…ok then. *hangs up*

In this case, the tactic being used is called “pretexting“. Plenty of (email) spammers use this trick too, usually trying their luck at impersonating emails from a range of popular social networks and banking services in the hope of getting you to click on a bad link.

This number 65345723 has been flagged by others for calling on behalf of (or pretending to be, I don’t know which is it) other parties like a travel agency (hmmm, “holiday resort redemption”?) and another bank (OCBC) claiming a win of a tablet PC. These folks are really unscrupulous…

Oh well, yet another number to add to my Do Not Answer list.

Finexis’ new tactic: Social Engineering

Just got a call from Finexis, trying to get/trick me into going down to talk to their financial consultants. They are now trying to do so by saying that there’s been some changes to their(implied: your) policies, and want you do go down for a session with them.

Problem is, I don’t have any policies with them 😀 Well, one more number (6341 5315) in my blacklist.

Do be warned.

For the curious, our conversation went like this:

Her: Hi, may I speak to Ray?
(note that she already has my name, so I continue to talk to her, for now)

Me: Yeah, what’s up?

Her: I’m calling from Finexis. There’s been a change with some of our policies…

Me: Huh? But do I have any plans with Finexis?
(I know I don’t)

Her: Errr…no.. But we’d like to invite you down to have a talk with one of our financial consultants on this.

Me: (laughs) No thanks 😀 *hangs up*