– It is easy to be deceived by emails like this. “I understand that it’s hard for people to understand that this is a scam,” says Wither Sandland, a senior consultant at the Norwegian Information Security Center (NARCIS).
In recent weeks, Norcis has received numerous inquiries into professionally executed email scams that abuse Dropbox. Last week, an email came to Sandland as well.
– I received an email from a caregiver I spoke to a long time ago about an electric car charger. I felt his email account must have been taken over by criminals, Sandland says.
The fraudsters sent emails to various people who had previously been in contact with the caretaker. Getting an email from a real person you know will make the fraud attempt more credible.
Scammers can also use details from previous email conversations, making them even harder to find.
– The “genius” with this type of fraud is not prevented by conventional security measures because the email is sent from a legitimate email address. In addition, Sandland claims that fraudsters connect with real Dropbox partitions.
If scammers click on the Dropbox link included in the email, you will be taken to your real Dropbox account. Once you are logged in, fraudsters can access the document you shared with them.
– Clicking on the document in Dropbox will take you to a website where you need to sign in to Microsoft 365. If you sign in here with your username and password, you have provided it to the fraudster, Sandland warns.
– Shows how far they are willing to go
So in this case there are login details for your Microsoft 365 account that fraudsters are looking for. If you’re really unlucky, you may end up providing passwords for more and more websites.
– When you try to log in to a fraudulent fake website, you will be notified that the password is incorrect. You can start trying other passwords that you know you are using, which means you have given your passwords even more to fraudsters. Sandland claims that the fraud method is unique in that respect.
Until they find an interesting person, criminals use login information to deceive more and more people. This can usually be someone in charge of invoice processing in a company.
– If fraudsters deceive the invoice manager, they may, for example, send the invoice to a subcontractor whose account number has been changed. Sandland says this shows how far criminals are willing to go to deceive you.
Recently, Norcis has been contacted by many who have been fooled by the cunning fraudulent system. In the worst cases, people are deceived into paying millions into fake accounts.
– Hacking of email accounts can also be used to install scammers ransomware virus. Sandland says it really only sets limits to the imagination.
He considers it difficult to convince all Norwegians that such emails are fraudulent.
– This type of fraud is very easy to pursue. Emails appear to be genuine to many, and we are confirmed based on how many people have contacted us.
Although it is difficult to see the pattern of fraud, in most cases there is a grip that is the solution.
– Use 2-step verification on all your accounts. If you only have one username and password, this is a period of time before you fall victim to fraud. If two-step verification is enabled, you will be protected against most such scams.
Two-step verification, two-step verification, or two-step verification is an additional level of login security. With two-step verification, you are signing in to something Livestock (Your password) In addition to you Get (A code on the phone).
2-Step Verification makes your account more secure because it prevents unauthorized persons from accessing your account even if they know your password.
This works in almost the same way as when you log in to Banking Online with Banking IIT, but instead you use the one-time code you receive via SMS or using an application installed on the phone (depending on the service).
Source: NorSIS / nettvett.no
Business Contact in the Inland Police District Lean Espeland wants tips and information on fraud attempts.
– This type of crime is serious because it affects individuals and affects people’s trust. The culprits are constantly inventing new methods, which Espeland says is very difficult to find.
He acknowledges that the chances of resolving such cases are not great, but he says it is even more important for people to provide police tips and information when exposed to fraud.
– It allows us to view links and reveal its size. We may have found connections between different events. In this way we can increase our capacity and also increase the chances of resolving cases in that way, says Espeland.
Tips to avoid scams
- Review the emails you receive. Do not click on the links, instead look for the website of the person you are receiving the inquiry from.
- Do not let other people’s payments go through your account. You reveal that you are being cheated or involved in criminal matters.
- If the offer is too good to be true, it will usually be.
Then do not send money:
- Money goes to people you don’t know well or can confirm the identity of people like online acquaintances.
- You get a “lucrative” investment offer from overseas via phone, email or online acquaintances.
- You have to send money to get inheritance, wins etc.
Source: Donske Bank
Considering how many people are likely to receive such emails and how many are reluctant to speak up when they realize they have been deceived, the police believe that many will be hidden.
– Where to make money, fraudsters will find the will and way to find everything weird. For us, all information is valuable in the big picture, so make sure you share the information with the police.
If you feel you have been disappointed, Esplanade encourages you to submit a review.
– If you have only received something that seems suspicious, it is important for the police and preferably to share information with other actors. You can do this Submit a tip. Feel free to take a screen shot of the fraud attempt and attach it to the tip, Espeland says.
He points out that if you allow yourself to be fooled it can lead to very boring results.
– Sensitive information may be misused. For example, you may fall victim to ID theft, which can have huge financial consequences. Of course you should avoid being deceived by emails like this and I would like to emphasize that you should not be embarrassed if it happened first. Being stupid is so easy, then it’s important that you say so.