CyberThreats Daily: Social engineering scams targetting Ireland

The other day Joe Duffy on RTÉ.ie Radio1: Liveline hosted victims of online scams. An Irish victim explained in detail how his email account was taken over by cybercriminals, who then emailed his friends, pretending to be him and asking for money, because he is supposedly stuck abroad and needs money to get back to Ireland.

A few of his friends fell for it and rushed to their friend’s aid and sent money through Western Union (which is untraceable). The bad guys won. The full podcast of the show is available here and we at ESET Ireland highly recommend listening to it.

Scams like this are not unknown and have before also been known under the name “Londoning” (since in many the friend was “stuck in London”) and after the Iceland volcano erruptions disrupted travel all over Europe, many “Icelanding” scams appeared.  At ESET we have written about them before, so have a read also at ESET researcher’s David Harley’s blog post on SEO poisoning, Londoning and Icelanding.

From this blog are some useful tips on avoiding being scammed:

  1. You can be very suspicious of messages like this, however they arrive and wherever or whoever they come from. Some ideas about what constitutes “suspicious” in the email context: it’s clear from the headers that it was sent to more than one person, doesn’t indicate that the sender actually knows anything about the recipient other than their address (no personal touches) and so on.
  2. Don’t even think of responding to the request until you’ve verified the source with extreme prejudice.
  3. Absence of personalization (personal touches in the message that actually indicates the sender knows you well) is a pretty good indicator of untrustworthiness (and characteristic of all generalized phish and 419 messages). If I was going to tap you for a few thousand dollars, I think I’d probably ask after your spouse and children, for instance, however upset I was. However, bear in mind also that not all social engineering attacks are untargeted. Remember that someone who compromises your Facebook account, for instance, has access to your profile and those of your friends, not just your account details and contact lists.
  4. If the way the message is expressed is uncharacteristic (especially if it sounds more “foreign” than you’d expect), that’s a pretty good indication that you’re not talking to the person you think you’re hearing from.
  5. Be particularly sceptical when a “friend” (or, even more suspiciously, an acquaintance) wants you to send them cash by a scam-friendly channel such as Western Union.
  6. 419 scams sometimes inventive in social engineering terms, but not necessarily hi-tech: take reasonable precautions to avoid having your accounts (email, Facebook, other social networking sites) compromised. Use hard to break passwords, don’t use the same password for multiple accounts, and be on the lookout for any attempt to trick you into giving your password away, and that will reduce your attack surface (no guarantees of invulnerability though!)

One thought on “CyberThreats Daily: Social engineering scams targetting Ireland

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s