Beware Advance Fee Fraud (AFF): The Piano Scam

May 31, 2024

This is a short blog post I wrote for our security awareness internal communication. Feel free to grab and use for your own program. Created with the help of ChatGPT.

Beware Advance Fee Fraud (AFF): The Piano Scam

Cyber threats are constantly evolving, and one of the latest scams targets unsuspecting individuals with a piano-themed fraud. This scheme, dubbed the "Piano Scam," preys on the goodwill of victims by offering a "free" piano, only to defraud them through advance fee payments for shipping.

This type of scam is targeting people in the education sector but other scams like this will target other industries such as healthcare or the food industry. Understanding these types of scams will help identify when similar scams are used against our company.

How the Scam Works

Initial Contact: Victims receive an email claiming a free piano is available due to a family death.

Shipping Fraud: The scammer directs victims to a fake shipping company, which requests payment for delivery fees via various methods, including Zelle, PayPal, and cryptocurrency.

Data Harvesting: Personal information such as names, addresses, and phone numbers are also solicited.

Recognizing the Scam

Too Good to Be True: Be cautious of unsolicited offers that seem excessively generous.

Unverified Senders: Emails from unfamiliar addresses or free email services should raise suspicion.

Payment Requests: Legitimate giveaways do not require upfront fees for shipping or handling.

Prevention Tips

Verify Sources: Independently verify the sender and the legitimacy of the offer.

Avoid Clicking Links: Do not click on links or download attachments from unknown emails.

Report Suspicious Activity: Inform your IT department or local authorities if you encounter such scams.

Understanding the tactics used in the Piano Scam can help you avoid becoming a victim. Stay vigilant and informed to protect yourself from these and other cyber threats.

For more detailed information on this scam, visit Proofpoint's Security Brief.

World Cup scams out in full force

June 18, 2014

It’s the time again when the greatest soccer teams in the world collide to determine a champion. The 2014 World Cup is this summer and with it comes 90-minutes of intense soccer action, patriotism, flopping, hacktivism, scams and spam. The World Cup is big news and because of it scammers, spammers and criminals will take advantage of the event to get you to click on malicious links or sign up for services you don’t want. They do this by offering free tickets, prizes and various other free things. Be wary of clicking on links both here at work and on home on your computing devices. Nothing is ever free, especially on the internet and if you decide to explore one of these malicious links or scams you’re likely to end up with something other than free access to one of the greatest sporting events in the world.

For more on the subject I would highly recommend eSecurity Planet’s article How to Avoid FIFA World Cup Cyber Threats by Jeff Goldman. The article is not only good advice for handling scams during the World Cup, but any other big events scammers and criminals are likely to take advantages of.

Also, for Android users, be wary of World Cup apps. Several apps have been found to contain malware on them that steals data, pushes ads or runs up premium service charges. For more on that check out the Security Affairs blog and the Fake Versions of World Cup 2014 Apps targeting Android users post.

This post first appeared on Exploring Information Security.

Brian Krebs InfoSec Links May 7, 2014

May 7, 2014

Cause Brian Krebs is awesome.

Phishers Divert Home Loan Earnest Money - Brian Krebs - Krebs on Security

In this scheme, the attackers intercept emails from title agencies providing wire transfer information for borrowers to transmit earnest money for an upcoming transaction. The scammers then substitute the title company’s bank account information with their own, and the unsuspecting would-be homeowner wires their down payment directly to the fraudsters.

Emails are being intercepted and the account information changed so that the home buyers send the money to the criminal and not the loan agency. That's really scary and shows that if it's financially profitable criminals will find a way to exploit the system.

Adobe Update Nixes Flash Player Zero Day - Brian Krebs - Krebs on Security

Update Adobe Flash Player on your computers. Do it. Do it NOW!

The Target Breach, By the Numbers - Brian Krebs - Krebs on Security

Krebs breaks down some of the numbers involved in the Target breach that took place from November 27 to December 15, 2013. The most glaring one is the number of Chief Information Security Officers (CISO) or Chief Security Officers (CSO), which was zero, according to the AP. If true, that's pretty sad for the second-largest discount retailer in the United States. And it's not that a CISO or CSO would have stopped the breach, but does give us a peek into Target's thoughts on information security.

This post first appeared on Exploring Information Security.