The ‘Paypal’ scam
One trick I’ve noticed is to 1) use a common first name (possibly even names data-mined from any social media information you have public), then 2) go straight to what will catch the curiosity of most people: a big wad of cash, and finally 3) try to legitimize it with a reference to “Paypal” (even though the company spells it with both ‘P’s capitalized: PayPal) or similar.
As I do know several people with each of these names, if I had received only one of these emails and was not already distrustful from working in the IT security industry (and hadn’t noticed the incorrect spelling of PayPal)… I might have clicked through to who knows where. This type of spam is used with various legitimate company names in the subject line.
The Syria scam
Having no limits to their callousness, scammers have started to take advantage of Syria’s new media popularity, drawing on the sympathies of an unsuspecting demographic: the gullible and/or naïve and/or blindly patriotic.
About the time that news stories started to surface on Syrian refugees, I received a couple emails like the following, allegedly from a U.S. Marine in Syria:
I would hope that anyone with an IQ higher than a box of rocks would know how utterly absurd and illogical/self-contradictory the above story is, but apparently enough people fall for this stuff – and the continued stories of Nigerian treasures or winning the British lottery (without ever having played it) – that scammers continue to make money from these methods.
The LinkedIn request from a cousin
Last week I received an actual LinkedIn request from my cousin, whom I recalled was dealing with some major health issues and not likely at a point where she would be focusing on her career. The LinkedIn profile was nearly empty, so I contacted her through Facebook to inquire if it was really her or not. She confirmed that it was not.
The motive here is a mystery to me. Either someone wanted to learn more about me via LinkedIn, or they wanted to later pose as my cousin to ask for ‘some financial assistance’. Regardless, this one almost had me – because it was a legitimate LinkedIn request, just not from a legitimate cousin.
Note to self
When it comes to IT security and data privacy, it’s good to be somewhere between skeptical and paranoid as a default setting. These scammers make a living from what they do – don’t be their source of income.