baiting – Guard Well Identity Theft Solutions

QR Code Scam Alert: A New Twist on Brushing

28 January 2025
by: Catherine Lennon
in: baiting,brushing scam,Cybercrime,cybersecurity,online marketplace
Tags: mysterious gift, QR code package scheme
note: no comments

A new scam is making its way into mailboxes, combining brushing scams with QR code fraud. A brushing scam is a deceptive scheme where online sellers send unsolicited packages to random people to boost their rankings and post fake reviews. These packages often contain cheap items such as socks or phone cases. The goal is to make it look like a real purchase was made and reviewed, tricking online marketplaces into improving the seller’s visibility.

Scammers prey on curiousity. If you receive a mysterious gift on your front porch, naturally you’re going to want to know who sent it, right? That gift may look like a free gift, but it oddly doesn’t include any details on who sent it. What it does have is a note inside instructing you to scan a QR code to “find out who sent this gift” or to “scan here to get return instructions.”

Scanning that QR code can lead to serious risks:

– Phishing websites that steal your login credentials, credit card details or other sensitive data.

– Malware downloads that infect your phone, allowing hackers access to your device.

– Identity theft if scammers collect enough of your personal information to do massive damage.

Cybercriminals are constantly finding new ways to exploit technology. If you receive an unsolicited package with a QR code, think before you scan! Avoid interacting with it, and always verify sources before providing any personal information.

Guard Well Identity Theft Solutions exists to provide you, your family and your employees from the damages of identity theft. If you have any questions or concerns, please contact our Member Services team immediately. We are always available for you 24/7/365 at 888.966.4827 (GUARD).

Gamers Hit with Social Engineering Attack

07 July 2024
by: Catherine Lennon
in: baiting,Cybercrime,Dark Web,Data Breach,Email Scams,gaming,honeytrap,Identity Theft,Identity Theft Protection,Imposter Scam,In The News,Online Safety,Phishing Scam,pretexting,Scams,tailgating,Trending,Uncategorized,Website Safety
Tags: baiting, Cybersecurity, Fraud Prevention, gaming, honeytrap, Identity Theft, identity theft protection, in the news, Online Safety, phishing, Scams, Tips
note: no comments

Our security teams have recently discovered that Shadow.tech, a cloud computing service developed by the French company Blade and later acquired by OBHcloud founder Octave Klaba in 2021 has been breached. Its technology is based on Window 10 server executing video games or other Windows software applications remotely. The breach origin date is October, 2023 and involves the data of 545,013 account users including their email addresses, full names, physical addresses and birth dates.

The public acknowledgement of the company states that they were a victim of a social engineering attack targeting one of their employees. Shadow.tech CEO said, “This highly sophisticated attack began on the Discord platform with the downloading of malware under cover of a game on the Steam platform, proposed by an acquaintance of an employee, himself, a victim of the same attack.” Learn More

If the term ‘social engineering attack’ is new to you … you are not alone.

Social engineering is a type of cyberattack that uses psychology to obtain personal identifying information (PII). It is impossible to prevent. This type of attack is a huge threat to cybersecurity because it begins on a very personal level with each victim. It invokes fear. It invokes urgency. If the device is being used for gaming and is part of a corporate network, login credentials can be compromised and harming of the network can occur.

Social engineering attacks can include many different formats: whaling, honeytrapping, tailgating … If you or a family member are into the gaming industry specifically, these are four social engineering attacks you need to be on the lookout for:

– Phishing: fraud, impersonation and old-fashioned blackmail.

– Baiting: fraudsters use fake websites, such as for not legit gaming add-ons and so-called “freebies.”

– Pretexting: this is a newer term and format. It includes a fabricated identity (or situation) where a victim may need to divulge PII. Example types of of impersonation could be a talent agency, a law enforcement officer, a major sweepstakes company.

– Spear Phishing: this is a very targeted email attack on specific employees (or sometimes organizations as a whole).

Tips:

– Only click on URLs that begin with https.

– Enable multi-factor authentication when available.

– Use a spam filter.

– Use a pop-up blocker.

– Do your research and check if a website or contact is legit.

– Never insert a USB into your device unless you know and trust exactly who it is from.

– If a request comes in and is marked URGENT, that is a red flag that it could be a scam.

Learning and following best cybersecurity practices are essential to safeguarding your PII. Guard Well Identity Theft Solutions exists to provide you, your family and your employees from the damages of identity theft. Please don’t hesitate to reach out if you need help or have any questions or concerns. We are available for you 24/7/365 at 888.966.4827 (GUARD) and [email protected].

Image courtesy credit: bermix-studio-wJ7atxTNeQE via unsplash.com

M	T	W	T	F	S	S
					1	2
3	4	5	6	7	8	9
10	11	12	13	14	15	16
17	18	19	20	21	22	23
24	25	26	27	28

Category Archives: baiting

Category Archives:
baiting