Monday, February 26, 2024

Scam Email: Screening Sharing and Fake Live Chat

Here is a recent twist on a very old scam where the scammer has some story (the victim has a virus on their computer or some fake problem), the victim calls into a number the scammer provides in the message, while talking to victim the scammer gets the victim to agree to download a screen-sharing software so they can "help" them (they won't), and the scammer proceeds to steal passwords, etc. Another old twist on this is the scammer is attempting to send money to the victim (not really) and they pretend to send $10,000 to them instead of $100 (again, its all on faked screening sharing screens) and demand the money back.

So you can see this particular twist on this scam has taken it to the corporate space but it especially also impacts anyone who is signing into their bank account while screen sharing software is running. As you can imagine, that is a bad thing. 

Sometimes, the scammer won't say why you need to click that OK button, which allows them to screen share with your computer, or - as in the image below - they fake an email so you can log into a live chat. But you are not actually logging into a live chat. And once in, the scammer can do anything on your computer at that point.

They are well practiced at moving quickly once they get in on how to steal money and grab passwords. 

So in this twist, the scammer is pretending to be a bank's customer support (or internal technical support where corporate employees are involved) and they want to get you on "live chat" (its screen sharing, not live chat), so they trick the victim into clicking the button that says join live chat. But its not.

Again, this is increasingly impacting corporate employees (because they are jumping on to live chats for meetings all the time) as well as individuals accustomed to live chat to get support on various things.

So terrible. But all we can do is just keep sharing what they are doing to hopefully reduce the number of times they are successful.

Here is what I've seen:

1. Hackers are send personalized emails and texts pretending to be from financial institutions. The email might reference the individuals job title or company role. Or it might be an individual bank customer. 

2. The messages tell victims to download a "live chat app" which is actually remote access software AnyDesk.

3. Once the screen sharing software is running, victims are instructed to share the access code with the "support agent".

These attacks are so effective because they’re so believable and targeted.

- They're commonly used by organizations for IT support

- Banking sites often can't detect if customers are running them during login

- Access codes provide complete control without needing credentials

I *highly* recommend and advocate for all banks to be implementing measures to detect when remote access tools are running when consumers log into their banking accounts. Some do it on the consumer side (not all) but they also need to do it on the corporate side for employees who may become unwitting victims while at work.

As for us consumers, I can only say, be careful out there. When it involves money, ALWAYS be skeptical and verify by another path (i.e. say you'll call yourself into the bank customer service phone line).

As the world becomes default digital, devices and our behavior on all of these convenient devices has become our most vulnerable area of risk for scams.




No comments:

Post a Comment