Scam Alert - Watch out for Fake Walmart Password Reset Email
Nowadays, technology does not so much march forward as skyrockets into new and unexpected directions at a staggering speed. Using the Internet is practically a necessity for business and personal matters. Unfortunately, just like any other pillar of modernity, there are fraudsters looking to play this system and enrich themselves at the expense of others. Unfortunately for IT users nowadays, the con artists that plague the Internet today have a wealth of tools they can use to their advantage and have refined their fraudulent “craft” to a rather impressive degree—case in point – the recent wave of phishing attacks that hit Wallmart customers’ emails.
Morey Haber, chief technology officer at cybersecurity company BeyondTrust, commented that “The emails look real — very real.” According to Mr. Haber, “Most of the basic content is well-formed, there are no spelling or grammatical errors, and the hyperlinks and email addresses are cleverly spoofed to resemble their legitimate counterparts.” This stands in stark contrast to the norm of online fraud, as phishing attacks are usually easily spotted by a wary user. However, in order to not fall for such tricks, a user needs to be aware that the possibility of being defrauded exists, as well as a few basic tricks that a scammer may pull.
So what tricks do online fraudsters use nowadays?
GDPR, or General Data Protection Regulation
As per Mr. Haber’s statements, “[We’ve] seen several phishing scams cite the newly enacted GDPR as a reason to request information from targets, taking advantage of the confusion around these new regulations and the deluge of related emails that internet users are already receiving.” All in all, GDPR is a tricky subject that’s not very well understood by the wider base of Internet users. Scammers will try and lend themselves an air of legitimacy, by hiding behind the poorly understood acronym. Users need to know not to let down their guard when they see the word.
Emails that warn you that a service or social media account or its password has “expired” or is about to expire, and inviting you to follow a link to log in and “save” it are one of the oldest tricks in the online fraudsters’ book. Unfortunately, if a user is not aware of this fraudulent tactic, and are not really expecting to be attacked from this direction, they may well fall for the trick and divulge valuable information to the fraudster.
Personal Information That’s Already Available
Data breaches happen all the time – that’s an unfortunate fact of life. When such a breach happens, personal information of millions of people can be leaked online, at the disposal of malicious actors. Said data is compiled into data dumps, some of which can contain personal details of billions of user accounts. As such, it’s not inconceivable that some undesirables may have gotten their hands on some of your personal data – your name and email address, and the fact that you use some service or other, for instance. Fraudsters may well try and use that information against you in a personalized attack, aimed at tricking you into giving up more information or other things of value – such as money, social security numbers, credit card numbers, etc. The key thing to note here is that the information that these people have on you is probably incomplete, so if you maintain a healthy dose of skepticism, you can probably sniff out the fraud.
Convincing Landing Pages
The phishing scam usually works by tricking a user into going to a fake landing page and typing in their account details into a fake form. Those can be really convincing, especially if you’re not on your toes and think of checking the address bar once you hit the landing page, for instance. However, there are tell-tale signs that things are amiss. Additionally, a password manager can be a very useful tool when it comes to detecting this very common method online fraudsters employ.