This two-part article will examine the two most popular Internet scams today, and the motivators that make them work. At a recent Cyber Security Symposium hosted by the District Attorney’s office in New Haven, Connecticut, an FBI Agent from the Internet Crime Complaint Center (IC3) gave a presentation in which he revealed the top two Internet crimes reported to IC3. You will be happy to know that the Nigerian Prince (“Please send monies”) scam has apparently run its course. If you are unfamiliar with it, the scam (also known as the 419 scam) used a confidence game to trick unsuspecting victims into sending money to a fictional prince. Most amazing is that this scam predates the Internet, originally starting back in the era of fax machines. The Nigerian Prince scam played into the victim’s sense of greed, offering large sums of money for a small fee to assist the prince in getting the money away from the oppressive government (or some other phony claim). Most folks are aware of these too-good-to-be-true money scams, so the criminals have devised new methods to steal money. Let’s start our countdown from the second to the first of the most popular scams. According to the FBI, the second most popular scam on the Internet today is the urgent wire-transfer scam. The urgent wire transfer message is usually sent via a phishing email from a high-ranking executive in the company (usually the CEO or CFO), either commanding an employee to transfer a large amount of money to an account, or alternatively, requesting the wire-transfer information of the company bank account. The message uses the CEO’s name (a publicly available piece of information) and usually targets an employee in the finance department (also a publicly available piece of information). What makes this scam particularly effective is the timing of the message – The "urgent" message is usually sent near the end of the work day, or better yet, at the end of a Friday work day. The emotional and personal aspect at play here is not only the urgency of the message but also the employee’s position in the company coupled with the desire to go home for the night. How carefully would you check the return address of an urgent message from your CEO when you are trying to wrap up your day? The lesson here is to slow down, verify, and be careful, even if it is the CEO making the request. The difference could be worth much more than being late for dinner. Part 2 of this article will examine the most popular emotional and personal scam on the internet. Until then, Stay safe, friends.
About the Author: Bob Covello (@BobCovello) is a 20-year technology veteran and InfoSec analyst with a passion for security topics. He is also a volunteer for various organizations focused on advocating for and advising others about staying safe and secure online. Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc. Title image courtesy of ShutterStock
