It is easy to be deceived by such emails. I understand it’s hard for people to understand that it’s a scam, says senior advisor Vidar Sandland at the Norwegian Center for Information Security (NorSIS).
In recent weeks, NorSIS has received a number of inquiries about a professionally executed email scam that abuses Dropbox. Last week, Sandland himself received an email.
– I received an email from a supervisor I had talked to a long time ago regarding an electric car charger. Then I realized his email account must have been taken over by criminals, says Sandland.
The scammers sent emails to various people the caregiver had been in contact with before. Since the email comes from a real person you know, the scam attempt becomes more credible.
Scammers can also use details from past email conversations, making them more difficult to spot.
The ‘genius’ with this type of scam is that it is not intercepted by the usual security mechanisms, because the email is sent from a legitimate email address. In addition, the scammers are associated with a real Dropbox share, Sandland says.
If you click on the Dropbox link that the scammers entered into the email, you will be taken to your real Dropbox account. Once you sign in, you will have access to the document that the scammers have shared with you.
– If you click on the document inside Dropbox, you’ll be taken to a website where you’re supposed to sign in to Microsoft 365. If you sign in here with your username and password, you’ve given it right to the scammer, Sandland warns.
– Shows how far they are willing to go
So there are the login details for your Microsoft 365 account that scammers are looking for in this case. If you are really unlucky, you may end up giving away passwords for more websites.
– When you try to login to the fake website of scammers, you will be notified that the password is incorrect. Then, you may start trying other passwords that you know you use, which in this case means you’ve given the crooks more of your passwords. Sandland says the scam is ingenious this way, too.
Criminals use your login information to trick more people, into finding someone interesting. This can usually be someone in charge of billing in the company.
– If the scammers manage to deceive the billing manager, they can, for example, send an invoice to a subcontractor where the account number has been changed. This shows how much criminals are willing to deceive you, says Sandland.
Recently, NorSIS has been contacted by several people who have been scammed by cunning scams. In the worst case, people are tricked into paying millions into fake accounts.
– Scammers can also use hack email accounts to install ransomware virus. Only imagination sets the limits, says Sandland.
It is believed that it is difficult to make all Norwegians understand that such emails are a fraud attempt.
It is very easy to follow this type of scam. The emails will look real to many, which are also confirmed based on the number of people who have contacted us.
Although it is difficult to see what fraud looks like, there is a grip that will be the solution in most cases.
Use 2-Step Verification on all your accounts. If you only have a username and password, it will only be a matter of time before you get scammed. When you turn on two-step verification, you will be protected from most of these scams.
Two-step verification, two-step authentication, or two-step verification is an additional level of login security. With 2-step verification, you can sign in with something Veterinarian Dr (your password) plus something for you Get (symbol on the phone).
Two-step verification makes your account more secure because it prevents others from logging into your account even if unauthorized people know your password.
This works in much the same way as when you log into your online bank with BankID, but instead you use a one-time code that you receive via SMS or using the app installed on the phone (depending on the service).
Source: NorSIS / nettvtt.no
Business contact Lene Espelund in the Innlandet Police District wants advice and information about scam attempts.
This type of crime is dangerous because it affects individuals and affects people’s trust. Espelund says criminals are constantly inventing new methods that make detection more difficult.
She acknowledges that the chances of resolving issues like these are not necessarily very high, but says it’s still important for people to give advice and information to the police when they are exposed to a fraud attempt.
– Helps us see links and reveal their extent. We may discover links between different cases. This way we can increase our efficiency and in this way also increase the chance of resolving issues, says Espelund.
Tips to avoid fraud
- Swipe the emails you receive. Do not click on the links, instead find the website of the person from whom you receive the inquiry.
- Don’t let other people’s payments go through your account. Then you expose yourself to deception or involvement in criminal matters.
- If a show sounds too good to be true, it usually is.
Do not send money if:
- The money goes to people you don’t know well or who can confirm their identity, such as your online acquaintances.
- You received a “profitable” investment offer from abroad by phone, e-mail or through your acquaintances on the Internet.
- You must send money to receive inheritance, winnings, etc.
Source: Danske Bank
Exchange of information
Given the number of people likely to receive such emails, and the fact that many are reluctant to speak out when they realize they have been scammed, police believe significant numbers are likely to be hidden.
– In the case of making money, fraudsters find the will and the way to invent everything strange. For us, all information is valuable in the big picture, so be sure to share the information with the police.
If you realize you have been scammed, Espelund encourages you to submit a review.
– If you only receive something that looks suspicious, it is important to share the information with the police and preferably with other actors. You can do this via send a tip. Feel free to take a screenshot of the scam attempt and attach it to the tip, says Espelund.
She notes that it can have very boring results if you let yourself be fooled.
Sensitive information goes astray and can be misused. For example, you may be a victim of identity theft, and this can have significant financial consequences. While it is of course best to avoid being scammed by such emails, I want to stress that you shouldn’t feel embarrassed if this happens first. It’s easy to be fooled by inmari, and then it’s important to say it.