Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Wednesday February 19 2020, @11:35PM   Printer-friendly
from the obvious-fake-weeds-out-the-smart-targets dept.

https://arstechnica.com/information-technology/2020/02/anatomy-of-a-dumb-spear-phish-hitting-librarians-up-for-zelle-cashapp-cash/

Here's a clue for would-be Internet financial scammers: do not target librarians. They will catch on fast, and you will have wasted your time.

Yesterday, the former outgoing chair of the Young Adult Library Services Association's [(YALSA)] Alex Awards Committee (and my wife) Paula Gallagher got a very odd email that purported to be from a colleague within her library system who is a member of YALSA's board. The email asked, "Are you available to complete an assignment on behalf of the Board, And get reimbursed? Kindly advise."

[...] She ignored the message until another member of the committee reached out to her after responding to an identical message. The "assignment" turned out to be a textbook payment scam, and it came from a new email address—"presidentnewboxmailme [at]gmail.com":

Would you help in paying a Merchant and get reimbursed by [name of the board's financial chair]? [He] not available today due to health reasons, But promised a swift reimbursement before Friday. It's imperative and it's $6,980. I was able to sent out $4000 from my daily savings limit. Get back to me if you can send the remaining $2,980 via Zelle & CashApp. It concerns our YALSA's 2020 Young Adult Services Symposium.

[...] Knowing that Paula worked with the purported sender of the message, the recipient forwarded the message to her and asked, "Seems sketchy... has he been hacked?" Soon, others chimed in on a group chat that they had received similar suspicious messages.

No one fell for the phish.

[...] This attack—targeting members of a non-profit association—is just the latest wrinkle in that trend, borrowing the tactics, if not the precision, of big-dollar targeted attacks against corporations.

[...] associations and other non-profit organizations—which may have both somewhat less money and somewhat less in the way of centralized IT—are now apparently being targeted because of their nature. They have very public websites as part of their mission outreach, filled with the names and email addresses of people willing to do many things for the organization's mission—including reaching for their own wallets.

[...] Until Zelle, CashApp, and other peer-to-peer payment providers offer a way to help spot fraudulent accounts, they'll continue to be a popular target.

If you need more tips on spotting these kinds of scams... just ask a librarian.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 5, Interesting) by Immerman on Thursday February 20 2020, @02:19AM

    by Immerman (3985) on Thursday February 20 2020, @02:19AM (#960141)

    "Impedance matching" is probably right. I recall a while back hearing that the abysmal literacy level of typical Nigerian spam is intentional - anyone who isn't warned off by that is far more likely to be an easy mark, which greatly reduces the time wasted luring in potential suckers that end up recognizing the scam later in the exchange.

    Starting Score:    1  point
    Moderation   +4  
       Interesting=4, Total=4
    Extra 'Interesting' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   5