#Exposing scam tactics | Explore Tumblr Posts and Blogs

marcoaguilarmex · 1 year

Text

Beware of Scott Kramer's MTM Medical Tourism Mazatlán

I must share my harrowing experience with MTM Medical Tourism Mazatlán, a medical tourism services provider in Mazatlán, Mexico, owned by Scott Kramer. Initially, I sought their services for a hip replacement surgery, which was quoted at $40,000. While the treatment itself was satisfactory, the real nightmare began after the surgery when we discovered a shocking case of fraudulent billing.

Scott Kramer's team billed us a staggering $100,000, including unnecessary medical services that were neither discussed nor required. This unexpected financial burden left us reeling, questioning the integrity of MTM Medical Tourism Mazatlán.

I urge anyone considering their services to exercise extreme caution. The initial promise of affordable medical care quickly transformed into a costly and deceitful experience. Be vigilant, seek transparent pricing, and explore alternatives before placing your trust in this establishment.

My intention in sharing this review is to safeguard others from falling victim to similar deceptive practices. Trust your instincts, and don't let the allure of affordability blind you to potential financial pitfalls. Your well-being deserves a provider with honesty and integrity, which, in my experience, MTM Medical Tourism Mazatlán failed to deliver.

1 note · View note

mostlysignssomeportents · 7 months

Text

An excerpt from The Bezzle

I'm on tour with my new novel The Bezzle! Catch me next in SALT LAKE CITY (Feb 21, Weller Book Works) and SAN DIEGO (Feb 22, Mysterious Galaxy). After that, it's LA, Seattle, Portland, Phoenix and more!

Today, I'm bringing you part one of an excerpt from Chapter 14 of The Bezzle, my next novel, which drops on Feb 20. It's an ice-cold revenge technothriller starring Martin Hench, a two-fisted forensic accountant specialized in high-tech fraud:

https://us.macmillan.com/books/9781250865878/thebezzle

Hench is the Zelig of high-tech fraud, a character who's spent 40 years in Silicon Valley unwinding every tortured scheme hatched by tech-bros who view the spreadsheet as a teleporter that whisks other peoples' money into their own bank-accounts. This setup is allowing me to write a whole string of these books, each of which unwinds a different scam from tech's past, present and future, starting with last year's Red Team Blues (now in paperback!), a novel that whose high-intensity thriller plotline is also a masterclass in why cryptocurrency is a scam:

https://us.macmillan.com/books/9781250865854/redteamblues

Turning financial scams into entertainment is important work. Finance's most devastating defense is the Shield Of Boringness (h/t Dana Clare) – tactically deployed complexity designed to induce the state that finance bros call "MEGO" ("my eyes glaze over"). By combining jargon and obfuscation, the most monstrous criminals of our age have been able to repeatedly bring our civilization to the brink of collapse (remember 2008?) and then spin their way out of it.

Turning these schemes into entertainment is hard, necessary work, because it incinerates the respectable suit and tie and leaves the naked dishonesty of the finance sector on display for all to see. In The Big Short, they recruited Margot Robbie to explain synthetic CDOs from a bubble-bath. And John Oliver does this every week on Last Week Tonight, coming up with endlessly imaginative stunts and gags to flense the bullshit, laying the scam economy open to the bone.

This was my inspiration for the Hench novels (I've written and sold three of these, of which The Bezzle is number two; I've got at least two more planned). Could I use the same narrative tactics I used to explain mass surveillance, cryptography and infosec in the Little Brother books to turn scams into entertainment, and entertainment into the necessary, informed outrage that might precipitate change?

The main storyline in The Bezzle concerns one of the most gruesome scams in today's America: prison-tech, which sees America's vast army of prisoners being stripped of letters, calls, in-person visits, parcels, libraries and continuing ed in favor of cheap tablets that bilk prisoners and their families of eye-watering sums for every click they make:

https://pluralistic.net/2024/02/14/minnesota-nice/#shitty-technology-adoption-curve

But each Hench novel has a variety of side-quests that work to expose different kinds of financial chicanery. The Bezzle also contains explainers on the workings of MLMs/Ponzis (and how Gerry Ford and Betsy DeVos's father-in-law legalized one of the most destructive forces in America) and the way that oligarchs, foreign and domestic, use Real Estate Investment Trusts to hide their money and destroy our cities.

And there's a subplot about music-royalty theft, a form of pernicious wage theft that is present up and down the music industry supply-chain. This is a subject that came up a lot when Rebecca Giblin and I were researching and writing Chokepoint Capitalism, our 2022 book about creative labor markets:

https://chokepointcapitalism.com/

Two of the standout cases from that research formed the nucleus of the subplot in The Bezzle, the case of Leonard Cohen's batshit manager who stole millions from him and then went to prison for stalking him, leaving him virtually penniless and forced to keep touring to keep himself fed:

https://www.theguardian.com/music/2012/apr/19/leonard-cohen-former-manager-jailed

The other was George Clinton, whose manager forged his signature on a royalty assignment, then used the stolen money to defend himself against Clinton's attempts to wrestle his rights back and even to sue Clinton for defamation for writing about the caper in his memoir:

https://www.musicconnection.com/the-legal-beat-george-clinton-wins-defamation-case/

That's the tale that this excerpt – which I'll be serializing in six parts over the coming week – tells, in fictionalized form. It's not Margot Robbie in a bubble-bath, it's not a John Oliver monologue, but I think it's pretty goddamned good.

I'm leaving for a long, multi-city, multi-country, multi-continent tour with The Bezzle next Wednesday, starting with an event at Weller Bookworks in Salt Lake City on the 21st:

https://www.wellerbookworks.com/event/store-cory-doctorow-feb-21-630-pm

I'll in be in San Diego on the 22nd at Mysterious Galaxy:

https://www.mystgalaxy.com/22224Doctorow

And then it's on to LA (with Adam Conover), Seattle (with Neal Stephenson), Portland, Phoenix and beyond:

https://pluralistic.net/2024/02/16/narrative-capitalism/#bezzle-tour

I hope you'll come out for the tour (and bring your friends)!

Between 1972 and 1978, Steve Soul (a.k.a. Stefon Magner) had a string of sixteen Billboard Hot 100 singles, one of which cracked the Top 10 and won him an appearance on Soul Train. He is largely forgotten today, except by hip-hop producers who prize his tracks as a source of deep, funky grooves. They sampled the hell out of him, not least because his rights were controlled by Inglewood Jams, a clearinghouse for obscure funk tracks that charged less than half of what the Big Three labels extracted for each sample license.

Even at that lower rate, those license payments would have set Stefon up for a comfortable retirement, especially when added to his Social Security and the disability check from Dodgers Stadium, where he cleaned floors for more than a decade before he fell down a beer-slicked bleacher and cracked two of his lumbar discs. But Stefon didn’t get a dime. His former manager, Chuy Flores, forged his signature on a copyright assignment in 1976. Stefon didn’t discover this fact until 1979, because Chuy kept cutting him royalty checks, even as Stefon’s band broke up and those royalties trickled off. In Stefon’s telling, the band broke up because the rest of the act—especially the three-piece rhythm section of two percussionists and a beautiful bass player with a natural afro and a wild, infectious hip-wiggle while she played—were too coked up to make it to rehearsal, making their performances into shambling wreckages and their studio sessions into vicious bickerfests. To hear the band tell of it, Stefon had bad LSD (“Lead Singer Disease”) and decided he didn’t need the rest of them. One thing they all agreed on: there was no way Stefon would have signed over the band’s earnings to Chuy, who was little more than a glorified bookkeeper, with Stefon hustling all their bookings and even ordering taxis to his bandmates’ houses to make sure they showed up at the studio or the club on time. Stefon remembered October of ’79 well. He’d been waiting with dread for the envelope from Chuy. The previous royalty check, in July, had been under $250. The previous quarter’s had been over $1,000. This quarter’s might have zero. Stefon needed the money. His 1972 Ford Galaxie needed a new transmission. He couldn’t keep driving it in first.

The envelope arrived late, the day before Halloween, and for a brief moment, Stefon was overcome by an incredible, unbelieving elation: Chuy’s laboriously typewritten royalty statement ended with the miraculous figure of $7,421.16. Seven thousand dollars! It was more than two years’ royalties, all in one go! He could fix the Galaxie’s transmission and get the ragtop patched, and still have money left over for his back rent, his bar tab, his child support, and a fine steak dinner, and even then, he’d end the month with money in his savings account.

But there was no check in the envelope. Stefon shook the envelope, carefully unfolded the royalty statement to ensure that there was no check stapled to its back, went downstairs to the apartment building lobby and rechecked his mailbox.

Finally, he called Chuy.

“Chuy, man, you forgot to put a check in the envelope.”

“I didn’t forget, Steve. Read the paperwork again. You gotta send me a check.”

“What the fuck? That’s not funny, Chuy.”

“I ain’t joking, Steve. I been advancing you royalties for more than three years, but you haven’t earned nothing new since then—no new recordings. I can’t afford to carry you no more.”

“Say what?”

Chuy explained it to him like he was a toddler. “Remember when you signed over your royalties to me in ’76? Every dime I’ve sent you since then was an advance on your future recordings, only you haven’t had none of those, so I’m cutting you off and calling in your note. I’m sorry, Steve, but I ain’t a charity. You don’t work, you don’t earn. This is America, brother. No free lunches.”

“After I did what in ’76?”

“Steve, in 1976 you signed over all your royalties to me. We agreed, man! I can’t believe you don’t remember this! You came over to my spot and I told you how it was and you said you needed money to cover the extra horns for the studio session on Fight Fire with Water. I told you I’d cover them and you’d sign over all your royalties to me.”

Stefon was briefly speechless. Chuy had paid the sidemen on that session, but that was because Chuy owed him a thousand bucks for a string of private parties they’d played for some of Chuy’s cronies. Chuy had been stiffing him for months and Stefon had agreed to swap the session fees for the horn players in exchange for wiping out the debt, which had been getting in the way of their professional relationship.

“Chuy, you know it didn’t happen that way. What the fuck are you talking about?”

“I’m talking about when you signed over all your royalties to me. And you know what? I don’t like your tone. I’ve carried your ass for years now, sent you all that money out of my own pocket, and now you gotta pay up. My generosity’s run out. When you gonna send me a check?”

Of course, it was a gambit. It put Stefon on tilt, got him to say a lot of ill-advised things over the phone, which Chuy secretly recorded. It also prompted Stefon to take a swing at Chuy, which Chuy dived on, shamming that he’d had a soft-tissue injury in his neck, bringing suit for damages and pressing an aggravated-assault charge.

He dropped all that once Stefon agreed not to keep on with any claims about the forged signature; Stefon went on to become a good husband, a good father, and a hard worker. And if cleaning floors at Dodgers Stadium wasn’t what he’d dreamed of when he was headlining on Soul Train, at least he never missed a game, and his boy came most weekends and watched with him. Stefon’s supervisor didn’t care.

But the stolen royalties ate at him, especially when he started hearing his licks every time he turned on the radio. His voice, even. Chuy Flores had a fully paid-off three-bedroom in Eagle Rock and two cars and two ex-wives and three kids he was paying child support on, and Stefon sometimes drove past Chuy Flores’s house to look at his fancy palm trees all wrapped up in strings of Christmas lights and think about who paid for them.

ETA: Here's part two!

If you'd like an essay-formatted version of this post to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:

https://pluralistic.net/2024/02/17/the-steve-soul-caper/#lead-singer-disease

#pluralistic #the bezzle #martin hench #marty hench #red team blues #fiction #crime fiction #crime thrillers #thrillers #technothrillers #novels #books #royalties #wage theft #creative labor

99 notes · View notes

grits-galraisedinthesouth · 5 months

Text

Jezebel 2.0 continues her wicked mission to (behead) silence and harass TRUTHERS by criminalizing our digital criticism. Pure evil.

Please subscribe to Proper Wiseguy's NEW Channels & also consider making a donation to help him rebuild. Our world is in desperate need for gifted comedians. Hopefully this silencing stunt will backfire and move him closer to FULL TIME comedic work. He has real TALENT, something that makes The Meghans bitter with envy.

Queen Jezebel was the most wicked biblical "royal." She violently silenced all who spoke the truth while her feckless, cowardice husband---King Ahab---knew better but supported her every murderous scheme.¹ (Spoiler alert: in the end, she's thrown to the dogs.)

Just prior to the launch of their recent Nigerian Scam, Jezebel and Ahab 2.0 used BIG Brother (Google) to cancel/silence truther channels like Lion's new "Proper Wiseguy" channel (formerly Motivation Specialist) and Ibble Dibble. ID is thankfully back to normal. Join me in supporting Proper Wiseguy's effort to rebuild his channel.

Please follow the links to help Proper Wiseguy rebuild his new channel. He's also created a backup channel.

The hackers sabotaged more than his YT channel. Big Brother (Google) is also withholding the ad revenue he generated for them earlier in the year prior to monetization of his Motivation Specialist channel.

Tech experts advised Lion to purchase new equipment. Donations accepted via paypal, Go Fund Me and on his merch website

Please follow & retweet on Twitter @ProperWiseguy

Surely the sewer squad, messy misan and boozy the fraud are salivating over what they perceive as a win. It will backfire.

Murderous efforts to silence the truth will always backfire. Like Obi-Wan: when you strike down a truth teller, they return 7x TIMES STRONGER.

There's nothing new under the sun & nothing new in Darling's tactics to silence her critics: TorontoPaper February 10th 2019

"Did you really think, exposing nobodies with only a few followers, some broke or jobless, would help your image? Have you actually sunk this low? You were proud, almost arrogant. What happened to you? I don't recognize you anymore."

Lion is back and better than ever!

"I see myself in all of you too"- 🤡

youtube

"People see me as a role model." 🤡

Lion: Are people aspiring to be DList Actresses 😂

youtube

"So they loaded up Madea's jet & they moved to Beverly, Hills that is..." 😂

Sparry is lizard lip licking again...dressed like the king of fried chicken Colonel Sanders😂

youtube

From Lion's Comments Section

BTW-I don't think she has any of Diana's jewelry.

Proper Wiseguy Channels

Backup Channel

https://youtu.be/XM-xXZar6Vs?si=t-TM4Xrhacking.

Links:

Go Fund Me

https://www.gofundme.com/f/stand-and-fight-with-the-lion-who-loves-you-baby?utm_medium=copy_link_all&utm_source=customer&utm_campaign=p_cp%2Bshare-sheet&utm_content=v2_shareai_control

Website

¹Sparry to the Sussex Sewer: "Keep doing what you're doing."

23 notes · View notes

mantis--hymn · 2 months

Note

Hello! I hope you’re doing well. Unfortunately, one of the posts you reblogged, @/janeursural is a scammer. You can search up their name in the search bar, and it should load some posts exposing them. (But you can look here , here , and here ,for reference.) They are actually stealing the text from another fundraiser, with some minor changes. They are also a known scammer.

You should make sure to check if the fundraiser is verified. Some scams will say they are verified, but they don’t say by who, which is one of the warning signs of a scammer. (Another tactic they use is that they say they're vetted by made up usernames. Always check the account in case they mention a name.) Paypal is commonly used by scammers, and scammers will always use a private account instead of a public donation pool where you can see the raised funds. (example of a donation pool) There are so many common signs of scams, so I just recommend reading this guide.

I recommend to follow kyra45 or anonthescambuster, they document scams.

Hopefully you can take your reblog down as to not mislead people.

If you want to share verified fundraisers, then please look at el-shab-hussein’s list. Or this post if you want specific fundraisers. Those are all vetted.

thank you for letting me know!! i'll post this so that others are aware

#kaz.txt #kaz.exe

7 notes · View notes

ko-existing · 3 months

Note

Just with what you did this morning exposing the scammer told me everything, you have a good heart and now I'm convinced you're not lying, thank you 🤍

this is kind of funny but thank you🤣

But honestly, it's just common sense that if you claim to be richer than the wealthiest people combined but still rely on manipulation tactics by saying "you'll regret it" "quit your job" "get a grip" and "why would i care about these miserable people", manipulate them into paying $100 for the void and make up success stories that's an issue. We were blocked now, that's all that one needs to know about "her/him". It's a scam clear as day and many still believe in them which is understandable because they have that tiny bit of hope but think for minute.

I already said it previously but I'm going to say it again just ask yourself:

"why do I have to pay for what I already am while other people do not have to pay and effortlessly have what they say they have? What makes me different from them? Why do I have to spend $100 which could feed me for two months in some countries, to a random person on the Internet who says they're richer than the richest men combined? Why do I have to pay $100 for my limitlessness?"

I understand being desperate, I understand just wanting peace but giving away a large amount of money while you are already struggling is something you really have to stop yourself from doing because it's a scam if you just look. There is no difference between you and me and while my account doesn't have much to do with manifestation or void because we have a different view on those things, if you are someone who is in that direction that's fine but do not EVER rely on outside sources go look at yourself first. Keep your money in your wallet, go buy some food, go buy something cute but do not send it to a random person you do not know, especially not on tumblr.

10 notes · View notes

butts-bouncing-on-the-beltway · 1 month

Note

I am confused by the fundraisers post. Is it considered unethical to publicly post the criteria for vetting a fundraiser without disclosing any information about individual recipients?

It would be at a minimum questionably unethical to disclose the specific vetting measures used in any one specific case, although there are plenty in informal aid work who make the choice to do so anyway. It's far less accepted or common in more organized (even at the peer to peer level) aid groups for this to occur.

What *would* be normal ime would be to see someone disclose in the generic some of the vetting tactics they perform, and even hypotheticals of what that might look like to do. However, you would be surprised how much personal information is considered revealing in these spaces. It's not just "legal names and identity documents" it's literally ANYTHING that could make them identifiable to someone who knows them.

This is particularly visible in domestic violence aid work. To disclose even so much as the method of monetary exchange can be excessive risk taking for the recipients, so the most standard practice I have been instructed to use is to literally NEVER keep ANY kind of identifiable information about these recipients in a publicly accessible space, and to assign each recipient an internal ID number instead which is used to "discuss" their case in any kind of publicly accessible documentation. Often this ID number was even randomly generated to reduce the risk of recipients being identified via their "place" on the aid list.

I think that when it comes to online fundraisers, people see how intimate folks get when begging for funds and assume "well then why can't the aid groups and vetters be as open?"

Because they aren't the recipient. It's consent. And yeah, we COULD require consent from recipients to discuss their case publicly, but again and again when this is done, it alienates those in need from aid without AXTUALLY reducing any of the so called "fraud" that the public is concerned about.

If it is being done in an open-access public setting, it is NOT vetting. It is a release of private recipient information to beg for funds. And it BAFFLES me that people are treating the natural resistance to being exposed in that way during one of the most threatening times of their lives as a red flag for scams. I do not appreciate that AT ALL as someone who actually DOES aid work. If this becomes the "accepted" public understanding of vetting, do you realize how many recipients would disappear and go to ground across the board??? You CANNOT operate that way as an aid group or support staff. As much as the happiness and willingness of donors to open their pockets is part of your work, it can NEVER be at the expense of the people in need. And to normalize this expectation would be devastating.

It will not reduce fraud to publicly disclose vetting reports, in fact those are JUST AS EASILY if not MORE easily faked. All it does is expose recipients to additional violence and give donors the right to decide which of your recipients is actually worthy. I have been a community organizer for 25 years and a social worker for 10 and I would rather burn down every personal relationship I have than allow this kind of harm to come to the people I work with all because people are desperate to justify their need to look away from donation posts on the fucking internet.

5 notes · View notes

aphrodite1288 · 11 months

Note

i know you said you didnt want to talk about it, but re: one of the other anons about the soukor drug cases.

The second video they linked they said a "top global group from sm", but when i actually went to the video's comments, it seems that it was only about BTS members? theres also one comment that the youtube creator hearted that translated to "BTS did it, but why is our EXO tagged ㅠㅠ". and there are several comments defending bts members, regarding things the video implied, but no comments on exo members.

also about the alleged br*thel list thing, i highly doubt that any information will come out about those celebs if they havent taken drugs at the buildings. most of the men on list are single/unmarried, so theres also no means for "hes having an affair" if there are no drugs involved.

As I said when you see this fuss happening know that the government fucked up and they need a distraction to sway the General Public's Attention from the real matter to a stupid Idol scandal. And all companies sign this with The government to help distract the people to not create a Frenzy in the community and create internal wars and fights which may lead to Separation, Vandalism and Rebellion! It's a Political tactic to control the People of the Land.

And in back, the companies get immense Sponsorships and Raise in their Shares and stocks and bigger exposure. It's a WIN-WIN situation for both parties, only the idols are the victims but some get real cash for accepting to be the bait aka Media Plays.

Government asks big companies to release relevant idols' OLD scandals from the archive to create a gray smoke to hide the real Chaos! Some idols go as sacrifice as their companies sold their info and scandals with evidence for the governmental institutions and sell them and their secrets to the media and Sasaengs! Yes companies sell their Idols! You saw how YG simply sold everything about GD and later on when they were asked they said he's no longer under them so they don't know. Lol you see the betrayal. And they do that when they don't care or want an idol anymore and they just don't care about his career and they did ruin B.I from iKon and BOM from 2ne1, and Lucas from NCT, and Chanyeol, and Bobby and GDragon and TOP from BigBang, and Goo Hara from TARA, and many many more.

Remember they hid the big issue with the old president's impurities and scams and Crimes by bringing up "the Burning Sun" scandal that happened way long ago, and they hid the burning Sun with Jenkai, it was all happening at the same period of time.

Camouflage over Camouflage over Camouflage.

They hid that government personality named "Kyungsoo" during the same day by Dropping the " D.O or Kyungsoo from Exo have officially left SM entertainment" the same day the other Kyungsoo fucked up, while Our D.O's leaving SM fight with SM happened in January but they didn't expose it because SM would lose stocks! They did all their best to hide no company would risk the Loss they will face when the exposure of their potential idol leaving UNLESS they're getting Way more money and Shares and Stocks than what they'll lose 😉 you got what I mean 😉?

They used Kwangsoo and exposed his relationship to hide a lot of shit happening back then. Even though many said him and that woman were just in a business relationship. But I don't wanna believe that.

They used NCT's Taeyang's past and ruined him to hide some political issues and SM thought it was the best time to drop it because it's even more convenient that Kris's departure is happening and affected the company so bad. And they used Baekhyun and Taeyeon and exposed their relationship to hide all this.

Again Camouflage over Camouflage over Camouflage.

Some on the other hand get casted in less harmful scandals aka " SET UP DATING SCANDALS MEDIA PLAY" like Jongin and Jennie did, and Kaistal and Jisoo and Ahn Bohyun and HEECHUL and Momo and So on, Jennie and GDragon. Though Jenkai came to Cover up a lot, to Cover up The burning Sun and Jennie's Lazy Scandal and her affair with her Own Boss YG.

The only couple whom I think were genuine are Jihyo and Daniel, at this point.

16 notes · View notes

jakethesequel · 2 months

Note

I recommend to follow kyra45 or anonthescambuster, they document scams.

Hopefully you can take your reblog down as to not mislead people.

If you want to share verified fundraisers, then please look at this post for specific fundraisers. They are all taken from el-shab-hussein's list.

Good to know, thanks

3 notes · View notes

norosesnolife · 2 months

Note

I recommend to follow kyra45 or anonthescambuster, they document scams.

Hopefully you can take your reblog down as to not mislead people.

If you want to share verified fundraisers, then please look at el-shab-hussein’s list. Or this post if you want specific fundraisers. Those are all vetted.

Ah, thank you for telling me!! The post had claimed to be verified, which is unfortunate. I will delete the post.

#Ask? Answered!#important

3 notes · View notes

nicofiction · 2 months

Note

I recommend to follow kyra45 or anonthescambuster, they document scams.

Hopefully you can take your reblog down as to not mislead people.

If you want to share verified fundraisers, then please look at el-shab-hussein’s list. Or this post if you want specific fundraisers. Those are all vetted.

thank you for letting me know! i took down the reblog and i’ll also share this!!! i’ll be more careful next time!

#important #palestine #free palestine

4 notes · View notes

zerosecurity · 3 months

Text

Surge in Credential Compromises Driven by Social Engineering Attacks

A staggering 92% of organizations experienced an average of six credential compromises caused by email-based social engineering attacks in 2023, according to a new report by cybersecurity firm Barracuda. These insidious tactics, which prey on human vulnerabilities, continued dominating the threat landscape, with scamming and phishing accounting for 86% of all social engineering attacks last year.

Emerging Trends in Social Engineering Techniques

Conversation Hijacking: A Sophisticated Impersonation Ploy While conversation hijacking, a technique where attackers compromise business accounts through phishing and monitor communications to craft convincing messages, accounted for only 0.5% of social engineering attacks in 2023, it represents a staggering 70% increase compared to the previous year. This sophisticated tactic allows cybercriminals to gather sensitive information about deals, payment procedures, and other operational details, impersonating trusted entities and tricking victims into authorizing fraudulent transactions or updating payment information. Business Email Compromise (BEC): A Persistent Threat Business email compromise (BEC) attacks, where hackers impersonate executives to trick employees into transferring funds or sensitive data, remained a prominent threat in 2023. These attacks accounted for 10.6% of all social engineering incidents, up from 8% in 2022, highlighting the persistent allure of this lucrative technique for cyber criminals. Extortion: Holding Data Hostage for Ransom Another alarming trend involved extortion attacks, where cybercriminals threaten to expose sensitive or embarrassing content to their victims' contacts unless a ransom is paid. These attacks accounted for 2.7% of the total social engineering attacks in 2023, underscoring the growing prevalence of this nefarious tactic.

Exploiting Legitimate Services for Malicious Gain

The report also sheds light on the evolving use of legitimate services by attackers to target employees through social engineering techniques. Gmail emerged as the most commonly abused email domain, accounting for a staggering 22% of all attacks last year. Other popular free webmail services exploited by hackers included Outlook (2%), Hotmail (1%), iCloud (1%), and Mail.com (1%), while all other domains accounted for 73% of attacks. Notably, attacks originating from Gmail domains were heavily skewed towards BEC, with over 50% of such attacks falling into this category, followed by scamming at 43%.

Malicious URL Obfuscation through Shortening Services Cybercriminals also demonstrated a growing reliance on popular commercial URL shortening services to embed malicious links in phishing emails, effectively disguising the true nature and destination of these links. The most widely used shortening service in 2023 was bit.ly, leveraged in nearly 40% of attacks involving shortened URLs. X's (formerly Twitter) shortening service came in second, utilized in 16% of such attacks, marking a significant shift from 2020 when it accounted for around two-thirds (64%) of these attacks.

The Rise of QR Code Phishing Attacks

Another notable development in the realm of social engineering was the significant rise in QR code phishing attacks towards the end of 2023. Approximately 5% of mailboxes were targeted with these attacks in the final quarter of the year, a concerning trend highlighting cybercriminals' ever-evolving tactics. In these attacks, cybercriminals embed QR codes in phishing emails, prompting unsuspecting users to scan the code and visit a fake page masquerading as a trusted service or application. These pages are designed to trick users into downloading malware or entering their login credentials, effectively compromising their accounts and data. Evading Traditional Security Measures QR code attacks pose a unique challenge as they circumvent traditional email filtering methods, which rely on detecting embedded links or malicious attachments. Furthermore, these attacks leverage personal devices, such as phones or tablets, which are often not protected by corporate security software, providing cybercriminals with a potential entry point into organizational networks and systems. Read the full article

#phishing #socialengineering

3 notes · View notes