The email itself ended up in my spam/junk folder. However, not everybody uses the same email platform that I do. Chances are, because it is in Irish, it might bypass such protective systems.

What did the An post scam email look like?

Here is the email that I received:

For those of you who haven’t got the cúpla focail, it translates as:

An error occurred in the delivery process

Dear customer,
You have a package that needs to be delivered, but it has been put on hold due to an incorrect delivery address.
Edit your personal information and add a valid shipping address to complete the delivery process.

• Tracking number: DA053884562IE
• Re-delivery fee: €1.99.
• Date: 25/03/2023

Redelivery

This is an automated message, please do not reply.

Attention : If you do not update your details and enter a valid shipping address within 3 days of receiving this message, we will return this package.
The job.

I had to laugh at the last line there – An post translates to “The job”. 🤣

What happens if I made a mistake and clicked the button?

You would be brought to a website, that looks remarkably like an An Post website. In keeping with the theme of the email, it will all be in Irish. On this page you would be asked to enter lots of personal data, including payment card information. I’ve translated the various input fields in red in the image below:

One interesting thing here is that the links at the bottom of the page are all genuine An post website links and will take you to the genuine site and social media channels.

I can’t read Irish. Sure how would I know what I’m being asked for?

You mightn’t be able to translate that website. Your browser probably can and so it can be easy to potentially fall victim, particularly where you are waiting for a package to be delivered.

Is there anything that gives this away as a scam?

If this was for a genuine shipment, with some missing address data, they should show you what address information they do have and allow you to correct it. So that is the main giveaway to me.

People like me (a security nerd) will examine the address bar of a website. I know some trainers tell people they need to examine this themselves. However, that’s terrible advice, as most normal people will never do that on a consistent basis. Not only that, how can I be completely sure that this address is not correct? “anpost” is mentioned a couple of times, as well as the .com portion. Website addresses are hard sometimes:

Another big giveaway here is the “Not secure” warning. If you EVER come across that on a website, DO NOT enter any data on that website, no matter whether you think it’s a genuine site or not. Anything you type will not be transmitted in a secure manner.

HOWEVER, the scammers could easily set the website up so that the “Not secure” is not shown, so don’t be completely dependent on that as a way to avoid being scammed.

Well what would you do so mister smarty pants?

If I had something on order, I would refer back to the original shipping email and click the tracking link from that.

If that wasn’t available, then I would copy the tracking number from the An post scam email, go to the An post website and paste it into the tracking facility. It should spit out a message saying that the package can’t be found.

Let’s be careful out there.

How can L2 Cyber Security help you?

We offer a full range of training programmes, which can be delivered online or in-person.

Contact us for more information at info@L2CyberSecurity.com.

#SecuritySimplified

The post An Post Scam Email Gaeilge Edition appeared first on L2 Cyber Security Solutions Ltd..

The ESB text message

The message appears to have come from “ESB” and it cannot be replied to, which gives it a certain degree of legitimacy. If you have taken my training you will know that you simply cannot trust what number is calling you or texting you, as spoofing is so common.

The message says:

You are eligible for a discounted electricity bill under the Energy support scheme.

You can apply here: https[:]//register-electric-refund[.]com

I have “defanged” that link so you cannot go to the site accidentally.

If you go ahead and click the link, you will be taken to the following web site:

The “Government” information page

That looks remarkably like the ACTUAL Irish Government Website which is here:

https://www.gov.ie/en/publication/4ae14-electricity-costs-emergency-benefit-scheme/

That is, all except for the “Verify now” button at the bottom. The criminals have effectively cloned the majority of the government’s page on this scheme. None of the links work on the page that I tested … EXCEPT for that “Verify Now” button. 🤔

The “Registration” pages

Well, if you click that, the “government” now seems to want you to register for the scheme (which is automatically dealt with by the power supply companies), so you are first asked for some personal details:

When you hit “Continue, you will then be asked to provide some billing details.

Billing details?!??!!? I thought they were giving us money, not billing us?

Well, they are probably hoping that you are used to divulging your payment card details onto website.

They do validation on the card number and the page crashed on me as I was attempting to enter a potentially valid number, so I wasn’t able to find out what happened next, but presumably they will start buying stuff on your account!

So there it is … an ESB text message scam, that could just as easily be for any of the other providers, but it’s likely only going to be the ESB as they have the most customers in the country.

Let’s be careful out there.

How can L2 Cyber Security help you?

We offer a full range of training programmes, which can be delivered online or in-person.

Contact us for more information at info@L2CyberSecurity.com.

The post ESB text message scam. appeared first on L2 Cyber Security Solutions Ltd..

The eFlow Text Message

The text message she received from “eFlow” was about an unpaid toll. eFlow is an Irish motorway toll operator. (narrator’s voice: It was not from eFlow 🙄).

The message reads:

eFlow: You have an outstanding fee of 6.32 EUR due from a journey made in 2022. Please pay now to avoid incurring any penalty charges via eflow-online-services[.]com

That link has been defanged, so you cannot click on it accidentally.

If you click on the link, you will get taken to a very realistic and similar looking website, to the real eFlow one. This though, seems to have nothing to do with the unpaid toll. 🤔

What do they want you to do?

They want you to update your details with them, including payment card. This is the type of thing that you can look out for. A site asking you for lots of personal data when you’ve clicked a link. eFlow already has your data, if you are a customer. They do not need you to go and type it all in again. No matter what excuse they make up. If this was really eFlow, they would have provided the details they already held on you!

What should I do?

I hope I say this enough. We really need to stop clicking on any link that might be included in text messages. There is just no decent reason to have links sent by text message. The criminals use them, because they tend to get passed a lot of spam filters. If this was sent by email or WhatsApp it would probably get thrown into the junk folder.

I think most of you that have seen previous posts from me, won’t fall victim to such a scam, but please do share this, so others will be aware of it.

If anybody has gone through with this update, please contact your bank’s fraud number immediately.

So there it is. An eFlow text message scam. Please don’t fall for it.

Let’s be careful out there.

How can L2 Cyber Security help you?

We offer a full range of training programmes, which can be delivered online or in-person.

Contact us for more information at info@L2CyberSecurity.com.

#SecuritySimplified

The post eFlow text message scam. appeared first on L2 Cyber Security Solutions Ltd..

What’s so dodgy about “My bank account has changed”?

You see Irish people don’t change bank accounts at all. If it does occur, it is a rare event, which is why there is a greater chance that it’s a scam.

Do you remember when Ulster Bank had massive IT failures in 2012 and 2015? People were unable to receive wages/salaries, pay bills, mortgages, etc. FOR WEEKS! Yet, when the dust had eventually settled, only a tiny percentage of people switched bank accounts away from them.

So even after a bank has performed terribly at customer service, people still are reluctant to change from them. So it is a very rare event here. Apparently it is quite frequent in Europe, but their banks are likely more focussed on customers than our lot.

So if somebody, who appears to be a client or supplier, contacts your business and says that they have changed bank account, then you need to be on alert and go through some steps to verify the new account (below).

By the way, this can also happen with salaries and wages. A scammer might impersonate an employee and give new bank account details to the payroll people.

Wait a minute, aren’t there some bank closures happening?

Indeed yes. For the next six months or so, there is going to be a MASSIVE number of bank accounts being changed in this country, with over 1 million accounts affected by the Ulster Bank and KBC bank closures. So there are a lot of legitimate accounts being changed.

This doesn’t mean you should drop your guard. You need to vigilant. My normal advice still stands on this. It is more important now though, as you can be sure that the criminals are going to take advantage of the confusion caused by this huge volume of change.

How do I protect myself from being scammed?

So, if someone contacts you and says the magic words “Our bank account has changed.”, do the following:

• Get them to send you a scan of the top part of bank statement with bank address, account name, customer address and IBAN.
• Make an outgoing phone call to the finance or admin person at that company, using a trusted telephone number (perhaps from their website).
• Ask them to tell you their IBAN – don’t provide it to them.
• Only then change your payment system.

Let’s be careful out there.

How can L2 Cyber Security help you?

We offer a full range of training programmes, which can be delivered online or in-person.

Contact us for more information at info@L2CyberSecurity.com.

#SecuritySimplified

The post Bank account has changed – Scam alert! appeared first on L2 Cyber Security Solutions Ltd..

How do Romance Scams start?

Romance scams usually will start on online dating platforms or it could be social media or other kind of messaging sites, where a stranger will connect with their victim. They’ll establish a kind of a relationship with that person. Usually fairly quickly they will try to move off those online platforms and move over to communicating solely through email.

What do they do then?

They will spend a lot of time developing a relationship with their victim, including getting romantic and telling them they love them and such like. The reason they spend so much time at this is because they make a lot of money from it.

How would you know it is a scam?

The way you know it’s going to be a romance scam is they try to get you to wire them money for various reasons:

• They may be trying to plan a trip to come and visit you.
• They might have got mugged and they suddenly need some money.
• Over a period time they might have a “sick relative” that needs medical attention and they need money.

But they always want you to wire them money.

Bottom line:

So the thing here is folks … if somebody you have never met wants you to wire them money, don’t do it, it is a scam. Trust me on this. It is absolutely always a scam.

So that’s it for this week. Lets be careful out there and we’ll talk to you again next week.

How can L2 Cyber Security help you?

We offer a full range of training programmes, which can be delivered online or in-person*.

L2 Cyber Security are also a partner of CyberRiskAware for online self-directed Cyber Security Awareness training and Phishing testing.

Contact us for more information at info@L2CyberSecurity.com.

*With appropriate social distancing and other health and safety measures adhered to.

Follow us on Social media:

Liam is available on Twitter, LinkedIn and Instagram.

Follow L2 Cyber on Twitter, LinkedIn, Instagram and Facebook.

© L2 Cyber Security Solutions

The post #WeekendWisdom 080 Romance Scams appeared first on L2 Cyber Security Solutions Ltd..

Where is this coming from?

Last weekend I was reading online some stories about people being scammed and also looking at some YouTube clips showing how some of these scams can operate. They had a very common theme with something that happened to a friend of mine on Monday who was very lucky and very nearly got scammed by a similar tactic.

What happened to my friend

My friend had been in contact with a company that apparently was doing some kind of investment opportunity and that there was an app available to be able to manage this investment. To set this thing up, the person from the company needed my friend to download a remote control application onto their phone, in order to assist with setting things up.

This is what remote control scammers want

Now this was the common theme with the other scams that I was reading about. People downloaded remote control software to their laptops or their phones.

Now no genuine, legitimate company is ever going to ask you to install remote control software to be able to set up an app. It just doesn’t happen. If somebody says to you “I want to install remote control software” end the conversation. Hang up. Don’t engage.

Maybe your IT support people use remote control for support

Now if you are in a corporate environment or maybe your company uses an outsourced IT managed service provider who gives you external support, they already might have remote control software on your machine. They won’t need to install it.

If anybody ever asks you to install remote control software, end the call. Do not engage. Do not install that software.

So that’s it for this week. Lets be careful out there and we’ll talk to you again next week.

How can L2 Cyber Security help you?

We offer a full range of training programmes, which can be delivered online or in-person*.

L2 Cyber Security are also a partner of CyberRiskAware for online self-directed Cyber Security Awareness training and Phishing testing.

Contact us for more information at info@L2CyberSecurity.com.

*With appropriate social distancing and other health and safety measures adhered to.

Follow us on Social media:

Liam is available on Twitter, LinkedIn and Instagram.

Follow L2 Cyber on Twitter, LinkedIn, Instagram and Facebook.

© L2 Cyber Security Solutions

The post #WeekendWisdom 072 Remote Control Scammers appeared first on L2 Cyber Security Solutions Ltd..

Why is this an issue now?

I was speaking with my post man the other day and he was telling me that they are gone really, really busy with delivering packages and parcels to people all along their route. So obviously the Christmas shopping season is in full swing and with us being in lockdown, people are ordering online much more.

What is this Online Shopping Scam?

But I became aware of a new online shopping scam there late last week. What happened was that the person was on Facebook. They saw an advertisement for a product that is associated with their hobby and the price was really really good. So they clicked on the link. They were brought to a website of a well-known retailer and the price was there. The product was there. They placed an order and sometime later they got delivered something like a magazine. Something that had no real value and wasn’t the product they ordered.

So they disputed the transaction but because the fraudsters had actually gone ahead and delivered something, the bank was reluctant to reject the transaction because there had been something delivered. So it was difficult to resolve that issue for that person.

How did they manage that?

What had happened was the fraudsters had set up a clone of the genuine retailer’s website, which is something that’s really simple to do. They looked exactly the same, just those prices were ridiculously low.

How can I not fall for that?

So the tip here folks is that if you see something online that the price is just too good to be true, it probably is. So don’t fall for it. Don’t go and purchase anything like that.

So that’s it for this week. Let’s be careful out there and we’ll talk to you again next week.

How can L2 Cyber Security help you?

We offer a full range of training programmes, which can be delivered online or in-person*.

L2 Cyber Security are also a partner of CyberRiskAware for online self-directed Cyber Security Awareness training and Phishing testing.

Contact us for more information at info@L2CyberSecurity.com.

*With appropriate social distancing and other health and safety measures adhered to.

Follow us on Social media:

Liam is available on Twitter, LinkedIn and Instagram.

Follow L2 Cyber on Twitter, LinkedIn, Instagram and Facebook.

© L2 Cyber Security Solutions

The post #WeekendWisdom 054 Online Shopping Scam appeared first on L2 Cyber Security Solutions Ltd..

So here it is. I’ve removed the identifying bits from my colleague’s company, but it was his domain name where shown.

The only red flag in this email was the From address. That was a peculiar looking domain name.

While there was no sense of urgency in the email, obviously the thought of your business having a negative listing isn’t good. Also this service is apparently “a FREE public service”, so surely it won’t cost anything to be able to make the listing positive. Right?

I’m sure if you clicked that link and sent an email looking for the report, an offer would be made to help you get a positive listing … for a small fee of a few hundred or thousand pounds (this is a UK site after all).

Even without the red flag on the from address, this whole email stank to me. It was simply trying to use a ruse to shame the domain owner into getting in contact to supposedly make their company GDPR compliant. As always treat any unsolicited email with the contempt it deserves.

If you received anything like this, you can always get in touch with us at info@L2CyberSecurity.com and we will be happy to clarify for free. If you’d prefer an official response, you could contact the Data Protection Commission at https://www.dataprotection.ie/en/contact/how-contact-us

Lets be careful out there.

#SecuritySimplified

#GDPR #SimpleGDPR

The post Not GDPR Compliant – Really? appeared first on L2 Cyber Security Solutions Ltd..

Hoax bomb e-mail

Subject: Think twice
There is the bomb (tronitrotoluene) in the building where your business is located. My recruited person constructed an explosive device under my direction. It has small dimensions and it is hidden very well, it is impossible to damage the supporting building structure by my bomb, but there will be many wounded people if it detonates.
My man is controlling the situation around the building. If any unnatural behavior, panic or emergency is noticed he will power the device.
I want to suggest you a deal. You send me $20’000 in Bitcoin and the bomb will not detonate, but do not try to fool me -I warrant you that I have to call off my man solely after 3 confirmations in blockchain network.
My payment details (Bitcoin address)- XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX <redacted>
You must pay me by the end of the workday. If the working day is over and people start leaving the building explosive will explode.
This is just a business, if I do not see the money and the bomb detonates, next time other commercial enterprises will send me a lot more, because this is not a single incident.
I wont enter this email. I check my Bitcoin wallet every 40 min and after seeing the payment I will order my mercenary to leave your district.
If an explosion occurred and the authorities see this letter:
We arent a terrorist society and do not assume responsibility for explosions in other places.

Needless to say it is a hoax bomb threat. It is similar to the sextortion scam that I warned about last July.

I love the last line. “We arent (sic) a terrorist society …” I think the evil doers are a little bit scared that the anti-terror units will come after them. They should be scared … but of all law enforcement. They will come down hard on these guys. In fact the US Computer Emergency Readiness Team (US-CERT) have advised people to:

• Do not respond or try to contact the sender.
• Do not pay the ransom.
• Report the email to the Federal Bureau of Investigation (FBI)

The concern about the volume of these types of threats though, is that they will tie up first responder resources while the hoax bomb is being investigated.

Lets be careful out there.

#SecuritySimplified

The post Hoax Bomb Extortion Emails Are Latest Scam appeared first on L2 Cyber Security Solutions Ltd..

So it’s similar in nature to the earlier sextortion scam where it shows an old password. However this one includes a link to a “video presentation” as proof that they have a video recording of you up to fun and games while watching pornography. The recording also includes a view of the alleged pornography that you were watching. If you click on the link, it will lead to Ransomware becoming installed on your computer. This will then scramble all of your files and demand $500 ransom to unscramble them. Here is an example of the dodgy e-mail:

The evil doers are using multiple social engineering techniques to fool nervous and vulnerable people. This step of providing “proof” of the existence of the video evidence is really sneaky. Please don’t fall for it. Let everyone you know, hear about this. You can point them at some detailed advice in our Fifth Commandment which is part of the wildly popular Ten Commandments of Cyber Security.

If you want to find out how our simple, yet comprehensive Security Awareness training can help you spot these scams and avoid falling for them, then please send an e-mail to info@L2CyberSecurity.com or call 087-436-2675 and we can let you know.

Lets be careful out there.

#SecuritySimplified

The post Sextortion Scam Volume 3 appeared first on L2 Cyber Security Solutions Ltd..