Beware of social engineered Covid-based hiring scams

Social Engineering at its best!

The Covid pandemic has generated a significant amount of scams utilizing social engineering.  These scams have reached unprecedented levels of creativity, to the point that some are extremely difficult to detect.

While cybercriminals have incorporated corporations as part of their lure to draw potential targets into a phishing attack, they have raised the interest level for  those looking to supplement their income.  This is being accomplished by forwarding what appears to be legitimate payments from legitimate organizations.

The appeal of this socially engineered scam

The attached article is not about wrongdoings by our financial institutions.  It is about how we must all be as diligent as possible when considering offers we discover or receive that appeal to our immediate needs.  This scam is growing significantly, whereby fraudulent payments are forwarded that appear to originate from legitimate organizations, resulting in more people experiencing substantial financial losses that, in most cases, cannot be recovered.

With regard to this article, the individual believed they had undertaken as much due diligence as possible prior to becoming engaged in this scam.  However, there is one key missing checkpoint, that if done, would have immediately revealed that this offer was a complete scam – a simple phone call to the company making the offer to confirm the legitimacy of the offer.

Instead, due to the extremely well-crafted phishing attack, the target became a cybervictim.  As funds were being drawn from their bank account, the natural reaction of the victim was to immediately contact their financial institution, and request repayment of the stolen funds back into their account.

Where does the responsibility rest for lost funds?

The problem, as noted in the article, is that the victim forwarded funds willingly, thereby absolving the bank from having any fiduciary responsibility to compensate for the fraudulent losses.  The fact the bank did so, while admirable, should not become an assumed method of recovering funds lost to a cyber-scam.

How to avoid becoming a victim of these types of phishing attacks

Whenever you are presented with an appealing opportunity that appears to fit your personal needs or desires that involves the acceptance or payment of funds, be sure to contact the organization that is represented in the communication directly.  The targeted organization will be grateful to discover they are being targeted as well, and can take appropriate measures to inform the public to be cautious about the scam.

Should you contact the police?

Many cybervictims believe there is little benefit in contacting the police about being victimized by a cyberattack.  This is an incorrect assumption!  While law enforcement agencies do not have the time or resources to investigate every cyberattack that is reported, it is important that they are made aware of as many as possible, in the event they are already investigating the same scam.  Every scam can be entered into a database for future reference, and for future investigative purposes.

Who is ultimately responsible when we pay a scammer?

As stated, whenever we forward funds willingly to another party, it is our responsibility to ensure that those funds are going to a legitimate recipient, regardless of how we send the money.  This applies to whether a payment is physically made, mailed, or done electronically.  As custodians of our own funds, we have a responsibility to take whatever measures are necessary to ensure we are making a legitimate payment.

Should we expect a financial institution to reinstate funds lost through cyber-victimization?

In the event you are victimized by a cyber event, and funds are lost, it is imperative that your financial institution be notified as soon as possible.  They may be able to freeze your accounts in an effort to prevent any illicit current or future illicit transactions from occurring.  However, even if the bank were to attempt to retrieve funds that have already been forwarded, the statistical recovery rate is less than five percent.  This recovery rate drops significantly if the funds are subsequently  sent out of the country.  At that point, they will be virtually unrecoverable in most cases.

What are best practices to avoid being scammed by these types of cyberattacks?

While cybercriminals continue to find new ways to successfully social engineer us to become cybervictims, we can reduce the probability of becoming a cybervictim.  Common sense is our best defense.  By taking time to examine any unsolicited offers, or those that may appear during a self-initiated search on the Internet, and ensuring we use every method possible, starting with directly contacting the individual or organization represented in the offer .  One of the leading causes of becoming a cybervictim is by acting to quickly to incoming communications, and not taking time to consider whether what we are viewing could be a cyberattack – most often designed through various creative social engineering techniques.

Always remember – “Don’t be quick to click”!

You can read the article here.