Tag Archives: Phishing

Life After Release-3

Great Blue Heron in Flight

Though this post begins different than some of my others, it does relate to life after release by showing my adaption to the technological advances made since I walked out the prison doors on August 28, 2018.

A walk in the Park on a cool and cloudy, Southern day. What a pleasure it was to see a great blue heron spread its majestic wings and soar across the water. Had I not been trigger-happy on my smartphone, I would have left the park with a nice video of it flapping its wings to lift itself above the water to fly off into the trees after I disturbed its peace by walking too close for its comfort.

When I pressed the spot on my phone to start the video, I didn’t think it worked so I pressed again. The second press stopped the video that had slowly started, so I got a one-second video and another slightly longer one that tracked it as it neared the trees, too far away for a good image.

SMARTWATCH WITH PHISHING LINK INCLUDED

Two weeks ago, I ordered a smartwatch online that has the capability of connecting to the camera in my smartphone. My plan was to use the smartwatch to take a selfie or group photo with me in the picture without having to hold the phone in my hand.

When my smartwatch arrived from China, I scanned the QR Code on the miniature user’s guide to connect my smartphone. Not just any smartphone, a real smartphone with the latest technology. The Android 10 update removed bugs and improved security.

No Connection: I aborted the download when Google Chrome and my security system warned that a phishing link was detected in the app: “IhzI666.com/fundo/download.html Phishing Website” (actual URL).

I contacted the company that I bought the watch from and told them that the watch, simply labeled as SMARTWATCH, came with the phishing link in the QR code and should be removed from inventory and that the company should contact and warn all customers who purchased that brand.

Fortunate for me, a couple of days before my devilish smartwatch arrived, fully loaded to catch a phish, I checked my phone for updates and saw Android 10 was available. Had I not have taken the time to update my phone, my finances may have dwindled, even though I do use two-factor authentication to protect access to anything I use with important information contained therein.

ALWAYS BE ON ALERT FOR SCAMS

Within a month of my release from prison, I ran into a scammer who posed as a hiring manager for a company offering a work-from-home opportunity. A little too late (after giving personal information), I figured out what was going on, but kept the person on the wire for over a week playing games with him, her, or IT, because I had already done what I could to protect myself and didn’t have anything of value to be taken, other than my fine name associated with a long history of criminal convictions.

ALERTED: The email address ended with @gmail.com. The company he, she or IT claimed to represent, came before the @gmail.com. Any official business will use their company email account, not gmail.com, hotmail.com or anything other than something like @amazon.com or @straightfromthepen.com.

I immediately contacted the credit reporting agency, Esperian, and froze my credit reports and alerted the FCC about the Scam-in-Process. After letting the idiot think for a week that a phish was online, I sent a text and revealed what I had done and said, “You need to find you a real job. I’ve been in federal prison for thirty-years and don’t have anything for you to steal. I’m out here starting my life over. Find something else to do that is more constructive before you end up going to where I just left.”

He, she, or IT was one of many scammers that I have dealt with since my release. Because of my popularity as an author, blogger, photographer (Google Guide-almost 4,000,000 views of my photos in Google Maps), etc., my social presence makes me a target.

Before my release, and afterwards, if I had not taken the time to learn about security, and the advancements in technology, my life would be different than what it is today.

To repay my debt to society, I use those negative experiences to help others avoid being caught in the same traps by forewarning them and posting blogs like this to enlighten others because life out here isn’t always a Walk in the Park.

But life is good, especially when I am blessed with seeing the beauty of God’s creation as it spreads its wings to fly into the sunset or across a body of water.

The Phish Who Got Away

The veterans of today’s online wars don’t have to carry guns and ammo to protect us: they use keyboards and electronic equipment. I praise them, too.

The day after I posted “Happy Veterans Day” with a link to an article from Reader’s Digest about scammers/fraudsters, I received a Wells Fargo email instructing me to call a number if I hadn’t received my new debit card.

(Read the referenced articles inside the Reader’s Digest article to learn more about online scams: [Reader’s Digest published a great article that I read and shared on Facebook and Twitter because of all of the information contained about protecting online identity, by having links to other articles not included in the title, 13 Signs Amazon Seller Can’t Be Trusted. https://www.rd.com/advice/signs-amazon-seller-cant-be-trusted/?_cmp=readuprdus&_ebid=readuprdus10272019&_mid=309700&ehid=8fbcb9fd291744b840632983d832178c40787096 ])

I knew the card was just mailed that morning and suspected a scam. Being the investigative-type of person I am, I called the number to investigate: I was correct!

The speaker said they knew from the phone number what my bank account number was, so all they needed was the last four digits of my social security number.

I hung up, and immediately went online to my bank account that I use the two-step verification process on (my phone must be used in conjunction with the login information), and then turned off my card that was soon to expire (I was waiting for its replacement).

After knowing the card and account was safe, I called the bank number I knew was legit and reported the attempted phishing.

Well, this phish broke the line and got away to fight another day. I don’t reckon they liked my blogging about their scamming.

I stayed up late running various security scans and changing passwords to protect myself. Please read some of the articles in Reader’s Digest to enlighten yourself on how to identify the fraudsters who want to steal your money or identity. Don’t be lazy or so arrogant that you think you do not need to worry about some scandalous son of a bitch who wants to be you long enough to steal your funds and identity: it may happen to anyone.

The following excerpt came from one of the articles I sent out on Facebook and Twitter. It is 100% correct.

“MARVENT/SHUTTERSTOCK

“’If you receive a suspicious email from a friend’s email address, don’t reply, ‘Is it really you?’ because the fraudster will answer ‘Yes.’ If a suspicious email from your bank contains a phone number, don’t call it. Instead, look up the bank’s phone number in the Yellow Pages or Google it.’” —Mark Gazit, CEO of ThetaRay, a provider of big data analytics solutions.”

https://www.rd.com/advice/work-career/clear-signs-youre-about-to-be-hacked/

As I stated, I knew to call the bank phone number I knew wasn’t a scam.

Then I received my weekly updated email from Wordfence.com that told of a security issue with WordPress Email Subscribers & Newsletters.  Here are some excerpts. I posted the URL to the complete article for those who want to read the full report.

“Multiple Vulnerabilities Patched in Email Subscribers & Newsletters Plugin

This entry was posted in VulnerabilitiesWordPress Security on November 13, 2019 by Chloe Chamberland

“A few weeks ago, our Threat Intelligence team identified several vulnerabilities present in Email Subscribers & Newsletters, a WordPress plugin with approximately 100,000+ active installs. We disclosed this issue privately to the plugin’s development team who responded quickly, releasing interim patches just a few days after our initial disclosure. The plugin team also worked with us to implement additional security measures.

“Plugin versions of Email Subscribers & Newsletters up to 4.2.3 are vulnerable to attacks against all of the vulnerabilities described below, and versions up to 4.3.0 are vulnerable to the SQL injection vulnerability. All Email Subscribers & Newsletters users should update to version 4.3.1 immediately. Wordfence Premium customers received new firewall rules on October 14th to protect against exploits targeting these vulnerabilities. Free Wordfence users receive these rules on November 14th.

“Unauthenticated File Download w/ Information Disclosure

Description: Unauthenticated File Download w/ Information Disclosure
CVSS v3.0 Score: 5.8 (Medium)
CVSS Vector String: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Affected Plugin: Email Subscribers & Newsletters
Plugin Slug: email-subscribers
Affected Versions: <= 4.2.2
Patched Version: 4.2.3

“Email Subscribers & Newsletter provides site owners with the ability to create newsletter campaigns that site users can subscribe to. One feature of this plugin is the ability to export all of the site’s subscribers into a single CSV file containing first names, last names, email addresses, mailing lists the subscriber is on, and more. Unfortunately, there was a flaw in this plugin that allowed unauthenticated users to export subscriber lists and gain all of the information provided by subscribers.”

For the complete report go to https://www.wordfence.com/blog/2019/11/multiple-vulnerabilities-patched-in-email-subscribers-newsletters-plugin/?utm_campaign=Wordfence%20Blog%20Emails&utm_source=hs_email&utm_medium=email&utm_content=79364920&_hsenc=p2ANqtz-8BWZWGcayl7CmLA8_0ZOuqUMxFleAxNa1XzLNtcjmm_PWVISfoOeViJk0XBMmja4fUtyG9alUFRXA6PRL4cnymLjx62a0YXm_ZWbqwjxsINMHzwyE&_hsmi=79364920

In the words of a biblical writer, “Be Aware Lest Ye Fall.”

That time I got away by breaking the line before the hook set, and I have maintained heightened security measures since then, adding additional computer security programs to check for malware, spyware, viruses, and all sorts of various poisons used to attack and infect unsuspecting citizens.

Even with all of those measures in place, I know to remain aware, to keep updating computer program security features and processes, and to never get so relaxed that I think those hooks aren’t in the water waiting for some unsuspecting PHISH to come swimming by.