You get hacked and suddenly everyone in your contact list gets spam. It’s something we’ve all dealt with at one point or another. It happened to a WINK News anchor recently, and as he was warning everyone and changing his passwords, Investigative Reporter Céline McArthur went on the hunt to see what we can learn from this scam.
Identifying and tracking down cybercriminals can be nearly impossible. They’re good at hiding in cyberspace and there are just so many of them. This is a screenshot of a cybersecurity threat intelligence map created by a company called FireEye. The company says it tracks cybercrimes across the globe in real-time.
Chances are you won’t know the person targeting you, but finding out how they got to you and how they operate can help you better protect what’s yours.
Here’s the email from, let’s call him “Fake Chris.” It appears to be from my colleague Chris Cifatte. You see his name, my name and then the message.
Because it was an unusual request, and looks a little messy, I gave it a closer look. When I clicked on his name, I could see this isn’t the real Chris’ email address. This is a case of phishing. It can happen to anyone and can be a fake email from a colleague, friend, family, or a place you do business, like your bank. Florida Department of Law Enforcement Special Agent Christopher Tissot explains.
“These actors will actually register a domain, say one letter off from a legitimate domain. They’ll send an email because most people don’t look at the email address close enough to realize (it’s not legitimate),” says FDLE Special Agent Christopher Tissot. “Next thing you know, they’re thinking that it’s their bank and they fall victim to another scam. I’ve seen people send thousands of dollars or more of their life savings to these scammers.”
I asked private cybersecurity expert Craig Peterson to help us safely take the bait from “Fake Chris” so we can see what this hacker is trying to reel in. We text the number in the email and quickly get a response:
“I aimed at surprising some of our deligent staffs with gift cards today.”
You see the hacker’s word choice and grammar are way off, but what’s clear is he wants this purchase to be a surprise, and wants me to go out and buy five $100 Amazon gift cards. Once I get them, he wants me to scratch the backs to reveal the codes, take pictures, and text them to him—so he can cash them in, and I’m out $500.
I let him know I’m suspicious. I reply, “Chris, what’s with your grammar, you’re a NEWS ANCHOR for heaven’s sake.” The hacker’s responses are ridiculous, but Peterson says this phishing scam is serious because it sometimes works.
“They’re looking for someone that’s a little on the gullible side, so they can initially screen you really well,” says Peterson. “And they do that by using bad grammar, so someone that really speaks English well is not going to communicate with them.”
Peterson discovered on a website, Have I Been Pwned, that the real Chris’ email and password information were exposed to the public four times since 2018.
Armed with that information, retired FBI Special Agent and WINK News Safety and Security Specialist Rich Kolko explains what happens next.
“These criminal robots, these computer robots send out these mass emails hoping that just one person clicks on that link,” says Kolko.
Seems like a lot of effort just to get some gift cards.
“There are two things they want,” says Kolko. “They’re happy to take that quick and easy hit, if they get the five gift cards. There’s $500 that goes into their system. If that’s working several times a day, that does add up to a significant amount of money. But at the end of the day, what they want is that personally identifiable information. They can target other people, get their personal information, get passwords, get financial data, do identity theft, and it just becomes a bigger and bigger crime.”
FDLE Special Agent Tissot has investigated cybercrimes for years, and says it takes a lot of time and effort to keep up with the latest threats.
“Constant training. I’d say 50% of my job duties are training,” says Tissot. “I feel as if I study more than I did in college, but the technology is constantly changing, so we have to change and adapt as well.”
His advice to you — question everything that comes through text or email. If it looks off, delete it.
“Don’t trust anything that comes in your inbox. Double-check it and almost look at if everything you’re getting, you shouldn’t be getting,” says Tissot.
In 2021, Florida had the second-highest number of cybercrime victims in the country and the fourth-highest losses — more than $528 million. Phishing is one of the most common.
If you have something you’d like me to investigate, email me at [email protected]
Copyright 2022 Fort Myers Broadcasting Company. All rights reserved. This material may not be published, broadcast, rewritten or redistributed without prior written consent.