‎

Scam of the Week

Artificial Intelligence, Real Scam

You may be familiar with ChatGPT, an AI assistant that generates realistic conversations. It was developed by an organization called OpenAI. In this week’s scam, cybercriminals could send you a phishing email that appears to be from OpenAI. The email warns that you will lose access to ChatGPT unless you update your payment method and pay a subscription fee.

The email appears to be legitimate, and it even contains the OpenAI logo and an official support email address in the text. But like many phishing scams, the email also includes a link to a fake webpage asking for your personal data and credit card information. If you click the link and enter your information, your subscription to ChatGPT will not be renewed. Instead, the cybercriminals will have stolen your personal information and money!

Follow these tips to avoid falling victim to a phishing scam:

• When you receive an email, stop and look for red flags. If you have doubts, always visit the official website to verify that the email you received is legitimate.
• Always hover your mouse over links in emails. Watch out for spelling mistakes, unusual domains, or suspiciously long URLs that can hide a website’s true domain.
• If you receive a suspicious or unexpected email, follow your organization’s procedure for reporting it.

The KnowBe4 Security Team

Scam of the Week

From Tickets to Email Trickery

If you recently bought a ticket to a local event, you may have used Eventbrite’s website or smartphone app. Eventbrite is an online platform that allows you to create, promote, and attend events. But cybercriminals are abusing this platform to steal your personal information and money. In this week’s scam, cybercriminals use Eventbrite to set up a fake event and then email you an invitation.

The Eventbrite email invitation contains realistic logos and brands, and it appears to be legitimate. But if you select the link within the email, you will be taken to a fake webpage that is actually controlled by cybercriminals. The webpage will prompt you to enter personal data such as your login information, tax identification number, and even your credit card number. The cybercriminals are trying to steal your personal details and funds!

Follow these tips to avoid falling victim to a phishing scam:

• Be wary of emails that urge you to take quick action. Phishing emails are designed to catch you off guard and trigger you to act impulsively.
• Never select a link in an unexpected email. In this case, it would be best to navigate to Eventbrite’s official website or smartphone app if you have concerns about tickets you’ve purchased.
• If you aren’t sure if an email you received is legitimate, contact Eventbrite’s customer support directly to verify.

Scam of the Week

The Fake TSA Precheck Email

Many air travelers turn to TSA PreCheck for its quickness and ease. TSA PreCheck is a US airport screening program that allows you to get through airport security with fewer steps and without waiting in long lines. But cybercriminals take advantage of this tool to trick travelers. In this scam, you receive an email that appears to come from TSA PreCheck. The email encourages you to enroll or renew your membership and provides a link to what looks like the official TSA PreCheck website.

The website promises you can skip the long security lines at the airport by paying a fee. However, this website is a fake version of the real TSA PreCheck website. If you enter any money or financial information here, the scammers will be able to see it immediately. The benefits you buy from the fake website will not work at any airport. Worst of all, the cybercriminals have stolen your sensitive information and money!

Follow these tips to avoid falling victim to a phishing scam:

• This particular scam targets US air travelers, but remember that this type of scam can be used for other organizations as well. Always be cautious before clicking on unexpected emails.
• Be wary of requests to pay a fee right away. Cybercriminals will try to pressure you into acting quickly.
• When you first enroll in the actual TSA PreCheck, you pay in person, not online. Also, real Transportation Security Administration (TSA) emails never contain direct payment links. When in doubt, contact the TSA directly.

The KnowBe4 Security Team

Scam of the Week

Beware the Fake Cashier’s Check

No one is immune to being targeted by scammers, including lawyers and law firms. Lawyers often handle debt collection, and cybercriminals are seeking to take advantage of that. In this week’s scam, a law firm is contacted by someone claiming to be a client who needs assistance with collecting a debt payment. The firm works with the client to determine who owes the debt and then sends a letter requesting that the debt be paid. The person who owes the debt money immediately agrees to pay and sends what appears to be a real cashier’s check to cover the cost.

The law firm deposits the check and wires money to the client’s account. However, both the client and the person who owes the debt are scammers who are working together. The entire story about being owed a debt is a scam, and the cashier’s check is fake. The fake check doesn’t clear at the bank, and the scammers are able to escape with the law firm’s money!

Follow these tips to avoid falling victim to a cashier’s check scam:

• Look for red flags. Always be suspicious of situations or opportunities that seem too good to be true.
• Be extra cautious when dealing with money or other financial requests. Trust your instincts and contact your bank if you have concerns about a check or money transfer.
• Be suspicious of requests to take action quickly. Cybercriminals pressure their victims to act quickly so they won’t be caught.

The KnowBe4 Security Team

‎

‎

Scam of the Week

Hurricane Scams

Scammers will frequently use high-profile events, such as natural disasters, to try to trick you. In the aftermath of Hurricane Helene in the United States, scammers have wasted no time in turning this situation to their advantage. They’ve been using AI to generate fake images that play on your emotions, to get you to donate your money to help people who have been affected by the disaster. Recently, an image of a scared little girl holding a puppy and being evacuated from a flood area has been circulating on Facebook and other social media.

However, this image is fake. The scammers are trying to trick you into clicking a link to “donate” to a fake relief effort or to steal your personal information. In either case, their goal is to get you to act impulsively. If you donate money or enter any personal information, it will not help any victims who were impacted by the hurricane. However, it will help the scammers steal your money and your data!

Follow these tips to avoid falling victim to a hurricane scam:

• Be wary of AI-generated images. Look for signs that an image might be fake, such as unusual details or inconsistencies.
• Make sure that the charity you’re donating to is legitimate. Only donate through the official websites of well-known charitable organizations.
• Don’t act impulsively. Take time to research before donating or clicking on links, especially in the aftermath of a disaster.

The KnowBe4 Security Team

Scam of the Week

The Shopping List Swindle

Walmart’s Lists feature allows you to create an online shopping list and share it with others. In this week’s scam, cybercriminals are using Lists and malicious Google ads to steal your personal information and money. This scam begins when you search for Walmart’s customer service page on Google. You’ll see a sponsored ad result that claims to lead to a page that provides Walmart’s customer service information. If you click it, the ad will direct you to a Walmart List page. However, instead of containing normal shopping items, the List contains a phone number that appears to be for Walmart’s customer service team.

However, both the ad and the Walmart List were created by cybercriminals. If you call the number, you’ll be connected directly to a scammer. They will ask for your personal and financial information, and then they will attempt to scare you by saying that your account was used to transfer money illegally. The scammer will then try to pressure you into transferring your money into a Bitcoin account in order to prevent additional transactions. If you do transfer the money, it will go directly to the cybercriminals!

Follow these tips to avoid falling victim to a shopping list swindle:

• Be wary of clicking on Google ads. Anyone can buy a sponsored ad on Google, including cybercriminals.
• Be suspicious of anyone forcing you to act quickly. Scammers frequently attempt to trick you into acting impulsively.
• Always think before clicking on a link or providing your personal information, even on official websites. Trust your instincts and be on the lookout for anything that seems suspicious.

The KnowBe4 Security Team

‎

‎

Scam of the Week

The Fake Funeral Livestream

Unfortunately, cybercriminals will go to great lengths to try to trick you and steal your information. In this week’s scam, cybercriminals are stealing photos and personal details of recently deceased people from social media. They use these photos and personal details to create convincing comments on Facebook. When an announcement is posted about the deceased person, the cybercriminals leave a comment. The comment says that the funeral is being streamed online and that you need to click a link to watch it.

However, the funeral service isn’t actually being streamed online. If you click the link in the comment, you’ll be taken to a fake website that’s controlled by the cybercriminals. The website includes instructions to enter your credit card information so that you can supposedly watch the funeral. If you enter any information here, the cybercriminals will be able to see it immediately. You won’t actually be able to watch the funeral service online, but the cybercriminals will be able to charge your credit card!

Follow these tips to avoid falling victim to a fake funeral scam:

• Never donate money to an online fund unless you can verify it has been set up by an official source.
• If you’re experiencing a major loss, set your social media websites to private before posting details about the deceased person. This will make it more difficult for cybercriminals to steal personal photos and information.
• Always use caution when entering financial information online. Make sure that the website you’re visiting is legitimate.

The KnowBe4 Security Team

Scam of the Week

Don’t Be Fooled By Fake Phone Numbers

In this week’s scam, cybercriminals are using Google search results to try to trick you into calling a phone number that they control. If you search for an organization on Google, scammers can manipulate the search results to display a fake phone number for the organization. Don’t take a chance of losing your investments on a risky phone call.

If you search on Google and call the fake number from one of these manipulated search results, you will be connected to a scammer. They will attempt to trick you out of your money by saying that your account needs updates or you need to transfer funds. They may ask you for your login information so that they can access your account. Once they gain access to your account, they can quickly transfer your funds to accounts that they control. This is one investment that you don’t want to risk!

Follow these tips to avoid falling victim to a phone number scam:

• Confirm that you are on the organization’s official website if you are going to buy one of their products or use one of their services.
• Double-check that the listed phone number is the same one on the organization’s official website.
• Report any fake listings, ads, or any other type of disinformation through Google’s Report services.

The KnowBe4 Security Team

Scam of the Week

Beware of the Celebrity AI Cash Grab

In a recent scam, cybercriminals posted a fake video of Elon Musk on YouTube, trying to trick you into handing over your money. Cybercriminals often use AI to impersonate celebrities so that they can spread misinformation or trick people into falling for their scams. This particular scam attempts to trick you into depositing your cryptocurrency into an online account.

In this scam, the cybercriminals used AI to create a fake video that looks and sounds like the real Elon Musk. The video contains a QR code, and the AI-generated Musk urges you to scan it. If you follow the instructions to scan the code, you will be directed to deposit money into an account with the promise of receiving a larger return for your investment. The catch is there is no return on your investment. Your funds are deposited right into the scammers’ pockets!

Follow these tips to avoid falling victim to an AI video scam:

• Be wary of any social media content that uses endorsements from celebrities, because celebrities can be impersonated online.
• Be cautious whenever you are prompted to enter financial information online. Only use official financial websites.
• No legitimate financial institution will guarantee a large return on a small investment. If the opportunity seems too good to be true, it usually is.

The KnowBe4 Security Team