Lecture on Impersonation and Scam Calls

Introduction

Microsoft Windows Scam
- Caller claims to be Wendy from Microsoft.
- Urgency about computer issues.
- Wendy is not from Microsoft Windows.
U.S. Treasury Scam
- Caller claims to be from U.S. Treasury.
- Urgent enforcement action.
- Unlikely to be the U.S. Treasury due to bad grammar and the nature of the message.
Credit Card Scam
- Caller congratulates on excellent payment history.
- Offers 0% interest rates on credit card accounts.
- Not a legitimate caller from any credit card company.

Definition: An attacker pretending to be someone else to gain trust.
Examples of impersonation tactics:
- Claiming to be from a company's help desk.
- Posing as a higher-ranking official within an organization (e.g., VP of Finance).
- Using technical jargon to distract the target.

Eliciting sensitive information like credit card numbers, social security numbers, bank details.
Story-telling to gain trust and extract information.
Example: Claiming a payment issue to get bank account details.

Attackers use personal information to open accounts or obtain loans under the victim's name.
Tactics include:
- Opening credit card accounts with victim's information, but attacker’s address.
- Using the victim's information to open a bank account for illegal activities.
- Applying for loans using the victim's details.
- Committing tax fraud to get refunds.

Do not volunteer information
- Be cautious if someone requests sensitive information like passwords.
- Support teams usually do not need your password to assist you.
Keep personal information private
- Avoid sharing personal details over phone, email, or other methods.
- Information like address, social security number, date of birth can be misused.
Verify the caller
- If unsure about the caller's legitimacy, verify them through a public phone number.
- Verification should be a standard procedure in organizations, especially for financial or sensitive details.