QUISHING: Scams Defined

Posted on June 4, 2025 by Dr. David Edward Marcinko MBA MEd CMP™

QR Code Cyber Security Scams

SPONSOR: http://www.CertifiedMedicalPlanner.org

By Cloudflare and AI

***

***

What is quishing?

Quishing, or QR phishing, is a cybersecurity threat in which attackers use QR codes to redirect victims to malicious websites or prompt them to download harmful content. The goal of this attack is to steal sensitive information, such as passwords, financial data, or personally identifiable information (PII), and use that information for other purposes, such as identity theft, financial fraud, or ransomware.

This type of phishing often bypasses conventional defenses like secure email gateways. Notably, QR codes in emails are perceived by many secure email gateways as meaningless images, making the users vulnerable to specific forms of phishing attacks. QR codes can also be presented to intended victims in a number of other ways.

MISHING: https://medicalexecutivepost.com/2025/02/28/mishing-a-mobile-first-phishing-technique/

What are QR codes?

QR codes, or Quick Response codes, are two-dimensional barcodes that can be scanned easily with a camera or a code reader application. The main component of a QR code is data storage. QR codes have the capability to store significant amounts of information including URLs, product details, or contact information. Scanning technology allows smartphone cameras or code readers to easily and quickly access the website to which the URL points.

SMISHING: https://medicalexecutivepost.com/2025/01/08/smishing-beware-scams/

How does quishing work?

In a quishing attack, the attackers create a QR code and link it to a malicious website. Typically, the attacker will embed the QR code in phishing emails, social media, printed flyers, or physical objects, and use social engineering techniques to entice the victims. For example, victims might receive an email urging them to access an encrypted voice message via a QR code for a chance to win a cash prize.

Upon using their phones to scan the QR code, victims are directed to the malicious site. The site may prompt victims to enter private information, such as login information, financial details, or personal information. In the example above, the site may request the user’s name, email, address, date of birth, or account login information.

Once this sensitive information is captured, attackers can exploit it for various malicious purposes, including identity theft, financial fraud, or ransomware.

What is Cyber-Security SPOOFING and PHISHING?

COMMENTS APPRECIATED

Like and Confirm

***

***

Filed under: CMP Program, Ethics, Glossary Terms, Information Technology, LifeStyle | Tagged: , , , , , , , , , , , , , , , , , , | Leave a comment »

SCAMS: Pig Butchering

Posted on February 15, 2025 by Dr. David Edward Marcinko MBA MEd CMP™

By Staff Reporters

***

***

What Is a Pig Butchering Scam?

Pig butchering scams get their colorful (and gory) name from the process of fattening hogs before slaughtering them. Except in this case, it’s a scammer making friends with you before taking your money. These cons have four distinct phases:

  1. Initial contact is made by a scammer. The scammers are often enslaved by organized crime rings who force them to contact potential victims through social media platforms, dating apps, online networking sites, and job boards.
  2. Fattening, a phase where the scammer gets to know and builds trust with a victim. They may pretend to be romantically interested in the victim, befriend the victim, or offer the victim a job.
  3. Slaughter refers to the phase where the con pays off. Scammers may persuade victims to send them money, invest in a fake company or cryptocurrency, or reveal sensitive personal information that can be used for identity theft. Over time, scammers ask for large sums of money threatening to end contact if victims refuse to pay.
  4. Shaming and disappearance. Scammers will continue their relationship with the victim until the victim is unable to pay or catches onto the scam. Scammers may taunt their victims to shame them into silence, or they may simply vanish along with any accounts, websites, or apps they’ve been using.

How to Avoid Pig Butchering Scams:

To avoid becoming a victim of a pig butchering type scam, watch for these red flags and know how to protect yourself:

  • Unexpected contact: Never respond to unsolicited messages from unknown contacts, even about seemingly benign topics, especially via text message and on encrypted messaging applications.
  • Refusal to participate in video chats: If someone you’ve been messaging with consistently declines to interact face-to-face, they likely aren’t the person from the profile photo.
  • Request for financial information: Don’t share any personal financial information with individuals you’ve never met in person. If a new virtual friend or romantic connection starts making financial inquiries, put the brakes on the relationship.
  • Invitation to invest in specific financial products: Be wary of any unsolicited investment advice or tips, particularly from someone you’ve only spoken to online and even if they suggest you trade through your own account. Always question what a source has to gain from sharing tips with you and whether the transaction fits with your financial goals and investment strategy.
  • Unknown or confusing investment opportunity: Carefully evaluate the product, as well as the person and/or company requesting your investment. Along with a basic search, try adding words like “scam” or “fraud” to see what results come up. Consider running recommendations by a third party or an investment professional who has no stake in the investment, and use FINRA BrokerCheck to see if the promoter is a registered investment professional.
  • Unfamiliar trading platforms: Do extensive research before moving any money, particularly in an emerging market like cryptocurrency, which has hundreds of exchanges and new avenues for trading continuing to evolve. Who controls the platform? What security measures are in place? How can you withdraw funds if needed? If you don’t know the answers to those questions, don’t put your assets there.
  • Exaggerated claims and elevated emotions: Take a closer look at any investment that offers much higher than average returns or is touted as “guaranteed.” Fraudsters will also often use their knowledge about you to appeal to your emotions—something like, “Don’t you want to have money to send your kids to college?”
  • Sense of urgency about an upcoming news announcement or share price increase: Remember that insider trading is illegal, and you should never trade in shares of a company on the basis of material, nonpublic information.

MORE:

Learn more about how to protect your money from fraud and get more insight from the FBI and the Financial Crimes Enforcement Network (FinCEN) on pig butchering schemes involving cryptocurrency.

If you think you’ve been a victim of a pig butchering stock scam, submit a regulatory tip to FINRA. If you think you’ve been the victim of internet fraud, file a report with the FBI’s Internet Crime Complaint Center.

COMMENTS APPRECIATED

Refer and Subscribe

***

***

Filed under: "Ask-an-Advisor", Accounting, Ethics, Experts Invited, Funding Basics, Glossary Terms, LifeStyle, Professional Liability | Tagged: , , , , , , , , , , , , , | Leave a comment »

SMISHING: Beware Scams!

Posted on January 8, 2025 by Dr. David Edward Marcinko MBA MEd CMP™

***

***

Smishing is a form of phishing that uses Short Message Service (SMS), commonly known as text messages, instead of email. Typically, the scammer poses as a legitimate institution, such as a bank, a service provider or a reputed company. The text message they send creates a sense of urgency or threatens consequences if the victim doesn’t respond immediately. It downloads malware on the phone or includes a link to a fraudulent website designed to look like the legitimate organization’s site. When victims reach that site they are tricked into entering their personal information.

Seven Types of Smishing Scams

1. Impersonation Scams: The attacker pretends to be a known organization or individual. The attack could be via a message pretending to be from a bank, government agency or a reputable company.
2. Tech Support Scams: Attackers pose as representatives from tech companies, claiming that the victim’s device or account has been compromised and that they need sensitive data to fix the problem.
3. Account Suspension Scams: These messages claim that an account (bank account, social media or any other service) has been suspended and prompt the victim to verify their identity by providing sensitive information.
4. Missed Delivery Scams: Attackers send messages claiming that the victim has missed a package delivery, and they need to provide personal details or a fee to reschedule the delivery.
5. Prize or Lottery Scams: Messages claiming that the victim has won a prize or a lottery, and they need to provide personal details or make a payment to claim the winnings.
6. Charity Scams: In these attacks, scammers impersonate a charitable organization, asking for donations, usually following a large-scale disaster or during holiday seasons.
7. Malware Link Scams: Messages containing a link, which when clicked, installs malware on the victim’s device, allowing the attacker to steal information or gain control over the device.

Attackers are constantly innovating and finding new ways to exploit human trust, so it’s crucial to be skeptical of any unsolicited or unexpected message that asks for sensitive information or prompts to click a link.

COMMENTS APPRECIATED

Refer and Subscribe

***

***

Filed under: Ethics, Glossary Terms, Information Technology, LifeStyle, mental health | Tagged: , , , , , , , , , , , | Leave a comment »