The video delves into the dangers of common online scams, illustrating how seemingly innocent interactions can lead to major financial and personal losses. The discussion begins with a text message exchange that may seem harmless but could potentially be a pig butchering scam, where scammers develop a fake relationship with the victim to coerce them into investments only to lose their money. It further describes a variation of this scam focused on job recruitment, which also ends up exploiting victims financially.

This video is crucial as it highlights the important cues to recognize and halt these scams. It offers insights into how scammers extract personal information and use it against victims. Different scam tactics are explored, including romance scams and fake job offers, both of which can lead to identity theft or financial exploitation.

Main takeaways from the video:

💡
Online scams often start through simple text exchanges or too-good-to-be-true job offers.
💡
Scammers can steal personal information to commit identity theft and other fraudulent activities.
💡
Taking precautionary measures like not responding, being skeptical, and securing personal information can prevent falling victim to these scams.
Please remember to turn on the CC button to view the subtitles.

Key Vocabularies and Common Phrases:

1. fattening [ˈfætnɪŋ] - (verb) - In this context, making someone more susceptible to a scam by gaining their trust. - Synonyms: (nurturing, building trust, grooming)

And they are going to fatten you up through getting in your good graces, developing a relationship with you, making you think they're your friend.

2. anatomy [əˈnætəmi] - (noun) - A detailed examination or analysis of something complex. - Synonyms: (structure, makeup, framework)

So let's take a look at what the anatomy of these attacks are like and how they end up leading you into a bad place.

3. sob story [sɒb ˈstɔːri] - (noun) - A tale told to evoke sympathy, often used by scammers to manipulate others. - Synonyms: (heartbreaking tale, tearjerker, sad story)

There's going to be some sob story, some situation where they got mugged, their money was stolen from them.

4. plausable [ˈplɔːzəbəl] - (adjective) - Appearing reasonable or probable. - Synonyms: (credible, believable, probable)

So it seems like a plausible case that they would need, if they're going to be your employer, they would need that kind of information.

5. identity theft [aɪˈdɛntɪti θɛft] - (noun) - The fraudulent acquisition and use of a person's private identifying information. - Synonyms: (impersonation, identity fraud, personal theft)

How about identity theft?

6. social engineering [ˈsəʊʃəl ˌɛnʤɪˈnɪərɪŋ] - (noun) - The use of deception to manipulate individuals into divulging confidential or personal information. - Synonyms: (manipulation, deception tactics, confidence trick)

Another pretext for a different type of scam that's called social engineering.

7. account takeover [əˈkaʊnt ˈtəʊkəʊvə] - (noun) - When a scammer gains control over someone's account, often through acquiring passwords fraudulently. - Synonyms: (account breach, unauthorized access, takeover)

Another big one, pay close attention on this one. ATO is account takeover.

8. preemptive [priːˈɛmptɪv] - (adjective) - Planning actions to prevent anticipated events. - Synonyms: (proactive, precautionary, preventive)

Other things that you can do is a preemptive strike is lock your credit.

9. authentication [ɔːˌθɛntɪˈkeɪʃən] - (noun) - The process of confirming the truth of an attribute of a datum or entity. - Synonyms: (verification, validation, confirmation)

Every chance you get a chance, every time you get a chance, use multi factor authentication.

10. benign [bɪˈnaɪn] - (adjective) - Gentle and harmless; not harmful in effect. - Synonyms: (harmless, neutral, benign)

Now that is a ton of information that really came from what seemed like a pretty benign conversation over text.

Scam Alert - Pig Butchering, Recruitment Scams & More!

You ever had a message exchange that went something like this? Are you free tomorrow? No. Very expensive. Huh. Sorry, I don't recognize this number. Who are you? I'm Selena. If you have no plans, I'd like to invite you to join us for a barbecue. Sounds like a harmless case of mistaken identity, right? Well, maybe not. This might be the beginning of your worst nightmare. We call this a pig butchering scam.

Now, don't worry. No pigs were harmed in the making of this video. The reason it's called that is because you, the victim, are the pig. And they are going to fatten you up through getting in your good graces, developing a relationship with you, making you think they're your friend. Then they're going to entice you into some sort of scam, probably an investment scam. And that's when the butchering happens.

Okay, so maybe you're smart enough and say, I'm never sending money to anyone over the Internet under any circumstance. That one's not an issue for me. How about this one? You're an honest person, just looking for an honest job. The job market is not being favorable to you. And finally, you get a message like this on your professional social media app, and it says, sorry to bother you. Your background and resume have been recommended by multiple online recruitment agencies.

Therefore, we would like to offer you a great remote online, part time, full time job, helping merchants, blah, blah, blah. It pays this much a day? It pays. All of this stuff is just awesome. It sounds too good to be true. Well, of course it is. In fact, this is what we call a job recruitment scam. It's a similar version of the pig butchering scam, but there may be different aspects to it.

So we're going to take a look at both of these scams and try to see what we can do to learn to recognize them and what we can do to prevent falling victim to them. These scams tend to revolve around one of two things. Love or money. Or both in many cases. So let's take a look at what the anatomy of these attacks are like and how they end up leading you into a bad place.

So, first of all, we'll take a look at the first one. That's the love or relationship related scam. So these can take one of a couple of different forms. One would be what's called a romance scam. And these things tend to start. They can start from a text message, like I just demonstrated before, and then they develop what you think is a relationship with you. It's not Really a relationship.

And in fact, the person that you're talking to is not probably who you think they are. And that's where some of these others come in. Dating apps and sites are a good example of where you see a lot of fraud. Someone goes and finds pictures of some attractive person on social media, puts that in a fake profile, and then you start communicating with them. You think that's who you're talking to. You're not. You're talking to someone else who looks nothing like that and is nothing like that, but they start communicating with you and you're having this, what you think is a relationship. So that's one path where this goes.

And then at some point, what is going to happen is there's going to be some sob story, some situation where they got mugged, their money was stolen from them, they have a medical bill that they need to pay, they're going to come to visit you maybe, and they just need the money for the plane ticket or for whatever it is. And that is, of course, where the scam part comes in. Now, a variation on this relationship is not so much about romance, but it's more about friendship. And in this case, these tend to start off because we don't have friend apps so much, but these will tend to start off like the example I showed you. That's. It's a text message that comes in out of the clear blue that looks like one of these mistaken identity situations.

But then what you know is wrong about this is they continue. Why would they invite a total stranger who. They have no idea who they are. They don't even know what city you live in at this point, and they're inviting you to come to a picnic or a barbecue or trying to start up a relationship with you. You know, look, if I was trying to reach John and I ended up with Jeff, why do I want to just continue the conversation with Jeff when I was really trying to have it with John? That should be your. Your clue that this is not legit.

So the text message exchange, you continue with all of this, then eventually they're going to involve you in some sort of probably an investment scam of some sort. They're going to say, oh, here's a picture of my new home, my new car, my new boat, and start showing you a lot of things and say, hey, would you like to be able to get these things, too? And here, by the way, I just made a ton of money in the last 20 minutes. I doubled my money on some sort of fake crypto scam because in fact, there's no real investment that's even happening. They're going to tell you that they'll let you in on the deal if you will just send the money to them and then they'll show you fake results that make you think you're winning. You will invest more money and more money and so forth. And this all.

And by the way, these dating scams can also do the same thing. These can end up moving to a fake investment scheme, but as you can see, all of them end up in the same place. You losing money somehow or another. Now let's take a look at the other side of this. The other is a job offer that comes in. And in this case, they're going to lead you through a different process.

They're going to ask you to do some sort of job application, fill out this form, maybe even go through some interviews, which will all be faked. These will be individuals who are not working for any company. They are scammers. And they're just trying to get information out of you. A couple of different variations. And by the way, there are a lot of variations on a number of these. I'm just trying to show you what a few of the most common ones are.

But in this case, what do we put on a job application? Personally identifiable information, your name, address, maybe Social Security number. Because after all, if you're going to work for these people, they have to know that in order to do the taxing and things like that, where they're going to send their paychecks to your paychecks, this kind of information. So it seems like a plausible case that they would need, if they're going to be your employer, they would need that kind of information. What could that lead to? Well, how about identity theft? So if I have all of that information about you, in fact, I now have the ability to do a lot of things with that information, including steal your identity and do fraud with it.

Another example on this one is, is maybe we say, congratulations, you've been hired. In fact, I know a guy who got one of these. And in that case, what they said is, here we're going to send you a check and you deposit this into your account. So we're going to front you the money, but in order to do your job, you're going to need to buy some supplies. So we'll send you the check, you put that in your account, but in the meantime, you go ahead and buy these supplies from this special website. Well, guess what? The website is not a place where you can buy Supplies, it's just a place that's going to collect your credit card and then they're off to the races.

So this is going to lead from what should have been work supplies in order to get your job done into yet another case of you losing money. You notice what's common about both of these, they end up in the same dead end. So how could this situation that I just outlined actually get worse? I'm glad you asked. Let's take a look. So what kind of information could the scammer glean from you? Well, a couple of different sources.

For instance, one, the text message exchange that we just talked about. So some things that they're going to find out automatically or then through a little more conversation with you, they can tease out some information. For instance, one of the things they know is what your phone number is. Now you say, well, they kind of had to know that already in order to text me. No, they didn't. They could just pick a random number. But what they discovered when you answered is that this is a valid number and that it's active.

So they know the status of that number. So it's a legitimate number and there's a real person on the other end. Now, what else could they find out? Well, again, they say I'm Selena. You know, they're going to eventually ask you, what's your name? And you're going to tell them. If you're following along with the scam, tell them your name.

Mail. Maybe not your full name, but it gets, you know, it starts small and it builds. Then, oh yeah, well, I live. They'll say, I live in Los Angeles. So where do you live? And then you're going to tell them because again, you think there's a possibility for romance or friendship. Seems harmless enough. Then, oh, yeah, I'm working in this field.

What kind of work do you do? And you're going to tell them, and that's going to get a lot of information just out of the text exchange. Now, what could all of that stuff lead to? Well, with that, now we can go off to social media. If I'm the scammer. And I could also do a public record search with some of this information and start to learn even more about who you are. For instance, some of the things that I might be able to find would be what your actual home address is.

By taking some of this and putting it all together and doing the right searches, I could find out what your work history is. Go into. Of course, there are social media sites that are professionally oriented and they will show work history. They'll also show educational history. Why would that be interesting? We'll take a look. Back in just a few minutes.

But these kinds of things will be useful later. All of this information is being revealed. Might also figure out from these sources your relationship status. They could also find out things like who your family and friends are, so who are your associates, and those would be useful to further attacks against, for instance, them as other victims, potentially other things they're going to learn from social media, your favorites, because after all, in social media we tell the whole world what my favorite color is, what's my favorite team, what's my favorite pet, this kind of thing. So all of that kind of information gets filled in here from social media and then other things like the city you were born in, your birth city and so forth.

Now that is a ton of information that really came from what seemed like a pretty benign conversation over text. And all of this information fed together leads to more of this kind of information and all of that information then used to further the attack. What could they do from an attack perspective? Well, as I mentioned already, identity theft. So if we're going to do an identity theft case, I need to know a lot of this kind of detail so that I can open a credit card in your name so that I can get a loan in your name. And therefore the attacker is able to get this kind of money from you and do damage to your credit along the way. Another big one, pay close attention on this one.

ATO is account takeover. If you think about this, if you forget your password, how do you go get back into your account again? Well, you have to answer some questions. And what kind of questions do they ask you? Oh, yeah, what city were you born in? Where did you go to high school? What was your favorite pet? Who's your favorite sports team? In other words, the answers to most of these things will be the things that allow someone to take over your account by doing a password reset.

Once they've been able to do that and they can take over your email account, then it's game over because the email account is where I'm then going to be able to go to all these other sources and do even more damage. So I can go to your bank and have your password reset and it's going to go to your email address, which now the bad guy is in control of. Now they're able to basically do whatever they want. What else might happen here? Well, look, people tend to choose the same password for everything. If they can get away with it because it's simpler and easier to remember. So it's not just your personal stuff, it's the company as well, who you work for.

Your password to log in there might also be compromised in this. So this is where it brings it back to not just you, but the place you work now has a security threat that could occur. Some other things with this kind of information that could be done is more convincing social engineering attacks. So I could do this against your co workers, the people you work with, if I knew all of this about you, I could call your co worker and say, hey, look, I am Jeff's cousin or his friend and he's been in an accident and we need your help and blah, blah, blah. So there's another pretext for a different type of scam that's called social engineering, where someone is basically abusing the tendency people have to trust each other.

Other examples, merchants. So it could be a place where you buy stuff from. If I have all of this information, maybe I can take over your account on that online ordering site and then I can order all kinds of stuff and you pay the bill and I get the stuff. Other examples here, your bank, which of course is where all the money is, we think. And if I get that kind of information here, I can use this to socially engineer. The people at the bank, say, hey, look, I lost my password, my computer blew up, you know, whatever, my phone was stolen, I need to be able to get back into my account. And they're going to ask you a bunch of questions to prove that you're who you claim to be going to be.

These kinds of questions, all this kind of information that seemed to begin with something very benign and very simple. A casual conversation leads into more and more detail. And the further you go down the rabbit hole, the more the attack gets dangerous. So what can you do to make sure you don't fall victim to one of these scams? The first thing you should do is something you shouldn't do, and that is respond. Don't respond. When you get that random text message from someone you don't know that seems to be trying to start a conversation with, you, just don't respond. Because that way you don't validate what they're doing.

They don't know then if your number is valid or not, is active or not, and they will eventually leave you alone and move on. The next thing is be skeptical throughout all of this. With any of these kind of attacks, you need to keep thinking, does this sound too good to be true? Has some Beautiful person suddenly wanted to become my friend. As a company now starting to make a job offer, to me that is too good to be true. Be skeptical about those things. In fact, do some research, especially on the job hunt scams where you're looking for a job.

Go look up that company, make sure they really exist. Although even if they do, that doesn't mean scammers aren't using the name of a well known and existing company to hide behind. So make sure if you can, that in fact these people work for that company. In fact, here's an idea. Before you start giving out personal information to that company, go look up the company and make sure that looks like they have a legitimate history of other than just their website. Look at other websites as well surrounding it and then call the company up and say is there a person working for you that is under the name of this recruiter and are you offering a job? And just validate all of that. So do your research and don't just look at one point of data for that.

Other things that you can do is a preemptive strike is lock your credit. In the US there are three credit bureaus and you can go onto a website, make sure you get the right one. Because there's a lot of scam websites that claim that they will lock your credit and all they're going to do is harvest your personally identifiable information, which is worse. Make sure you get to the legitimate websites and there you can for free lock your credit. So if anyone runs a credit history report on you, it will fail. You have to unlock it first.

That also makes it so that someone who's trying to open a credit card in your name is not going to succeed because the credit card company is going to want to run one of these reports. And if your credit is locked, it's not going to work. So that's a way to lock some things down as well. Another thing you should lock down and tighten up are your privacy settings on social media. So all of that information I talked about that someone might glean from your account, make sure they can't make sure that only people who are your friends on social media can see that kind of information.

Now, by default, a lot of the social media sites share everything because that's what works best for their business model. But for your business model, it's best that you don't share everything. You put only the minimum available to people who are not your friends. And then for friends, make sure you only friend people that you know in the real world and that you Trust. So don't accept every friend request that comes in from someone, no matter how attractive or interesting they might be, if you don't know them in the real world, don't accept it.

So that way you keep that information out of the hands of the bad guys. Some other things you could do to help use a password manager. If you're going to have to be using passwords, use one of these things. There are tools that you can buy. There are tools that are built into some of the operating systems these days that will assign complex passwords and allow you to have a different password for every website. Keep them all straight. That's a really good one for companies as well, to make sure that their employees are doing so. That way, if an employee does in fact fall victim to one of these scams and their password is compromised, it's not the same password that's getting them into the corporate website.

So making available a password manager to your employees is actually a smart investment. Other things you should do is every chance you get a chance, every time you get a chance, use multi factor authentication. If a website offers you that or a two step authentication, they go by different types of processes, but use those things. Multi factor authentication combines something you know with something you have, something you are, some combination of those things. And it's a lot harder if someone just steals your password. That's something you know, they still wouldn't be able to log into your account and then something. If you've watched my videos in the past, you know I'm a big fan of are FIDO passkeys.

And if you think that means you have to have a separate hardware token in order to do it, you're sort of right, but mostly wrong. With the new Fido 2 standard, you're able to in fact use your phone, your mobile phone. You don't have to carry around a separate security key, a separate security device in order to do these things. And these are even better because then I don't need a password manager to manage all my passwords because I don't have passwords. I could use a password manager just to manage my passkeys, which are much more secure. Watch my video on that if you're interested in learning more.

And then finally, especially if you're a corporation or an organization, do training of your employees. You do annual security training. At least I hope you do. This is something that should be included in that annual training. Make sure that your employees are aware of what these scams are like, because some of them may be looking for jobs and they could be very vulnerable and they could end up unknowingly making your corporate information available to bad guys as well.

So the bottom line is I feel like if this video helps only one person, that's one win for the good guys. And I'll take that any day.

TECHNOLOGY, EDUCATION, MOTIVATION, SCAM ALERT, CYBERSECURITY, INTERNET SAFETY, IBM TECHNOLOGY