I assume there is no way to stop domain spoofing scams?

Does anyone have any suggestions on a pool of documentation to email companies for all these types of issues? I feel like I do a lot of work just creating docs for stuff like this and really don't charge for my time.
 
dee001 said:
Does anyone have any suggestions on a pool of documentation to email companies for all these types of issues? I feel like I do a lot of work just creating docs for stuff like this and really don't charge for my time.
Click to expand...

You can probably just pull something up on Google. Reality is ... no one on the end user side will read it or give a damn.
 
It's not that hard. The main thing to tell clients is that they need to make it a policy to call people before changing anything financially related. IOW they need to fire people who don't get on the phone and call the vendor, employee, client, etc, who emails new banking instructions to them.
 
thecomputerguy said:
You can probably just pull something up on Google.
Click to expand...

I'm glad someone else said what I was thinking.

This information has been available for years and years now. And which person's or entity's take on it is "better" boils down to personal preference. The core advice has been the same "forever."

I was trained on this sort of stuff (or very similar, nefarious actors always put new spins on old themes) back in the 1990s. Incidents have been all over the news again and again and again. If you are someone who's interested in taking precautionary measures, you long ago knew what those were and followed them. If you aren't, well, then, "You can't fix stupid/willfully ignorant," applies.

If you don't know this by now it is NOT due to lack of exposure. You have to have been living under a willful ignorance rock.
 
dee001 said:
Does anyone have any suggestions on a pool of documentation to email companies for all these types of issues? I feel like I do a lot of work just creating docs for stuff like this and really don't charge for my time.
Click to expand...
See the Knowbe4 link that Stonecat posted above. They provide that kind of training. If your clients need it they need to be trained and pay them to do it.
 
nlinecomputers said:
IOW they need to fire people who don't get on the phone and call the vendor, employee, client, etc, who emails new banking instructions to them.
Click to expand...

I'm not arguing your point in any way, in fact, I'm attempting to amplify it. But if this is not an example of "business common sense" by now, I don't know when it will ever be.

There's just no excuse anymore, and if I had my way it would not only be a firing offense, but legally actionable against the employee who handed over cash without due diligence.
 
britechguy said:
I'm not arguing your point in any way, in fact, I'm attempting to amplify it. But if this is not an example of "business common sense" by now, I don't know when it will ever be.

There's just no excuse anymore, and if I had my way it would not only be a firing offense, but legally actionable against the employee who handed over cash without due diligence.
Click to expand...
Except it really ISN'T that common. WE hear about it because we are in the industry. The average Joe and Jane employee knows there are hackers and scams but don't really know the details. They don't have experience with it and people tend to trust emails too much to question them. The training mentioned above exists for a reason.
 
nlinecomputers said:
The training mentioned above exists for a reason.
Click to expand...

And that training has been done, and done, and done, and done unless someone is a genuine newbie.

The problem lies in two things, one said by @thecomputerguy , " no one on the end user side will read it or give a damn," (or pay attention during live training, either), and one you brought up, lack of policy that must be followed.

I stand, adamantly, by my statement that this is the result of a combination of complete carelessness and willful ignorance, not lack of exposure to what needs to be done.

THIS IS NOT NEWS. IT CANNOT BE TREATED AS NEWS. DOING SO HAS HAD NO EFFECT FOR DECADES.

Your suggestion about policy, and enforcing it with swift and severe consequence, is about the only thing that can be done. And, sadly, even if it works within an organization it's one time too many after the fact. There is just NO excuse for these kinds of "accidents" today. Period. End of sentence. (And to be clear, I'm talking about business settings with professional and long-term support staff. None of them should be unaware.)

I've decided that, as a class, residential users are a lost cause. There are some, and I have a number of clients, who do listen and adjust, but there are others who simply persist in whistling past the proverbial graveyard as though that should protect them. Blissful willful ignorance, and willful ignorance has no cure except, possibly, getting burned once. Even that doesn't work in many cases.
 
nlinecomputers said:
Except it really ISN'T that common. WE hear about it because we are in the industry. The average Joe and Jane employee knows there are hackers and scams but don't really know the details. They don't have experience with it and people tend to trust emails too much to question them. The training mentioned above exists for a reason.
Click to expand...

Then those users are in the lost cause category... every adult that earns money for a living has either seen, been victimized, or personally knows someone who has been a victim themselves at this point.
 
britechguy said:
I stand, adamantly, by my statement that this is the result of a combination of complete carelessness and willful ignorance, not lack of exposure to what needs to be done.

THIS IS NOT NEWS. IT CANNOT BE TREATED AS NEWS. DOING SO HAS HAD NO EFFECT FOR DECADES.
Click to expand...
Yep. You'd be amazed at the people I know who've been scammed. As in their level of education and professional success. Smart successful people can and do get scammed just like poor dumb ones.

For every successful scam, as in customer failed, there's 100's, maybe even 1000's, that they've successfully ignored, etc. The scammers know this. That's why they're experts at FOMO and other techniques. And that includes capturing the victims undivided attention as they're being showered with FUD.
 
Markverhyden said:
You'd be amazed at the people I know who've been scammed. As in their level of education and professional success. Smart successful people can and do get scammed just like poor dumb ones.
Click to expand...

I probably wouldn't, unless the count is particularly high.

One of the worst messes I ever had to clean up after was a ransomware attack of the "remote support" type that a relative of my partner's fell for. And this was not someone who was uneducated or stupid. And what made it even more sad is that it was one of those, "The light dawned the moment I'd hit the 'allow' button, but I didn't pull the plug from the wall fast enough," situations. No one was more furious about the result than the person scammed, because they recognized it a scintilla too late and knew they should have recognized it a mile off and never allowed the situation to occur in the first place.

And even the completely uninitiated and easily confused can be trained to stop and discontinue the moment they "feel something's off." One of my proudest personal achievements is having gotten one of my senior clients (probably around 85 years old) to have done this, independently, on at least 2 occasions now (maybe 3). I've gotten calls afterward, mostly for reassurance, but it's wonderful to be able to tell someone that they've done precisely the right thing, and to remember how easy it was to tell that "something's not right" with just a little bit of observation and listening to that feeling that tells you "something's off" that goes with it.
 
@Markverhyden Part of this is recognizing that while there is a gradient of intelligence among humans, and therefore each and every one of us is certainly somewhere on the spectrum between moron and genius. The rub is... everyone is a moron at least once a day. Tired, distracted, impatient... the reasons are many but eventually we just miss things.

I've got a friend of mine that's currently assisting the FBI to lock up his own mother. She's not competent, and has been taken on such a ride by the criminals that she's now a criminal herself.

This junk goes deep... real deep.

Buyer beware works, but yet doesn't all at the same time.
 
Sky-Knight said:
She's not competent,
Click to expand...

And if that's the case, and has been the case, that friend should have pursued guardianship.

This is a path I've already trod, and luckily under the terms of my own mother's power of attorney, written when she was fully in posession of all her faculties, I became what was essentially her guardian in every way but formally when she was found to be incompetent to make any complex decisions.

And I'll be the first to say that doing all this is a grand PITA and not without emotional costs. But it's got to be done in a timely manner. Once the horse is really out of the barn and the damage is done, it's a "too little, too late" situation.
 
@britechguy Yeah friend doesn't have that power of attorney... and mom thinks she's competent. So the courts are going to force the declaration in all the wrong ways or lock her up for the rest of her life at this point.
 
You must log in or register to reply here.

Similar threads

Velvis
Best way to facilitate roaming users for M365
Replies
3
Views
200
YeOldeStonecat
YeOldeStonecat
thecomputerguy
Family friends son died unexpectedly and is out of options right?
Replies
15
Views
342
fincoder
fincoder
thecomputerguy
Client upset because mail is now going to spam after upgrading to Business Premium.
Replies
6
Views
326
britechguy
britechguy
Appletax
[SOLVED] Client wants someone to hack Facebook to get him back into his account
Replies
6
Views
436
frase
frase
thecomputerguy
$300k wired and lost.
Replies
5
Views
251
Sky-Knight
Sky-Knight
Back
Top