The Cyber Sushi

(serving up the cold facts, with some phish bytes)

Welcome back! Here's what we are covering in this issue…

Why We Believe

In the world of social engineering, where scammers skillfully manipulate beliefs, individuals frequently find themselves initially unsure about falling victim to a scam. In 2023, IDCARE assisted over 300 clients who weren't sure if they were part of a scam when they first sought help. This complex situation showcases the effectiveness of social engineering tactics, weaving an intricate web that confuses individuals and highlights the challenges posed by scams, particularly in the realms of investments and relationships.

The common ways relationship scams and investment fraud unfold, driven by the tactics of social engineering, shed light on the deceptive landscape:

Reluctance to End Connections: Social engineering exploits individuals' emotional connections, fostering a reluctance to sever ties even when warning signs arise.

Trusting Conversations with Deceivers: Through calculated manipulations, scammers employ social engineering to build trust during phone conversations, leading victims to unknowingly share personal details.

Patterns in Prolonged Scams: Social engineering techniques capitalise on human psychology, leading victims to display higher impulsivity or addictive tendencies as scams progress.

Common Appeals to Compassion in Relationship Scams: Leveraging empathy, social engineering plays a pivotal role in crafting scenarios that appeal to victims' compassion, such as donating to children in need, covering hospital fees, contributing to a funeral, providing financial support during unemployment, or assisting a recent widow or widower with children.

Clever Profiles: Social engineering involves the creation of convincing profiles on various platforms, maintaining a facade of legitimacy.

Character Creation: Utilising stolen identities and images, social engineering meticulously constructs characters tailored to exploit individual vulnerabilities.

Emotional Grooming: Social engineering exploits emotional vulnerabilities, building attachment and trust through personalised interactions.

He begged for me to send him money and told me he would pay me back double what I lent him. He played on my emotions, and I wanted to help.

Psychological Exploitation: Through the lens of social engineering, scammers leverage everyday heuristics, urgency cues, and positive emotions to ensure victim compliance.

Sunk Cost Fallacy: Social engineering influences victims to persist in the belief of the scam’s legitimacy, despite warnings from others.

I persisted in paying, hoping to recover my money.

Pause, think, and talk. In the face of social engineering tactics, take a moment to question, discuss, and reflect. Vigilance and open communication are your allies in staying one step ahead of potential threats.

Behind the Mask - a guide to new and trending scams

Marketplace Mirage: Facebook Marketplace has become a hotbed for scams, where fraudsters create fake or compromised accounts and inundate the platform with numerous listings at unrealistically low prices. A recent case involved 56 identical listings for a 2010 Toyota Hilux at an implausibly low $5000, all originating from the same fraudulent account across Australia. When potential buyers expressed interest, the 'seller' redirected attention to another platform, advocated for a third-party escrow service, provided a random inspection address, and sought sensitive information. This elaborate scheme even victimizes unsuspecting owners of provided addresses.
Our Tips: To avoid falling victim to scams on Facebook Marketplace, watch for warning signs such as sellers offering off-platform communication, providing excuses to avoid inspections, requesting deposits or sensitive information, and offering products at unrealistically low prices. Buyers should be cautious of rushing purchases without inspection, insisting on immediate payment without seeing the item, or limiting payment to unconventional methods like PayID. Scammers often exploit the lesser-known PayID method, intentionally confusing users and using tactics like overpayment and subsequent requests for repayment to manipulate situations in their favour.

Sponsored Deceit: The Google Ad Scam manipulates search results by strategically placing links labelled 'sponsored' or 'ad,' often at the top for increased visibility. This tactic is employed by both legitimate businesses and scammers, taking advantage of users' likelihood to click on the first results. Clicking on these links, assuming trustworthiness, may lead to fake websites—a ploy known as ad cloaking, where scammers trick users into providing personal information or clicking on harmful links.
Our Tips: To minimise the risk of encountering fraudulent links, exercise caution by scrolling past sponsored ads. Before sharing money or personal details, thoroughly vet the ad's organisation or individual, seeking unbiased insights from external reviews. Be wary of enticing offers, conduct extensive research before committing to investments, and verify information directly through the relevant app instead of clicking on warnings. Opt for authenticated channels when communicating with an organisation and enhance device security by enabling 'automatic updates' for both the operating system and apps.

Extortion Tactics: Exploiting individuals' fears of harm or embarrassing exposure, extortion scams involve threats to extort money. Scammers employ tactics to make these threats appear genuine, coercing victims into compliance. Despite often lacking substance, victims may grapple with escalating ransom demands when faced with the prospect of compromising information exposure. Scammers leverage various techniques, including deepfake methods, impersonation, and utilising personal information obtained from data breaches.
Our Tips: Social engineering is critical in extortion scams, crafting convincing narratives by exploiting emotional triggers and creating an illusion of truth. Scammers impersonate authority figures, exploit personal information, and use fear tactics to manipulate victims. Recognising signs like generic messages, high-pressure tactics, and suspicious profiles is crucial to avoid falling victim.

The hAPPy score

Prezzee unwrapped
Prezzee, the Australian-based eGift Card app, promises a convenient solution for gifting with its seamless processes for purchasing, sending, storing, and redeeming gift cards. Boasting an extensive list of integrated retailers, Prezzee positions itself as a comprehensive platform for hassle-free gift-giving.

The legal spiel
We counted 6221 words (around 50 minutes of reading)

Our deep dive into Prezzee's terms and conditions, spanning a substantial 6221 words or roughly 50 minutes of reading, surprisingly left a positive impression. Despite the considerable length, the language was refreshingly clear and user-friendly, turning what could have been a tedious exploration into a straightforward experience.

Pervability
How much they're looking at you (one start being they're looking a lot)

Delving into your personal realm, Prezzee's Online Platform operates under a comprehensive Privacy Policy covering services, websites, and social media. While emphasising adherence to privacy regulations, concerns arise due to potential flexibility in disclosure clauses and the opacity surrounding third-party involvement. The geo-location feature and data requisites for the Prezzee Buzz service add layers to user data exposure, urging users to stay vigilant about their digital footprint.

The Scamometer
How easy is your account to hack? (one is super easy, five is Fort Knox)

Though not directly targeted, Prezzee stands out in recent Amazon scams, possibly due to its user-friendly features. With a daily transaction allowance of up to $5001, scammers might find it an attractive avenue for swift and sizable hits. While Prezzee maintains a robust Privacy Policy and emphasises data security, users should stay vigilant, as the potential for fraudulent activities associated with the app elsewhere cannot be dismissed.

The two-left thumbs rating
Can grandma work out how to do it?

Can Grandma navigate the Prezzee app with ease, or will it leave her feeling lost in the digital maze? Our verdict lands a solid four stars, assuring Grandma that she can effortlessly master the ins and outs of Prezzee. The user-friendly design and intuitive features make it a breeze for even the tech-challenged to navigate, ensuring Grandma can confidently handle her gift-giving with grace.

Because everyone needs a... quick history lesson
In 2014, co-founders Matt and Claire embarked on the Prezzee journey after Matt forgot his gift card during a shopping trip in Bondi, Sydney, inspiring the vision for a solution to forgotten gift cards. In 2016, Prezzee streamlined bulk corporate gifting. By 2019, 100 retailers, including Amazon, joined the platform. In 2020, Prezzee expanded globally into the UK and USA while introducing the innovative Smart eGift Card. By 2021, they had sold over a million eGift cards.

The final verdict (dunna na... dunna na na na..)
3.5 of 5

As we reach the final countdown, Prezzee emerges as a user-friendly platform with notable strengths and considerations. While its legal clarity and convenient features make it an attractive option, users must navigate the potential pitfalls of data exposure and stay vigilant against emerging scam trends. The overall verdict places Prezzee as a reliable but cautious choice in the digital gift-giving landscape, emphasising the need for informed and precautious usage.