Phishing is not done at sea

By Theon Alleyne, CRCP, CCEP , USA Senior Managing Consultant, IBM


Phishing is not done at sea. It is a land based activity where fraudsters try to get you to take the bait.

๐™๐™ง๐™š๐™š ๐™ˆ๐™ค๐™ฃ๐™š๐™ฎ Scam

๐•†๐•Ÿ ๐•ž๐•ฆ๐•๐•ฅ๐•š๐•ก๐•๐•– ๐•๐•–๐•ง๐•–๐•๐•ค, ๐•ฅ๐•™๐•–๐•ฃ๐•– ๐•š๐•ค ๐•Ÿ๐• ๐•ฅ๐•™๐•š๐•Ÿ๐•˜ ๐•—๐•ฃ๐•–๐•– ๐•š๐•Ÿ ๐•๐•š๐•—๐•–. ๐•€๐•— ๐•ช๐• ๐•ฆ ๐••๐•š๐••๐•Ÿโ€™๐•ฅ ๐•ก๐•’๐•ช ๐•—๐• ๐•ฃ ๐•š๐•ฅ, ๐•ฅ๐•™๐•–๐•Ÿ ๐•ค๐• ๐•ž๐•–๐• ๐•Ÿ๐•– ๐•–๐•๐•ค๐•– ๐••๐•š๐••. ๐•Š๐•’๐•๐•ง๐•’๐•ฅ๐•š๐• ๐•Ÿ ๐•š๐•ค ๐•Ÿ๐• ๐•ฅ ๐•—๐•ฃ๐•–๐•–. ~ Theon Alleyne

Your email address is out there. Some of us shared it publicly, for others, it was part of a massive data dump by fraudsters.

Remember that email you or a relative received saying โ€œBecause you are a member of this small business groupโ€, or โ€œYour application for the grant has been approvedโ€. You donโ€™t recall applying for it, but it is sure exciting to get free money.

But, what about the next few lines in the message?

It often goes something like this โ€œ๐˜›๐˜ฐ ๐˜จ๐˜ฆ๐˜ต ๐˜บ๐˜ฐ๐˜ถ๐˜ณ ๐˜จ๐˜ณ๐˜ข๐˜ฏ๐˜ต, ๐˜ด๐˜ช๐˜ฎ๐˜ฑ๐˜ญ๐˜บ ๐˜จ๐˜ช๐˜ท๐˜ฆ ๐˜ถ๐˜ด ๐˜บ๐˜ฐ๐˜ถ๐˜ณ ๐˜ค๐˜ฉ๐˜ฆ๐˜ค๐˜ฌ๐˜ช๐˜ฏ๐˜จ ๐˜ข๐˜ค๐˜ค๐˜ฐ๐˜ถ๐˜ฏ๐˜ต ๐˜ฏ๐˜ถ๐˜ฎ๐˜ฃ๐˜ฆ๐˜ณ, ๐˜ข๐˜ฏ๐˜ฅ ๐˜ธ๐˜ฆ ๐˜ธ๐˜ช๐˜ญ๐˜ญ ๐˜ฅ๐˜ช๐˜ณ๐˜ฆ๐˜ค๐˜ต-๐˜ฅ๐˜ฆ๐˜ฑ๐˜ฐ๐˜ด๐˜ช๐˜ต ๐˜ต๐˜ฉ๐˜ฆ ๐˜จ๐˜ณ๐˜ข๐˜ฏ๐˜ต ๐˜ช๐˜ฏ๐˜ต๐˜ฐ ๐˜บ๐˜ฐ๐˜ถ๐˜ณ ๐˜ฃ๐˜ข๐˜ฏ๐˜ฌ ๐˜ข๐˜ค๐˜ค๐˜ฐ๐˜ถ๐˜ฏ๐˜ต!โ€ ๐Ÿ”ฅ๐Ÿ”ฅ๐Ÿ”ฅ๐Ÿ”ฅ๐Ÿ”ฅ

That is what the scammers are after. Your banking details. When you give it, you pay the price. Nothing is free.

Always safeguard your banking details and resist free money.

Amazon and Package deliveries fraud

โ€œIf you didnโ€™t order it, and you werenโ€™t expecting it, chances are, it is part of a scam.โ€ ~ Theon Alleyne

There are two types of delivery phishing scams to discuss. Letโ€™s get into the first called the โ€œAmazon brushing scamโ€.


Amazon brushing scam

Some people have been very lucky recently, and they are finding items they didnโ€™t order online, arrive at their home.

If you say, โ€œWow, I always wanted this power drill and these titanium screwsโ€, then you may be applying the tools to yourself.

The bad actors are creating Fake Accounts in your name, and buying products, so that they can create โ€œverified purchaserโ€ comments on Amazon for sellers. The sellers often have no idea that the positive review about their product is part of a scam.

Their next goal of the fraudsters may be actual purchases using your bank or credit card which you did not authorize.

You can stop this fraud by notifying the online store of discrepancy of receiving items you didnโ€™t order. Then monitor your financial statements for activity you did not authorize.

Being proactive stops fraud.

Delivery phishing Scam

The one step delivery phishing scam, is the authentic looking package delivery text or email that simply asks for your personal data very nicely.

The message is usually bad news that you can remedy by sharing your information, and there is always a sense of urgency for you to act.

It may be that the packages will be delayed, or canโ€™t be delivered until you take action. For example, verify your identity by providing your debit / credit card information or other personal data.

If you provide the information, the bad actors win.

You can avoid delivery phishing scams by calling the delivery vendor directly or visiting the delivery vendorโ€™s website to inquire about the package.

What ever you do, donโ€™t click on the links in the text or email, or call the phone number in it. Doing so will deliver you to the sharks.

Computer Technical Support Scamย 

Now we will examine a scam that often targets the vulnerable among us, senior citizens.

Have you received a pop-up message on your mobile phone, or computer that your device is infected?

Often you are encouraged to click the link or call the telephone number listed to get rid of the virus.

Donโ€™t call and donโ€™t click the link.

Instead, pause and ask the opinion of someone you trust. There is a high likelihood they will tell you it is a scam.

Calling or clicking can lead to a ransomware attack and a lost of data, funds, or both.

If you have been attacked, report it to the authorities. You may be able to protect someone else.


Remember, you donโ€™t give a stranger your car keys, so why give them your password or access to your device?

Latest posts by Theon Alleyne (see all)