X. she opened to the distributor who had rung her business office bell while she was already in the middle of a client appointment. “From ACS you have a package. It is cash on delivery. 40 euros”. The lawyer, who often receives envelopes with documents, took out his wallet and without a second thought gave the requested fee and returned to the meeting. Opening the package, however, he found that it was full of black bras, which he had never ordered. Looking at the cover, he saw on the sender the name of a Bulgarian company, listed as having its headquarters in Sofia.
At first,the woman thought the dealer was a scammer. However, in the communication that “K” had with ACS, it was found that there was an order for X.It was carried out normally and the package was delivered by an official courier company distributor.
“Orphaned” packages.
With the help of Michalis Migos, Cybersecurity and Cryptocurrency consultant and head of IT at the companies Cyberx and Tictac, “K” identified two other similar complaints from consumers who claimed to have received a package from this Bulgarian company, without my knowledge or ordered. something from her. The first complaint involved a man who was asked to pay 79 euros in compensation, while the second woman who was delivered got the package directly for free.
Attackers take advantage of the fact that most users use the same password for all their accounts and online stores. This is how they manage to hack an account and steal their personal data.
The motivation in these scams is usually financial, ie the price is cash on delivery, and orders are placed by individuals or companies who steal user information. According to Mr.Migo, attackers take advantage of the fact that most users use the same password on all their accounts and online stores. This is how they manage to hack an account and steal their personal information. Then they create a new fake account, with the same name, same address, but a different email.
They place the order, however, the user is not notified because another email has been submitted.
Another scenario is that they find an address and name through existing online listings and then send the package. Mr. Migos described how attackers carefully study behavioral systems and take advantage of people’s innate curiosity to find or open a package that arrives at the door. With the cash delivery measure, they ensure that even if their bank accounts are closed, they will somehow get the money.
Brushing
This fraud can also be an initial form of sweeping, said Mr. Migos, clarifying, however, that sweeps are not accompanied by cash withdrawals. It is a type of fraud that serves the need of online businesses to collect reviews of their online stores. To achieve this, they took advantage of the solution of fake reviews, ie themselves or companies taking it upon themselves to write positive reviews of products they did not know about.
Though,wanting to protect online shopping platforms from this phenomenon,they made it a condition in the review that there be proof that the user received the item. That’s how sweeping began.Companies promise to buy or find personal databases, create fake accounts with self-managed emails, place orders and when the goods are delivered, fill out reviews.
As Michalis Migos pointed out, there is still a gap in informing citizens about electronic fraud. “When we receive an unfamiliar package, we stop and think about the purchases we have made in the last two or three weeks. If we are not sure, we can ask to take a picture of the package and see the sender.”
ACS: how to receive parcels safely
When contacted by ACS, the company advised customers to declare a mobile phone when placing their order so that ACS can send them a unique PIN to receive the shipment and pay the cash on delivery .msgstr “Note that ACS can only send a PIN to a mobile phone.”
“The customer who has received a PIN, in order to receive his shipment, must ask the distributor to enter the PIN in his location on his PDA, the special equipment carried by all genuine distributors of the company, and monitoring make the result. of typing (as anyone can pretend to enter a PIN on a device). A distributor who does not have the PDA or refuses to enter the PIN in the presence of the customer should be suspected of fraud and the customer should not accept to pay the refund. Alternatively, to avoid possible fraud, the customer can only collect cash on delivery parcels from ACS stores,” the company noted.
Thousands of cheaters with the wrong products
After an investigation with the assistance of Mr. Migou it turns out that the same Bulgarian company (with the same address, phone number and VAT number but with different names) was also responsible for manny other complaints from users who complained that they ordered an item and received something different , of lesser value. .
the user wrote: “On 12/18/2023 I ordered a leather jacket advertised as a thick warm fur jacket and what I received on 01/08/2024 was something like a sweatshirt 76 euros! On 12/01/2024 I send an email and received an automated response in Chinese!’ Another user noted that while ordering an electrical item,he received a key. “K” contacted one of the Bulgarian company’s scammers, said she saw an advertising link on Facebook, followed it, bought a vacuum cleaner through it and finally got another one.
This is not the first time a company has been involved in more than one e-football scheme. “Complaints about this particular company have been coming up as the end of 2022 until August of this year. This is also the period of time such companies are usually active before closing down”, said Mr. Migos, adding that abusers often make small amounts of damages that discourage victims from taking legal action.
garia #paid #package #ordered
What are the signs that indicate you might be a victim of the brushing scam?
title: Understanding the New Scam: A Dive into Brushing with Cybersecurity Expert Michalis Migos
time.news Editor: Welcome, Michalis! It’s great to have you with us today. We’ve been hearing a lot about unusual scams lately, particularly one involving unexpected packages delivered to people’s doors. Can you shed some light on what’s happening?
Michalis Migos: Thank you for having me! Yes, the phenomenon you’re referring to is known as “brushing.” It’s a tactic used by scammers to create fake order histories to boost their ratings on e-commerce platforms.
Editor: Could you walk us through how this scam works? the incident we reported involved a lawyer named X who unexpectedly received a package of black bras. How does that fit in?
Migos: Absolutely! In this case,the scammer likely used facts stolen from various sources—like breached accounts or publicly available data—to create a false order under X’s name. They then send the package, which the victim did not order, usually requiring cash on delivery. The scammer benefits by having a delivery linked to a legitimate name, which enhances their seller ratings.
Editor: Fascinating! And it’s alarming to think that this might be happening to others as well. Actually, you assisted in identifying similar complaints. Can you share more about that?
Migos: Certainly! After X’s experience became known, we discovered at least two other victims who received unsolicited packages from the same Bulgarian company. One had to pay €79, while another received it at no cost. This shows the varying methods scammers use—they adapt their strategies based on what they think will work best for their targets.
Editor: So, the financial motivation primarily drives thes scams. But what are some strategies that these attackers use to gather personal information?
Migos: They exploit the fact that many users tend to reuse passwords across different sites.Once they breach one account, they often have access to other accounts and personal data. They might create a fake account with your name, use your address, and place an order without your knowledge, which goes undetected since they use a different email.
Editor: How can individuals protect themselves against such scams?
Migos: One of the most effective ways is to use unique passwords for each account and enable two-factor authentication wherever possible. also, people should regularly monitor their accounts and be cautious with the information they share online.Awareness is key—if an item arrives that you didn’t order, it’s critically important to investigate rather than dismissing it.
Editor: that makes complete sense! The curiosity factor you mentioned—people are frequently enough compelled to open packages that arrive at their door, aren’t they?
Migos: Exactly! Scammers understand human behavior very well. they use that curiosity to their advantage. Also, the cash-on-delivery aspect is clever; it ensures they get paid even if they cut off interaction after sending the package.
Editor: This is eye-opening information,Michalis. What should someone do if they receive a suspicious package like X did?
Migos: First,don’t open the package. Instead, contact the courier company to verify the shipment details and report it to local authorities. They may need to gather evidence of the scam. It’s also wise to alert your bank and any relevant online platforms so they can assist in securing your account.
Editor: thank you for your valuable insights, Michalis! Scams like these highlight the importance of cybersecurity in our daily lives. It’s essential to stay vigilant in an increasingly digital world.
Migos: Thank you for having me! remember, awareness and precaution can go a long way in protecting yourself from these types of scams.
Editor: We appreciate your time and expertise! Stay safe out there, everyone!