Advisory on Kidnapping Phone Scam and Latest Cybercrimes

Written by Publisher on . Posted in Crime Prevention Tips

Here are some of the latest electronics-based crimes perpetrated by criminal groups and the recommended things to do when they are encountered:

KIDNAPPING PHONE SCAM

This type of scam that attempt to dupe victims into paying a quick ransom are on the rise. The virtual aspect of the scam involves staging a scene either on the phone or via social media in an attempt to convince the victim that a loved one has been kidnapped.

The Scammer, claiming they kidnapped a family member or spouse, demands a ransom in exchange for the loved one's release and tell the victim to wire the money for the ransom payment. They claim that the kidnapped victim is in need of medical attention.

This fraud only work when people receive a phone call and have family member who is not at home.

The Scammer will use social media to profile their victims as to where they live, places they commonly visit, and their connected friends.

If you receive one of these calls, never confirm or acknowledge your loved one’s name and if you happen to answer the call, try to ask question that only the alleged kidnap victim knows. Consider trying to slow down the situation and request to speak with the alleged kidnap victim. Never agree to pay a ransom, but instead try to contact your loved ones as much as possible.

Recommendation:

The public are advised to follow these tips to avoid being a victim of Kidnapping Phone Scam, to wit:

  • Check privacy settings on social media accounts;
  • Remove personal information especially phone numbers from social-media profile pages;
  • Don't directly challenge or argue with the caller;
  • Listen carefully to the voice of the kidnapped victim if he/she speaks; and
  • Before handing over a money, call your family, and call the police.

CLICKBAIT

Clickbait is a text or thumbnail link that is designed to entice users to follow that link and read, view, or listen to the linked piece of online content whose main purpose is to attract attention and encourage visitors to click on a link to a particular web page.

Clickbait is used to direct the user to a page that may require payment, registration or a set of pages in order to increase the page views for the site. Clickbait works by making use of the curiosity-gap principle. The sensational headline of the clickbait helps in raising the curiosity of the readers, and thus gets them to click the link to the Web page.

Clickbait is essentially bait that websites place for visitors. They are commonly used as part of social media marketing. But the rising popularity and ubiquitous nature of clickbait has led to many to consider it a dishonest strategy.

Clickbait now serves as a link to malicious websites. These sites contain malicious code including ransomware, viruses and Trojans (allowing malicious users access to your system). Clickbait is simply a fun, exciting, enticing invitation to a slew of malicious content and people.

Clickbait may present itself in the form of a catchy quiz or survey. Generally, these will ask you for personal information, or for access to your social media account.

Clickbait method is employed by people interested in far more than their visitor count. You and your click can offer up access to your accounts, money, computer, and your entire network through phishing or malware installation.

Recommendation:

All PNP personnel as well as the public are advised to follow the tips in order to avoid the risk of Clickbait, to wit:

  • Avoid unsafe or suspicious website that ask to click on links, complete a survey or download extra plug-ins to access the content of what you are looking for;
  • Check the web address if it a trusted company and domain name, those with https:// are considered safe; and
  • Do not share information

ATM MALWARE

ATM malware is a malicious software designed to compromise Automated Teller Machines (ATMs) by exploiting vulnerabilities in the machine’s hardware or software. ATM malware is used to commit a crime known as “jackpotting” in which attackers install malware that forces ATMs to dispense large amounts of cash on command. ATM malware can also be used to steal financial information captured at ATM terminals, such as payment card numbers and PIN codes.

The installation of ATM malware typically requires physical access to an ATM via the machine’s USB port or CD-ROM drive. However, some advanced attacks involve compromising the bank’s internal network in order to install malware on ATM machines without physical access.

Unfortunately, ATM security is currently weak because banks tend to focus primarily on physical security rather than information security. In most cases, they have on premise security agents looking out for suspicious behavior or monitoring security camera footage.

The primary goal of ATM malware is to connect to and control peripheral devices inside the ATM in order to withdraw stored cash and/or collect information from bank customers.

One way to prevent ATM attacks is to monitor the ATM network directly. The objective of ATM Monitoring is to stop client data theft by preventing malicious individuals from infiltrating the system directly through ATMs or by using malware that infects the organization from inside to eventually reach ATMs.

Recommendation:

The public are advised to follow these tips to avoid being a victim of ATM Malware, to wit:

  • Keep the hardware and software of you device updated with the latest version and patches;
  • Limit network and physical access to an ATM’s ports;
  • Secure the head compartment of the ATM using appropriate locking mechanisms;
  • Implement access control for service technicians based on multi-factor authentication; and
  • Monitor access to ATM machines and report suspicious activity to your local police department as soon as possible.

Source: https://acg.pnp.gov.ph/main/