Last night a scammer attempted a Social Engineering SMS Gift Card Scam on a coworker. The worker forwarded me a message that claimed to the the CEO of the company and needed some assistance on his way back from a conference. The real CEO had been traveling so there was some concern that someone may fall for this scam.
I got the phone number and proceeded to respond as if I had received the message. However, I replied from a burner phone number
By this point, I knew the drill. This was a gift card scam. However, I wanted to make sure that the scammer knew that I heard about the conference. I also created a canarytoken to see if I could get the IP address for the scammer.
At this point, I didn’t receive an email from Canary Token and I was confused. I suspected the scammer was smart enough not to click links from random strangers. I was planning to create something a more tempting like an Excel doc that was named Top_Accounts.xlsx
At this point, I’m trying to make the pause seem like I’m running to the store. I don’t know what seems reasonable. I also added some confusion about the where they needed to go. I’m sure the scammer thought he really might have this.
Again I’m stalling while, I’m watching TV on the couch. I realized I need to send some photos of these things. While this was taking place I found the Canary Token emails in my spam folder. So I’m wrong, they will click links from random strangers. The first IP was related to Google and the second is was from Nigeria.
So I did a search about found some images of gift cards on Facebook.
Did I mention that there were two IP addresses flagged by CanaryToken and one was from Nigeria? I thought I’d see if I could get him to explain that problem.
At this point, I’m bored. I also don’t have a receipt handy and I didn’t want to search for one. I suspect the scammer knows he’s being played that I figure the gig is up. I come clean. I also tried to keep him talking about his scam, but he refused to engage.
