Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    Temporary Social Security Number? No Such Thing

    businessman hand working on laptop computer with digital layer business strategy and social media diagram on wooden deskResearchers at Kaspersky have come across an interesting phishing site that’s posing as a data leak protection service set up by the US government. The site purports to be compensating victims of data breaches, offering cash “to residents of all countries around the world.” The website is well-designed and looks like an official government site, despite some grammatical irregularities and the mention of a non-existent “US Trading Commission.”

    Users are invited to enter their names and phone numbers to see if they’re entitled to receive compensation. The site warns that entering false information is illegal, but the researchers found that the output will be the same regardless of what it entered.

    “It turns out that the website accepts any information, even complete gobbledegook,” the researchers write. “For example, we inquired about the personal data of a citizen named fghfgh fghfgh. The site pondered for a while, seemingly connecting to a database of information about leaks…and lo and behold, found that our fictional character with an unpronounceable name had indeed had their data leaked. Moreover, it turned out that someone had already used their photos, videos, and contact information, and so fghfgh was entitled to compensation in excess of $2,500!”

    After this, the victim is asked to provide their payment card information and their Social Security number (SSN) in order to receive their money. Non-US citizens can check a box that says “I’am don’t have SSN” and they’ll be taken to a page where they can purchase a temporary SSN for just nine dollars. The scam ends after the victim has either provided their SSN and payment information, or after they’ve forked over the nine dollars.

    It’s worth noting that there are some legitimate sites that allow people to test if their data has been breached, notably Troy Hunt’s Have I Been Pwned. However, this incident demonstrates the importance of scrutinizing and researching a site before entering sensitive information. In this case, if such a site were actually set up by the US government, it could easily be verified by a quick Google search. New-school security awareness training can give your employees a sense of skepticism so they can avoid falling for these schemes.

    Kaspersky has the story: https://www.kaspersky.com/blog/data-leak-compensation-scam/32057/

     

    Return To KnowBe4 Security Blog

    Free Phishing Security Test

    Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

    PST ResultsHere's how it works:

    • Immediately start your test for up to 100 users (no need to talk to anyone)
    • Select from 20+ languages and customize the phishing test template based on your environment
    • Choose the landing page your users see after they click
    • Show users which red flags they missed, or a 404 page
    • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
    • See how your organization compares to others in your industry

    Go Phishing Now!

    PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

    https://www.knowbe4.com/phishing-security-test-offer

    Topics: Phishing, Security Awareness Training

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews