A US non-profit has urged business owners and influencers not to fall for a new scam in which threat actors try to gain remote access to their PC and hijack their online accounts.
The Better Business Bureau (BBB) warned that the “podcast imposter” scam usually begins with an email from the management team of a fictional celebrity podcast series.
“The ‘manager’ tells you that your story, experiences, and insights would be perfect for their audience. For your participation, you are offered compensation of $2000. Sounds great, right?” the BBB explained.
“If you respond to the email and agree to be a guest on the podcast, the ‘manager’ will ask you to hop onto a call to check your technology (your web camera and audio) before the podcast, which will be held on Facebook or another social media site. This is where things take a turn.”
In fact, the whole set up is an excuse to gain remote access to the victim’s machine and seize the logins for their social media accounts, the BBB warned. Other accounts with the same password could also be at risk.
KnowBe4 security awareness advocate, Martin Kraemer, explained that this modus operandiis a variation on the classic tech support scam, where victims are tricked into downloading remote access software to give the fraudster unfettered access to their machine.
Read more on tech support scams: Indian Police Raid Tech Support Scam Call Center
“The main problem with this scam is that the perpetrators are no longer targeting influencers alone, but also and especially specialists and executives in companies,” he added.
“Their employee accounts are an ideal starting point for penetrating deep into the companies’systems unnoticed by their IT security.”
BBB’s Advice for Businesses
The BBB urged business users exposed to such tactics to always:
- Be skeptical of emails with strange formatting, such as their full name in bold, and of overly generic language not specific to their role or organization
- Check the sender email address, noting that legitimate podcast businesses should not be using Gmail. And to check the sender address via a web search
- Be cautious about any unsolicited offers of money
- Refuse if a stranger asks to take control of their computer
- Keep personal information such as logins under lock and key
“Caution must be learned. Many cybercriminals have perfected their social engineering skills over the years,” concluded Kraemer.
“To counteract this effectively, corporate cybersecurity managers must offer training and education to the entire workforce to raise cybersecurity awareness, keeping pace with the latest developments in social engineering and phishing.”