Tag Archives: scam

You Owe us A Zillion Dollars!

Yet another in the seemingly endless series of phone or email scams has surfaced – That of the “Phantom Debt Collector.” Just like the other scams that ask you to pay a fine or you’ll be arrested for child porn or some such, these play on sometimes legitimate fears that you may have an unpaid debt somewhere in your past, particularly if you’ve ever applied (even if you didn’t actually get it) a payday loan or similar product.

They often reference some small debt of a few hundred dollars, and sometimes threaten legal action if the debt is not immediately paid. The threats may look something like this; Note the bad grammar.

If you fail to respond us the Charges will be pressed against the name are:

1. Violation of federal banking regulation act 1983 (C)

2. Collateral check fraud

3. Theft by deception (ACC ACT 21A)

NOTE: THIS CASE IS UNDER INVESTIGATION UNDER MAJOR CREDIT BUREAUS.

Again, like all suspect emails – and phone calls – Ask for details; in other words, demand proof that you owe the money. Ask for an address and phone number. Try calling the company back. Check your credit report at annualcreditreport.com – Any legitimate outstanding debts should show up.

If you know you don’t owe anyone anything, just mark the email “Junk” and don’t click any links or respond. If you have any doubts, don’t click the links either – call the company and ask for documentation.

Why do people do this? Because it works! It’s not too hard to scare people into paying up when the fear of legal action is dangled over their heads.

When I asked alleged phantom debt collector for comment, I was told I owe $935.76.

Phantom debt collector comes after me, again (here’s what those emails look like)

Visit my Store for cool gifts and gadgets

For even more empowering technology info, read my new book, “Deciphering the 21st Century,” Available now!

Click here to read all about it.

Follow me on Twitter:

I’d love to hear your comments!

Pay Up Or Else!

J003-Content-RansomwarePerhaps you’ve heard of “Your money or your life?”

Well, now it’s “Your money or your data!” It’s a new form of online extortion known as Ransomware. When it is installed, it immediately begins to encrypt all personal files; Pictures, documents, videos, and music are all at risk. The encryption is essentially unbreakable, and you get a message on your screen something like these:

Ransom3-November2015 Symantec-ransomware-image cryptolocker-100222101-orig

kovtor-ransomware-100222098-orig 3

This is very bad news.

Despite the fact that some of the examples above are displaying various law enforcement images, they are all the work of criminals that want to extort money from you, hence the name, ransomware. Instead of kidnapping you, they kidnap your data. Even some Police departments and hospitals have been forced to pay up (typically $200-$500, sometimes more) to get their valuable data back. It’s often impossible to retrieve the data any other way, and, of course, sometimes the criminals may not even hold up their end of the “bargain” after being paid. It’s much, much better (Not to mention cheaper), to not get into this situation in the first place.

Yes, your antivirus or anti-spyware program might find and delete the offending program… But by that time, the damage has been done, and deleting the program will not un-encrypt your files!

Your very first line of defense is to be very, very suspicious of anything that wants to install itself unexpectedly. This includes files that purport to be media players, games and  security software. These often use social engineering to con you into installing them; for instance, “See naked pictures of (fill in name of celebrity here), or any other link that can be classified as Clickbait (defined as a link so provocative, scary, prurient, or otherwise so interesting in a juvenile sort of way you almost can’t help clicking it!), When you click on such a link, you might get a message saying, “You need to install (media player or other program) to view this content,” or sometimes “Virus detected! Install (Name of software that looks vaguely security-related).”

All of the above applies to email attachments and links as well.

Never, Never, Never install anything from a pop-up or similar message.

Second, there are browser add-ons that can help warn you about malicious sites. My favorite is Web of Trust, which can be installed on Internet Explorer, Firefox, Opera, and Chrome (but currently not the new Edge browser that comes with Windows 10).

Third, there is User Account Control (UAC), on all current versions of Windows. This is that annoying box that

User Account Control message.

User Account Control message.

spoils your fun when all you want to do is play that latest game or video. It is there for a reason. It’s to inform you that whatever you’re trying to do will make changes to the computer. This is your last chance to change your mind about installing things that might contain malware.

Fourth, there are a few companies building software to “immunize” your machine against ransomware. Malwarebytes, one of my favorite programs, has an anti-ransomware program in beta right now: https://forums.malwarebytes.org/topic/177751-introducing-malwarebytes-anti-ransomware-beta/

and BitDefender has one also: https://labs.bitdefender.com/2016/03/combination-crypto-ransomware-vaccine-released/

These programs do not absolve you from due diligence. Just as air bags in your car should not be construed as a license to drive recklessly, do not think you can do anything you want if you have one of these installed.

Finally, a good, frequent, tested, backup plan can help in this and many other disasters. Choose a backup plan that has versioning, so that even if your system backs up the encrypted files, it should also have the last “clean” version available. Read my post on backups here.

More info:

https://en.wikipedia.org/wiki/Ransomware

https://www.microsoft.com/en-us/security/portal/mmpc/shared/ransomware.aspx

 

Visit my store for cool gifts and gadgets

For even more empowering technology info, read my new book, “Deciphering the 21st Century,” Available now!

Click here to read all about it.

Follow me on Twitter:

I’d love to hear your comments!

Gone Phishing!

So, you’ve just gotten an email from eFax saying there is an important fax waiting for you? Not so fast, bub. Something from your bank saying you’re overdrawn and your account is frozen? Hold the phone! The IRS says you owe back taxes?? WHOA!! Don’t touch that mouse!

All of the above are collectively known as “Phishing,” i.e. the sending of fraudulent emails intended to trick you into giving your personal information to some lowlife, who will proceed to make your life miserable.

This is usually done by including a link in the email that will take you to an allegedly legit site, but it’s a fake site that just looks legit. Sometimes, it’s a poisoned attachment instead, but (hopefully!) most of us know by now not to open unsolicited attachments.

Phishing comes in a number of different forms.

  • One common approach, although not the most effective, is the “Dear Bank Customer” ( or Amazon, or Paypal, or any other site) that tells you there is a problem with your account and asks for your passwords or other personal information.
  • Spear Phishing targets a particular individual or company. An attacker can gather enough information about the person or company to increase the success rate. This form of attack is more likely to catch someone than the “Dear Customer” type.
  • Clone Phishing takes a legitimate email and “clones” it, changing only the link to that of a nefarious site instead of the real one.

There are many tricks the Phishers use; for instance, for those of us who actually look at the url address in our browsers (always a good idea!), the address may say

thebank.badguy.com.

You’d think that this is a section of the “thebank” website, but it’s actually a section of the “badguy” website, and has no relation to the “thebank” website other than name. Look at your address bar now. It starts with https://thegizmologist.wordpress.com. The website is wordpress.com, and the “thegizmologist” is my blog space on wordpress.com. Now if you look at my website: http://thegizmologist.com/html/blog.html, notice the sections of the site are separated by slashes instead of “dots.” There’s the difference. thebank/badguy.com is “the bank’s” website (maybe with an article on how not to get scammed), while thebank.badguy.com is the “bad guy’s” website. What a difference a dot makes!

There are many ways to defend against phishing.

  • The most important, from the standpoint of the end user, is to pay attention. If the grammar is bad, the email is impersonal (Dear PayPal customer), it promises dire consequences if you don’t act Right Now, the sender’s address is strange looking, or anything else makes you the least bit uncomfortable, it’s probably not the real thing. If you’re worried it just might be legit, close your email, and type the company’s web address in your browser rather than clicking a link.
  • If you hover your mouse pointer over a link, the bar at the bottom of your web browser or email program will tell you where the link actually leads. If it looks like it leads somewhere other than where it says it leads, don’t go there! See Clone Phishing.
  • The best thing you can do is label all such as spam and delete immediately. Some email systems allow you to specifically label an email “Phishing.”
  • Any legitimate banking site will have it’s address start with https://, not http://. The extra “s” stands for “secure,” and there will usually also be a “padlock” symbol next to the address. Some shopping sites will only have their cart and checkout sections secure. Never enter any personal information unless you see “https.”
  • Some internet security suites have “anti-phishing” filters built in, which may help.
  • The Web of Trust, which I’ve talked about before, won’t stop the emails, but can be very helpful in identifying bad sites, including known phishing sites.

Finally, phishing is not limited just to email. Those phone calls from “Microsoft Technical Support” are the same sort of thing. There has also been some phishing via snail mail, although those are rare since postage can run into serious money.

For more information:

https://en.wikipedia.org/wiki/Phishing#List_of_phishing_types

For even more empowering technology info, read my new book, “Deciphering the 21st Century,” Available now!

Click here to read all about it.

Follow me on Twitter:

I’d love to hear your comments!

Don’t Fall For It!

I’ve written before about fake emails from banks, Paypal, Facebook, etc., but here’s a new one you need to be aware of.

This particular email is aimed at gmail users, but it could be purporting to come from anywhere you have an account. The from: address looks legit if you just glance at it: Gmail@port.it But notice that only the part before the “@” sign says gmail. This means nothing other than someone found out that was an unused email address at port.it, which is the important part of the address. Notice also that the part after the “dot” is not com or org or edu. The “it” means the message originated in Italy. Now, I’m sure Google has tendrils in Italy, but this is not a google or gmail address. If it was, it would have the form of someone@google.com. Even if the suffix of the address looks right, you should still not click any links. Some spoofers are better at faking from addresses than these guys.

Here’s how the message I got reads:

Subject line: error
This is an automatic message from our servers; If you are receiving this message it means that your email address has been queued for deactivation. This was as a result of a continuous error received from this email address (code:505).

Please Click here to resolve this problem. (Link removed for your safety)

This is just another example of “Phishing,” or trying to steal information from credulous victims. I removed the link above, but it was definitely not anything to do with Google or Gmail. You never know where a link in an email will take you; In a case like the above, you can be sure it’s nowhere good.

As I’ve said before: Never, never click a link in an email, especially one such as this that is intended to cause fear and panic! Visit the site in question by typing their address or using your own bookmark.

Ya’all stay safe out there!

For even more empowering technology info, read my new book, “Deciphering the 21st Century,” Available now!

Click here to read all about it.

Follow me on Twitter:

I’d love to hear your comments!

Is It Safe?

It’s definitely Not Safe!

How do you know whether that website you’re visiting, or that email you’re opening, is safe? Well, one way to find out is visit the site or open the email and see if horrible things happen, or take some precautions, if you don’t like living dangerously.

Websites:

There are many web filtering systems out there. The Firefox browser has one, Google has one, most antivirus programs have one, but the one I use every day is Web of Trust. It’s a no-nonsense browser add-on that tells you whether a site is rated safe by users just like you. It requires no complicated settings, it just works. Get it here: mywot.com

Email:

I’ve covered a lot of this ground before, but some things bear repeating:

  • Don’t open any email that you suspect, even a little bit. Even if it’s from someone you know. Their email may have been compromised. An example: I received an email from a friend that purported to say she was traveling in Spain and had lost her wallet, and would I please wire her some money to get home? This lady is not a World traveler, so the alarm bells immediately started ringing. This is a common scam. Turned out someone had hacked her email.
  • Attachments are especially suspect. These often come disguised as billing or shipping info from UPS, FedEx, or a bank or credit card company.
  • Since a lot of scammers know we don’t open attachments much anymore, links in email are equally suspect.

Above all, don’t get impatient and barge in. Think before you click!

For more tips, visit the website below.

http://www.zdnet.com/blog/bott/stay-safe-online-5-secrets-every-pc-and-mac-owner-should-know/3542

 

For even more empowering technology info, read my new book, “Deciphering the 21st Century,” Available now!

Click here to read all about it.

Follow me on Twitter:

I’d love to hear your comments!

 

Un-Supported Support

This has been happening a lot lately. You get an email, a phone call, or a pop-up on your computer screen from “Microsoft Technical Support,” or some variation thereof. Your Computer is Infected!! it’s the end of the world! We can fix it for only $XXX!!

Umm, no. No, No, No! Nobody ever calls or emails from a legit company like that, unless you called them first. And pop-ups when you’re on the Internet are always there only to extract money from you, and for no other reason. They do not have your best interests at heart, ever.

According to Microsoft:

“If someone claiming to be from Microsoft tech support, or affiliated with Microsoft, calls you:

  • Do not purchase any software or services.
  • Ask if there is a fee or subscription associated with the ‘service.’ If there is, hang up.
  • Never give control of your computer to a third party unless you can confirm that it is a legitimate representative of a computer support team with whom you are already a customer.
  • Take the caller’s information down and immediately report it to your local authorities.
  • Never provide your credit card or financial information to someone claiming to be from Microsoft tech support.”

Everyone who uses a Microsoft product should know that Microsoft never calls to provide technical support — unless you’ve specifically requested a callback and you have a callback number.

How to report a “Microsoft” phone scam:

http://blogs.microsoft.com/cybertrust/2014/09/18/how-to-report-the-microsoft-phone-scam/

More info:

http://windowssecrets.com/newsletter/microsoft-takes-on-scummy-tech-support-companies/

If you need or want legitimate tune-up software, click here.

For even more empowering technology info, read my new book, “Deciphering the 21st Century,” Available now!

Click here to read all about it.

Follow me on Twitter:

I’d love to hear your comments!

The Weak Link might be You: Social Engineering

Many, if not most, data breaches are not done by people with high-end computers crunching numbers and breaking passwords for weeks on end. Such people are always shown in the movies slaving away at a keyboard in their basements, doing something arcane and brilliant. Instead, a lot of cyber break-ins are done by the most mundane means imaginable: The Bad Guy asks for the information he wants, and the Good Guy gives it to him without thinking.

How is this possible? Simple. We, as flawed human beings, have a tendency to want to cooperate with people, especially those who are, or appear to be, Authorities. The person who claims to be from Tech Support, or Corporate Headquarters, or the police, or a doctor, or even a Professor, might just be some lowlife who is banking on your cooperation in order to take you for a ride.

We are also (at times) motivated by baser principles such as fear (The FBI has detected child porn on your computer!), greed (Help me smuggle $7.5 million out of the country, and I’ll split it with you!), vanity (You Deserve it!), desperation, or dishonesty. Sometimes, even our honorable traits are exploited as well; honesty (I’ll send you a check for more than the amount, just send me the difference!), compassion (I’m dying of a rare cancer, I have 6 months to live!), or simple credulity (It sounds true, why wouldn’t it be?). These are the characteristics of our psyches that con artists exploit.

The essence of the con game is the same as it’s always been-Once the mark has developed faith (confidence) in the crook, he’s wide open. The “information age” has only produced more opportunities for con artists. Consider this: Recently, someone was roaming a shopping mall offering people free iPads if they’d only give him their email passwords, and some actually did! In this case, it was a social experiment and no harm was done, but someone bent on social engineering for nefarious purposes would be able to do great harm with such a scheme.

Many cons begin with getting something into the mark’s hands that has a perceived value; A flash drive or CD dropped in a parking lot with a label that appeals to greed or curiosity is a trick that has been used to spread malware on corporate networks, for instance. A “Phishing” email that claims you’ve won a sweepstakes you don’t remember entering is another. In a 2003 survey, 90% of office workers gave what they claimed was their password in exchange for a cheap pen!

Your only defense? Question everything. Ask why a piece of information is needed. If it’s not needed, don’t give it. (This even goes for real authority figures!) Ask for credentials. Don’t install questionable software. Never, ever give your passwords out. That’s like handing a stranger your house key. And remember, There Ain’t No Such Thing As A Free Lunch.

For even more empowering technology info, read my new book, “Deciphering the 21st Century,” Available now!

Click here to read all about it.

Follow me on Twitter:

I’d love to hear your comments!