Tech Support Phone Scams

When scams come to us in the form of emails that land in our inbox, they are called “phishing” emails. But scammers don’t just use email to trick us into disclosing personal information or accessing our money. They will use other technology as well, such as phones.

One version of a phone scam comes in the form of technical support. You get a call from someone claiming to be from Microsoft, for example. They tell you they want to help to solve a computer problem or sell you a software license. But this what they are really doing:

  • They trick you into installing malicious software.
  • The software you have installed allows them to take over your computer.
  • After you install the software, they charge you to remove it.
  • They trick you to visit a fraudulent site where they ask you to enter your credit card number or other personal information.

Neither Microsoft nor any legitimate business will make these types of unsolicited phone calls. But it is easy to be fooled; the criminals use publicly available phone directories, so they might know your name when they call you.

What you can do:

Do not trust unsolicited phone calls offering tech support. Do not provide any personal information. Do not allow people making unsolicited calls to access your computer over the phone to “fix it.”

When you receive a scam phone call, you can report it to the FTC.

The numbers: A recent survey by Microsoft shows that PC owners are under constant attack for their personal information but that people are wising up and not taking the phishing bait. The report found that 42% of Americans experience attempts to gain access to their PC, while 28% reports attacks via landline phones, 22% via tablets, and 18% via mobile phones.

Find out more about how to protect yourself from this kind of phone scam.

Securely Disposing of Mobile Devices

The June issue of OUCH!, led by Guest Editor Chris Crowley, discusses how to securely dispose of your mobile device. Most people do not realize just how much sensitive and personal information they have on their mobile device. If you are not careful about how you dispose of your older mobile devices, almost anyone can access that information.

Download the June issue of OUCH! (pdf) and please feel free to share with colleagues.

Additional information about secure disposal and data sanitizing old equipment can be found in the Knowledge Base.

Removing Personal Data from Old Devices

This holiday season you may have received a new PC, laptop, tablet phone or other device. Before recycling, donating, or disposing of an old device, help protect your privacy by removing your personal information first.

Removing the data by simply “erasing” or “clearing” the information may not permanently remove the information from the device. While the data may not be visible to the average user, anyone with the right tools and know-how could retrieve data stored in memory.

To make sure you don’t leave behind anything that might be used against you, take the right steps. Learn how to remove sensitive data from a mobile device or computer and learn about some (free) tools that can help.

What is Smishing And Why Should You Care?

Smishing is a form of criminal activity using social engineering techniques similar to phishing. The name is derived from “SMS phishing.” Similar to phishing, smishing uses cell phone text messages to deliver “bait” to get you to divulge your personal information. The “hook” in the text message may be a web site URL, however, it has become more common to see a phone number that connects to an automated voice response system. If you fall for the bait, the criminal gains access to your financial information.

Learn how to protect yourself from Smishing attacks.

Data Privacy Awareness in January

Data Privacy Day on January 28, 2012 is aimed at raising awareness around the importance of protecting personal identities. EDUCAUSE is expanding the day into a whole month of activities and resources around this topic.

Here at MIT we handle, share, store and dispose of personal information on a regular basis. Are we doing what we can to protect this information from exposure?

If you would like to find out more, come to one of the two IAP sessions entitled “Data Protection @ MIT” this January on the 12th and 26th from 1:00 – 2:30 pm in the E17 Learning Center. It is hosted by Monique Yeaton and Tim McGovern of the IT Security Systems and Services team in IS&T.

Riskiest Place for Your SSN?

According to McAfee, the antivirus software company, universities and colleges are at the top of the list of the most dangerous places to give your Social Security number (SSN).

The ranking is based on the number of data breaches involving SSNs from January 2009 to October 2010. Until recently SSNs were used at universities to provide many of their services to students and staff. More awareness around the proper use of a SSN has helped to minimize the collection of these numbers by universities, however there are still many of these records retained in electronic and paper files.

If you are requesting a service, be hesitant about giving your number out so quickly. Ask the requestor what it will be used for and whether it is absolutely necessary. You may be able to just give the last four digits rather than the full number, or an alternative number, such as your school ID number.

If you are offering a service, and collecting a SSN is required, make sure that it is handled appropriately — meaning that access to these records is restricted and the security protecting them is strong enough to minimize the risk of exposure and identity theft.

Learn about information protection at MIT.

Facebook Goes to HTTPS

Facebook is getting a little more serious about security after the CEO’s fan page got hacked. Facebook wrote on their blog that they are rolling out the option for users to access Facebook via a secure SSL (https) connection. According to the blog article, users need to go to their account settings and choose “secure browsing” from the account security section of the page.

This change is being rolled out over the next few weeks so not everyone will see the new option right away. The blog post does warn that the browsing experience may be slower (due to the encryption overhead) and that not all 3rd party applications are compatible with secure SSL at this time.

Read the full story on CNet.com.