Tech Support Phone Scams

When scams come to us in the form of emails that land in our inbox, they are called “phishing” emails. But scammers don’t just use email to trick us into disclosing personal information or accessing our money. They will use other technology as well, such as phones.

One version of a phone scam comes in the form of technical support. You get a call from someone claiming to be from Microsoft, for example. They tell you they want to help to solve a computer problem or sell you a software license. But this what they are really doing:

  • They trick you into installing malicious software.
  • The software you have installed allows them to take over your computer.
  • After you install the software, they charge you to remove it.
  • They trick you to visit a fraudulent site where they ask you to enter your credit card number or other personal information.

Neither Microsoft nor any legitimate business will make these types of unsolicited phone calls. But it is easy to be fooled; the criminals use publicly available phone directories, so they might know your name when they call you.

What you can do:

Do not trust unsolicited phone calls offering tech support. Do not provide any personal information. Do not allow people making unsolicited calls to access your computer over the phone to “fix it.”

When you receive a scam phone call, you can report it to the FTC.

The numbers: A recent survey by Microsoft shows that PC owners are under constant attack for their personal information but that people are wising up and not taking the phishing bait. The report found that 42% of Americans experience attempts to gain access to their PC, while 28% reports attacks via landline phones, 22% via tablets, and 18% via mobile phones.

Find out more about how to protect yourself from this kind of phone scam.

Malicious Ebola-Themed Emails

Fake emails that purport to be from the World Health Organization are inviting people to download an attachment or click a link for more information about the Ebola virus.

Last week US-CERT, a division of the Department of Homeland Security, issued an advisory warning users about spam campaigns that use the Ebola virus to bait users into inadvertently downloading malware. Once the malware program is on the victim’s machine, it can grab shots off the webcam, take control of the machine remotely, or steal passwords.

Read the full story online.

Video: Cybercrime Exposed

In this 2-minute video, Trend Micro educates about the ins and outs of phishing scams, what you might lose when you fall victim, and what you can do to stay protected. This cybercrime exposé specifically looks at a phishing operation that was in affect in Brazil during the 2014 World Cup. Criminals hosted phishing site templates, malware and the victims’ personal documents in an online sharing site. It lured victims to click their links, then stole their money.

Knowing the different tactics used by bad guys will help you avoid becoming a victim of cyber crime.

View the video on YouTube.

Popular Holiday-Themed Phishing

Phishing attacks —using email to trick a recipient to click on a link or an attachment that then infects the computer —happen year round. However, at this time of year there are more people shopping online than usual. Thieves take advantage of these rushed and weary shoppers to get through their defenses.

An article on Help Net Security lists the most common holiday-themed phishing attacks:

  • Holiday e-card: Holiday greetings that come through email.
  • Holiday sales, discounts or deals: Attackers will try to sneak through phishing emails masquerading as merchants offering blowout deals.
  • Holiday party information or registration: Most companies throw a holiday party this time of year. Spoofed invitations could catch the untrained eye.
  • Package delivery or update information: Fed Ex or UPS delivery notifications have often been spoofed to get a recipient caught unawares.
  • Year-end deadlines or requirements: This is an open opportunity for attackers to get creative and exploit an employee before he/she heads out for the holidays.
  • Travel notifications: Emails warning of itinerary changes will certainly grab the attention of a person eager to get home for the holidays.

Read the full article online.

The best way to make sure an email is legitimate is to verify the sender. Either view the email’s full headers or double-check with the sender through some other means (calling them directly, for example) regarding the information in the email.

How to find full email headers.

Fraud Statistics That May Surprise You

Fraud is nothing new. Scammers have been attempting to trick consumers into spending money on fake (or non-existent) products for a long time.

However, what IS new is how we are getting scammed. Did you know that one third of people who reported being scammed first learned of the fake pitch online? The other sources are print ads, TV and radio, and telemarketing calls. When you consider that fraud harms 25.6 million people in the U.S. in one year (from a survey done in 2011), that adds up to a lot of people. That’s about one in every 10 adults in the U.S.

Learn more about the survey done by the Federal Trade Commission here.

Are you one of those affected? Learn how you can avoid or report fraud.

How To Verify the Source of an Email

If you are ever in doubt whether an email you received originated from the place it claims to be from, try this: verify the information by reading the full headers of an email.

Email headers (also called “full headers“) are the details that show the path the message took to reach your inbox. Details such as dates, times, mail servers it passed through and even the originating email address are included.

I am sure you have seen questionable emails that claim to come from the MIT Email Team or a System Administration team in IS&T. You have also likely received many emails that claim to come from a business, such as Fed Ex or a bank. Sometimes they can really fool you; even the “from” address makes it look like these emails are legitimate.

But wait! Before clicking on any links within these emails or replying to the sender, check the header. This article shows you how easy it is to find out who the real sender of an email is by reading the information contained within the header.

Scammed? What To Do Now.

Say you get an email from your bank, asking you to update your information, which you go ahead and do. When you call the bank, you are told they did not send you any email. Banks will not ask you to update your information EVER through an email.

You fell for a phishing scam. What now?

You may want to close that account and open a new one. Place a strong password on the new account, to prevent someone from accessing it, then place a 90-day fraud alert with each of the three credit reporting agencies. You might also consider placing a freeze on your credit reports so that no one can get credit in your name.

Here are some additional tips from the ITRC (Identity Theft Resource Center) and from the FTC (Federal Trade Commission) if you’ve been the victim of a scam.

BONUS: Spot the Phish

Phishing emails are getting trickier. Can you tell which of these emails from Verizon Wireless is real and which is fake?