How to strengthen your defenses against online scams
Nov 27, 2023 10:07AM ● By Adam CochranGiven that saving money ranks among the top New Year’s resolutions, this month’s column will focus on surefire methods to save significant amounts of money—potentially hundreds of thousands of dollars in some cases.
While I usually write about topics like using apps, loyalty programs and exclusive discount programs to save money, this month, I’m going to tell you how to protect your computer, personal information and financial accounts from scammers and cyber criminals.
Below are some hypothetical, but very common, scenarios demonstrating how bad guys manipulate their targets into unwittingly surrendering the data they seek without using any fancy hacker techniques or nefarious software.
SCENARIO 1: While perusing your Yahoo email, you come across an interesting headline or handy tip in one of the sponsor links. You click on it and a new window opens. As you scroll down, a virus alert pops up with an alarming sound. The message claims, “Microsoft has detected a virus infection on your computer. Please call this number immediately to resolve the issue. All files and photos on your system are in danger of being deleted. Do not turn off your computer!”
You call the number or click on the link and a person with a foreign accent explains that he can take control of your computer and run a scan, which reveals that you have 24,000 infections and a corrupt DNS. However, the person assures you that he can easily correct the problem by installing a program and setting you up with a subscription for only $349.
The problem seems to go away, but an error message pops up a few days later saying that your computer is unusable due to a storage issue. However, a tech can help you with the problem if you call this provided number or follow the link.
The new tech remotely controls your computer and tells you the problem is critical and you may lose all of your pictures unless you subscribe to a $10/month service.
This is a scam. Your computer never had a virus. The original alert was a cleverly designed ad that used a window that couldn’t be closed to counterfeit a computer error. If you had shut off your computer and turned it back on, your computer would have continued to run as good as ever.
SCENARIO 2: You receive a text alert that your Wells Fargo account is overdrawn and you need to call the given number or reply to the text immediately to address the issue. You call the number.
“Hello, thank you for calling Wells Fargo, my name is Charlie. For training purposes, this call is being recorded, is that okay?”
You agree.
When Charlie asks how he can help, you describe the text.
“I want to make sure we get this taken care of, but I need to verify that you are the account holder.”
Charlie then provides information to you that establishes that he does indeed work for Wells Fargo. He provides your first and last name, address, birthday and the last four digits of your debit card. He then asks for the last four digits of your social security number and the security code on the back of the card as verification.
You provide the information he asks for. Charlie explained that there was a $300 charge on Amazon, but they reported the issue and reversed the charge.
You are relieved until you discover days later that, not only had you never been charged $300, but someone drained your entire account into a PayPal account that no longer exists. And you discover that PayPal’s processes for recovering the lost funds can take weeks or months to resolve.
The person who sent the original text was a scammer who exploited data he obtained from a list of user information he purchased online. This data was probably sold to him by a former web designer of a local restaurant website that you ordered take out from during the COVID shutdown.
SCENARIO 3: The computer you purchased at a big box retailer is having problems, so you call the support number listed on the manufacturer’s website which matches the documentation that came with your computer.
A representative poses pertinent questions to confirm your identity without delving into any useful private information. Upon understanding the nature of your issue, he explains that it’s handled by a different department and provides the correct number.
You call the number and that tech explains that he will need to remotely control your computer. Once connected, your screen is obscured by a message explaining that the technician is performing scans and that you shouldn’t turn off your computer.
You can see him moving the mouse, but the window is blocking what he’s working on. The tech asks you to agree to a few prompts that appear on the screen before closing the window and assures you the problem is solved.
Two days later, you notice that you can’t get into your social media, your bank or your Gmail account. You reboot and discover the password for Windows isn’t working either.
You try to call both technician numbers. The manufacturer’s tech explains that the second number isn’t connected to their company and that you must have been scammed.
It appears the initial tech who fielded your call was an employee within the call center who accepts bounties to route certain types of customers and issues so they can harvest private information and hijack the victim’s accounts.
Preventing this type of hack, scam or fraud is easy. Follow these six simple rules.
1. Don’t panic.
2. The only people who should remotely control your computer are family and support technicians you know personally.
3. Ask a friend or local expert what they think before taking any action.
4. Don’t trust someone just because they have an accent and/or know a few details about you.
5. No legitimate entity will ever report or arrest you for practicing careful due diligence.
6. If you’re scared, feel intimidated or are pressured to act immediately, it’s ALWAYS a scam, a shady salesperson, or both.
You might also like these articles:
5 tips to safeguard yourself from fraud
Safeguard your finances and personal information with these essential strategies from Forbes Advisor. Read More »
Not all cyber weapons are created equal
Identify scammers' tactics and know how to protect yourself. Read More »