Wednesday, July 26, 2017

Scram Scam: Some Guidelines to Prevent Scammers From Tricking You!

As we prepare to return to school, we must remember not to let down our guard and be duped by unscrupulous cons. There are too many people trying to take advantage of our trust and goodwill. Here are a few guidelines to help you from becoming another victim:

Email:

This article on Apple World Today cites Verizon research stating that 30% of emails designed to trick you (called phish emails) are opened! The article goes on to make several good suggestions about spotting a phish email. Here are a few suggestions to avoid email scams:

Don’t click on links in emails: This is how scammers trick you. The typical phish email appears to come from your bank and says that your account is frozen (or some other terrible thing) and you need to re-enter your password. The email looks like it comes from your bank and, when you click the link, the website looks like your bank’s website. But it is not! When you enter your information, it gives you an error message because, of course, it is not the real website. You have just given the bad folks your bank user name and password. Recently, scammers have used compromised email addresses to send phish emails. So it may be that the email appears to come from someone you know! No matter who sent the email, don’t click on the links – period!

Contact the sender – not through the email: If the email appears to be from your bank, don’t click on it, call your bank using the number on your debit or credit card or on your statements. If the email says there is a problem with your Apple ID, go to Apple.com on your own and log in or call Apple on the phone. This rule will also apply to phone scammers (which we will discuss shortly). If the sender of the email is a friend, call them. Replying to a scam email from a friend will only tell the scammer that you read the email. If you have a second email for your friend, try it or contact them through social media. If my email was hacked, I would like to know about it. 

Look at the sender’s email address closely: As the article linked above states, often phish emails look like they come from sources you trust. Your email has a name associated with it. If I send you an email, you won’t see the actual address, you will see my name. If you click on or hover over my name, you will see the actual address from which I sent the email. If I receive an email from American Express, I would expect that the sender has an American Express email. The label may say American Express, but if I go to the “sent from” line and look at the email, and it says something else, it is probably a phish.

Web:

Scammers can get you through more than email. This BottomLine article talks about how the scammers might trick us by creating websites that are one letter away from the sites we are trying to reach. The example in the article is that you type Netflix.co and forget to add the last letter. This reaches a website that looks like Netflix, but is, in fact, a way to harvest your Netflix password!

Examine the URL: Just as you examine the email address, look at the web address (called a URL = Universal Resource Locator) and make sure that it matches the site you are trying to use. If I am trying to look at my Bank of American account, the website must be bankofamerica.com. Please note that the address has the “of” in it. I discovered that bankamerica.com is not a functioning web address – yet.

Make sure the site uses https: In front of the web address are the letters http, which stand for hypertext transfer protocol. That means you are looking at a regular website. However, a site that adds an S means that it is secure! Here is an article from Computerworld explaining why it is so important to make sure that any site on which you enter personal information has that S and is secure.

Don’t enter any personal information on any website if you are on a public network: If you are in a hotel or at a coffee shop or in a library, you are on public wifi. The network that you are using is not unlike the old party lines where everyone could hear everyone else talking. With the right technology, a person can see the activity on a public website. Don’t enter passwords, credit card numbers, or any personal information unless you are on a secure and private network either at your home or work place. This is also why some people are using encrypted virtual private networks to protect their information. Click here to read an article on VPNs.

Use resources like Web of Trust: There are browser extensions (apps that run in Chrome, Safari, Firefox or other browsers  - you aren’t still using Explorer, are you?) and give the browser additional functions. I like Web of Trust because it presents me with a green, yellow, or red circle indicating the safety of the website I am using. It will present me with an alert I have gone to a problematic or scammer website. Norton also lists ten signs that a shopping site is secure which could be applied to any commercial website.  

Phone:

Don’t answer phone calls from numbers you don’t recognize: If the call is from a legitimate source, they will most likely leave you a voice message or contact you another way. If you are concerned you have missed an important call, call the number you have rather than the number that called you. Recently, scammers have made their number look like your number, so it appears to be coming from a local source. Don’t be tricked: an unknown number is unknown even if it has the same exchange or appears to come from your town.

Don’t talk to strangers on the phone: One scam worked this way: when a person picked up the scam call, the scammer would immediately ask, “Can you hear me?” When the person answered, “Yes,” their response was recorded and could be used elsewhere! If you pick up the phone, perhaps thinking it is from a legitimate caller, and discover it is from an unsolicited source – hang up! If the source says they are the IRS or your bank, hang up and call that source using a number you have used in the past successfully.

Don’t give personal information over the phone: Don’t provide your credit card, social security number, or other personal information over the phone unless you have made the call yourself and are 110% sure you are really talking to Ticketmaster, your bank, or your grandchild. If someone claiming to be from your electric company calls and says they need your bank account number, tell them you will call them back – and then use the number on your bill! 

Other Thoughts:

If you have any doubt at all, assume it is a scam: While I’d like to think the best about people, scammers are very good at tricking us. The latest scam sent an email that included a link that, when clicked, opened a Google drive window and asked the victim to sign in to allow an app access to their account. It not only looked real, it was the real Google sign in. The trick was that the scammer’s link (thus the “don’t click on links” rule) connected the victim to the scammer’s app! It tricked professionals! However, a little more care and the simple rule of don’t click on links in email could have saved them! Trust your gut reaction and err on the side of caution.

Go slowly and double or triple check: If your grandchild, niece, or neighbor calls and says that they are stuck in a foreign country without money, check with other people (like their families) before giving the caller your information. Scammers make things seem like an emergency and that, if you don’t act immediately, horrible things will happen. Horrible things will happen if you rush and act too quickly.

Travel Scams: Here is a fantastic infographic listing forty travel scams and the countries in which they have been reported. It is worth a look before you go on a trip.

If you believe you have fallen for a scam and given away your information, you need to notify the appropriate authorities as soon as you can. Lifewire has a good article telling you some first steps to take if you have fallen for a scam. Your local police department is where you would report any sort of crime. Here is a link to the FTC’s scam alert page. It is a good place to look if you are wondering, “might this be a scam?” With a little knowledge, hopefully, we can stop the scammers from succeeding!

No comments: