OCS banner and logo
Keeping clients' computers safe and profitable for over 30 years



Home Forms About Current Newsletter subscribe 
Search All Articles

Browse by Category


powered by pmc2m

 

You are being trained to be a victim

Preview:
Your bank and other trusted sources are training you to be a victim of malicious hackers. Here's a simple, foolproof way to escape their training and 90% of the attacks we are facing.
 
At a computer consultants' meeting last month, a consultant told a sad tale of an elderly woman who was conned out of $18,000. She received an email, apparently from her bank, about a problem with her account. She called the number they provided and a nice banker helped her fix the problem. Later, she discovered he'd wired $18,000 out of her account. He wasn't a banker. The email wasn't really from her bank.

The bank explained that if she lets people into her account, they are not responsible for any losses. Every consultant in the room nodded their heads. Every consultant has clients who fell for a scam like that, though usually not with such devastating effects. One of my clients recently had to change several passwords and close a credit card. These scams are rampant and they will continue and get worse. They are targeting the elderly, but anyone could become a victim.

We all hear about ransomware, and that is a problem for big companies with lots of money. They are the targets for sophisticated attackers chasing a big payoff. But 90% of personal and small business attacks come from people clicking on email links or advertising links or calling a phone number in an ad or email.

 

The banks, credit card companies and Medical offices are teaching us to be victims


These somewhat legitimate companies want you to come to their site to fill out their forms, or buy more stuff, or get their ads. To make it easy, they send you an email and tell you to click on the link or call the number. What could be easier? Just click or call.

The problem is that anyone can send you an email that looks like that. Do not believe that the email will link you to the proper site or the phone number will call the proper company number. Yet, despite knowing this is terrible behavior, they keep doing it. They train us to click on links and call numbers in emails. Never do it. Do not develop a habit that could hurt you so badly. Take up smoking instead.
 

These security challenged organizations will tell you to avoid clicking on links from strangers. Crooks can make emails that look like theirs, but this is too complex a concept for them to understand. They are priming the pump to create victims for scammers.

As the population ages, more of us will become vulnerable. As more scammers make more money, more people will figure out even cleverer ways to scam us. It costs them almost nothing to send out thousands of emails. If just a couple of people in a thousand call the number or click on the link, these people will make a lot of money. As they make money, it will draw more people into the business. They will develop better and better ideas for scamming us.

Some current favorites


Here are some of the current favorites. All these are cons. Clicking on the link or calling the number links you to crooks, not the proper company.
  • Your email box is full. Log in here for support.
  • We have recorded the porn you watch. Send us money or we'll tell the world.
  • Here's a bill for some company. Common names are Geek Squad, Webroot antivirus, Amazon and Xfinity. Pay immediately or call this number for support.
  • We are closing your account at some place. Log in using this link.
  • There has been an attack on your account. You must change your password immediately. Click here. (This was used to gain entry to the DNC's email in 2016)
  • This is a confirmation for the laptop you purchased. A support number is given on the "confirmation" notice.
These appear legitimate. None are.

Here are 2 cons I received recently. Neither are legitimate.

 

And this one which pretends to come from my site and my mail server.

 

Now check out these two legitimate emails:

From my doctor’s office:

 
And from Xfinity:


 

Tech savvy people can usually tell the difference. But will they always spot the flaws? What happens if you are not tech savvy or, for a moment, you let your guard down?

Here's an interesting one sent to me by someone. I didn't know whether it was legitimate or not. It was legitimate, but the idiots made it look like a con. In any case, I wouldn't click on their links.



This purported to be from Washington County wanting me to sign up for alerts in their new public alert system. Claiming they can't just transfer my name from the old system. The first indicator of a con is that the return address is not from the sender. So, the sender is supposed to be Washington County, but the return address goes to everbridge.net. This is almost always proof of a con. I'd never heard of everbridge.net. The contact info link also goes to these unknown everbridge.net people. I took another step and actually stuck everbridge.net in my browser, and it is unknown. An IP address for that name does not exist.

However, further investigation revealed that there is a www.everbridge.net company that provides public alert systems. It's just that they were too dumb to register everbridge.net, or redirect traffic. They also wrote an email that appears to be a scam. It is normal practice to register your name with and without the www, so not doing so is unusually incompetent. I did try to read their privacy policy, but it seemed like it was over 50 pages long! My impression was that they said they were really nice and wouldn't misuse my information, but would do whatever they felt like with it. Again, this was probably who Washington County hired, because, well, government. But, I'll never sign up for an account with them or click on a link in an email like that! Even if this kind of email is safe 90% of the time, do not take the chance.

A client wanting the alerts, but not wanting to click on a link in an email like this, checked at the Washington County website. She found they had hired this company to do their alerts and used the link on their website to sign up. Thus, avoiding the dangerous email.

Just follow the two rules below to avoid 90% of the scams likely to affect you.

There is a foolproof solution.

Rule 1. Do not trust emails
If you follow this simple rule, you will eliminate over 85% of the threats you are likely to face. Don't worry about whether they are legitimate or not. Do not trust them. When your email provider or bank or doctor's office appears to give you a link to click on, do not trust it. Do not click on it. Even if you are sure it is good, do not click on it or call the telephone number provided. This also means buy nothing from anyone who sends you a spam email promoting a product. Trash them. If you develop this habit, you will be safe. If you click on those that are "certainly safe”, but not on others, eventually, some scammer will fool you. Just force yourself never to click on email links.

But what if it is legitimate, and it usually will be? No problem. Log in to your account the proper way. Either use your password manager to log in or your browser and password manager. Use the bookmarks in your browser or the links in your password manager. If you need to call a number, then find the correct number (you should put it into your password manager or contact manager), and call it. If it is legitimate, they will let you know what you need to do when you log in.

Rule 2. Do not click on ANY advertisement ever.
I promised you 90% protection. Here is the other 5%. Advertisements either on websites, emails or even search links are often cons. Never click on any advertisement.

But what if the product is really neat and you want it, or at least you want to learn more about it?

That's fine. Do a web search and find out about the product and find a legitimate seller. It is safer. At least they've been around a while and developed enough traffic to be found and presented by a search engine.

The exceptions

As with all rules, there are exceptions. Mostly, you need to worry about calling numbers or clicking on links that would ask you to log into your account. One obvious exception is if you create an account and they immediately send you a confirmation email to prove your email address is correct. Since you were just there 30 seconds ago, and that place said they'd send you a link, and they did, trust that one.

If a friend or vendor says they are going to send you a link, and they do, trust it. If someone you know describes what they are sending you and then does, it is probably just fine. If I or another trusted vendor sends you a newsletter with links, it'll be safe to click on them as long as they are not asking you to log in to your account from that link.

Another safe link is from a vendor you purchased from, who sends you a shipping notice for your actual described purchase with a tracking link. Again, you recently bought from them and you don't need to log into your account. Just click the tracking link.

Remember, always log into accounts from your own links, never email links.

Stay safe out there.



Date: November 2021


Creative Commons License
This article is licensed under a Creative Commons Attribution-NoDerivs 3.0 Unported License.

 
 
  Please direct questions/suggestions about website to the webmaster