Most of us have software installed to protect us from hackers, viruses, malware and other dangers. However, often the weakest link in any security system is…us. Scammers know that it doesn’t take much to get people to give out information, click on harmful links and do other things that your anti-virus software can not protect you from.
A good rule to follow is that when you receive an email or telephone call asking you for personal information, or saying that you need to do something to update your information or reactivate your account, don’t do it. Instead, contact the company using a web address, email address or telephone number you know to be legitimate.
When I am in my office, I usually answer my phone as using an automated telephone system for small business often isn’t as useful as personally talking to the customer. Sometimes the calls are a customer, but sometimes it is a scammer. I thought it would be a good idea to share two recent scams with you so that you can avoid them. Both of these have been around for a while, but they are still claiming victims.
Telephone Phishing Scams
You may be familiar with online phishing scams. That is where the scammer sends an email that appears to be from PayPal, your bank or credit card company, Amazon.com or another trusted company. They give some excuse for why you need to log in to your account and provide a link to click. The problem is that the link doesn’t go where you think it does. Instead, it takes you to a site set up by the scammer to capture your login, password and other personal data.
Phishing can also take place over the telephone. The other day I got a call attempting to get information about my merchant account (the account I use to take credit card payments). The caller ID said the call was “Out of Area” and gave the originating phone number as 1-000-000-0000. That is a common display for Skype calls, so I assumed it was a friend or customer calling via Skype.
When I answered, I heard an automated voice saying that the call was from First Data, and that my merchant account had been disabled. Well, that might have caused me to be concerned except that I don’t have a merchant account with First Data. I decided to play along, though, and see what they were up to. The recording asked me to enter my merchant account number and terminal ID number. I entered 000 for each and waited to see what would happen. The recording thanked me and said that my account was now reactivated.
Why did the scammers call me, when I don’t even have an account with First Data? They have no idea who does and does not have accounts with the companies they impersonate. Because phishing scams target customers of large companies, they know that a significant number of the people they target will have accounts. And a significant number of those people (often as many as 25%) will fall for the scam.
What would I have done if I had a merchant account with First Data and received a call like this (or a similar email)? My first step would be to pull a recent statement from them and find the customer service number. Customer service could tell me if there was a problem with my account and how to resolve it. Never use a phone number, email address or URL that comes in a suspicious email or phone call—they usually lead right to the scammer. If you call a scammer to ask if they are legitimate or if they are scamming you, what do you think they will say? (Hint: Scammers lie.)
“Microsoft Technical Support Center”? Really?
Actually, though, I did once get a scammer to acknowledge that he was trying to scam me. At least once or twice a week, I get a call from “Microsoft Technical Support” or some similar thing. Caller ID displays various cities and phone numbers, but the calls all clearly come from a call center in India.
The caller says that Microsoft has determined that there is a virus on my computer and they are going to help me fix it. Gosh, that is nice of them, isn’t it? If I am busy or cranky, I just hang up on them, sometimes after spewing a bit of profanity. However, if I am in a playful mood, I will go along for a while.
I thank them for their help and ask what I have to do to fix my computer. They tell me to go to the computer and turn it on, then proceed to walk me through a series of steps which, of course, I do not actually do. (Do them and the scammer gets control of your computer or gets you to download some nasty malware onto your machine.)
After a short time, I tire of the game and hang up on them. One day, though, I was having fun so I stayed on the line for longer than usual. I asked several questions and finally asked how many people fall for this scam. The scammer paused for a second, then said, “One, two, three…sixteen,” as he counted his successes. Now, he may have been lying to me about the number of victims, but I have no doubt that he got several people to do what he told them to do and infected their computers.
The luckiest victims of this scam just lose some money by paying for worthless “anti-virus software.” However, more often, they load malware onto their computer that logs their keystrokes or turns their computer into a bot that the scammers can use in all kinds of nefarious ways. Oh, and when you pay for this service, you have just given your credit card number to a scammer. Gee, what could go wrong there?
Avoid the Scams
The bottom line is that whenever someone calls or emails to tell you that there is a problem with your computer or an account of some kind, assume they are lying. Check it out by finding the contact information for the real company (e.g., bank, credit card processor, etc.) or by doing a Google search on what they told you. Never give personal information (such as login Ids, passwords, credit cards numbers or other data) to anyone who calls you. Don’t follow links to unknown websites and enter personal information. And never trust that a scammer is telling you the truth.