Phishing fraud is on the increase – Here’s what you need to know
Top-Windows-Tutorials.com brings you plenty of tips for keeping your PC secure and while PC security is still a big issue, improvements in Windows Vista, 7 and 8 have made it much harder for criminals to infect your PC with malware. Because of this, we’ve seen a big switch to other types of fraud that try and trick or coerce users or even employees of companies themselves into handing over security details. That way, it won’t matter what kind of security software you have installed, since you’ve willingly handed over the keys to your digital castle anyway. This kind of scam is often called “Phishing” and there are several ways the criminals try to get you hooked.
Fake e-mails – This is one of the oldest and most widely used. You get an e-mail in your inbox telling you that there is a problem with your account and you should click the provided link to verify your details. Phishing e-mails vary from those that are laughably poor, with obvious grammar and spelling mistakes, to the highly sophisticated. Here are some examples of Phishing e-mails we’ve received.
– An e-mail telling you your Paypal account is blocked and additional security information is required to unblock it.
– E-mails purporting to be from various banks asking you to either fill in an attached PDF document or follow a link to log into your account.
– E-mails purporting to be from eBay offering a second chance offer on goods that you bid on if you click the given link. These often come from hacked eBay seller accounts and can be quite convincing.
– E-mails from dating sites pretending to be from other members wanting a date.
How can you protect yourself?
Assume all e-mail is fake, don’t follow links given in e-mails. If you need to check something out, ignore the e-mail link and log on manually through the web instead.
Don’t be tempted to “goad” the criminals. For example, don’t follow the links they give to the fake websites and then enter abusive comments. While this might seem like a good way to let the fraudsters know what you think of their despicable activities, the website they linked you to could be infected with auto-installing malware that could compromise your computer.
If your bank wants to communicate by e-mail, refuse to do so. Tell them you don’t consider e-mail a secure means of communication (because, without additional software such as PGP, it isn’t). Never send important details such as credit/debit card information by e-mail.
A call from Windows technical support
We’ve covered this one in previous newsletters, but it doesn’t seem to go away. Out of the blue you receive a cold-call from someone claiming to be from Microsoft, or a PC repair company and they will tell you they have detected viruses on your PC and offer to fix it for you. If you keep the fraudster on the line they will eventually redirect you to a website where they can get remote access to your computer and pretend to fix it for you.
How can you protect yourself?
This one is easy, if you get one of these calls, there is absolutely zero chance it is legitimate. Simply tell the caller to go away as you’re not falling for that one. Tell all your friends and family that this is always a fraudster, Microsoft will never cold call you.
Be aware that there is a small delay between hanging up your telephone and the line becoming free again. Some more sophisticated scams tell the callers to ring back on an official Microsoft number. The fraudster then simulates a dialling tone without actually hanging up the phone on his end, meaning the number the victim dials never actually gets through. If you’re ever asked to hang up and redial a number, hang up then wait at least 20 minutes before redialling.
Fraud on IM or gaming services
This one is particularly nefarious as it often targets children. The fraud goes like this. A fraudster will attempt to gather as much information on the victim as possible, usually from public profiles, before setting up an official sounding account on the game or IM service in question. For instance, if the victim is using the Steam gaming service, the fraudster may try to register an account under a name such as steam_support_1234 for instance. Having got this account, the victim is then messaged by the fraudster, who attempts to convince the victim that they are an official member of staff and that they need to hand over their credentials for one reason or another.
How can you protect yourself?
Support staff will NEVER ask you for your password, if someone does, you know it is a fraud. Report the account immediately to the real staff who are running the gaming/IM service you’re using. Teach your children this simple fact too so they don’t fall victim.
Use common sense and keep your wits about you while you work and play online and you will be safe from these kinds of common fraud. The best defence against these scams is awareness, so remember to warn your friends and family. Finally, remember the old saying “if it sounds too good to be true, it’s too good to be true”. When you get an e-mail claiming that 10 million dollars is yours if you just reply with your bank details, it’s going to be another scam. Unless of course you really do have a rich second uncle twice removed in Nigeria who just passed away. (Even if you do, I’d still advise caution, maybe he left it all to the Nigerian cat protection society instead).
|