By Helen McLean and Bill Gruber
Recently, we’ve received an unusually high number of calls from friends and clients who have been swindled by scammers. This is a brief summary of ways scammers try to con you, but remember: your best defense is to be aware and cautious.
All these scams share a common thread: to get your money for a supposed service, such as cleaning an infection on your computer. But what they really want is access to your computer, thereby gaining access to your personal information, which they can use either to con you themselves or to sell to other scammers.
They often ask to connect to your computer in order to “clean” it. They may display messages that look like errors or even simulate a cleaning process, but meanwhile they are stealing your data and placing malware on your computer, giving them a “back door” to visit your computer later and gather more information. The malware planted on your computer may collect your keystrokes, passwords, credit card numbers, and other sensitive information which may then be sent off to another site.
If this scam includes a phone conversation, they will try to keep you on the line long enough to give them time to download your files. They may even place a follow-up call to assure you they are helping. Or they will offer a call-back number, lending a false assurance that they are legitimate. The aim is to keep you engaged long enough to do an end run around you and collect your information, then charge you for it, too!
Here are some specifics:
We all get spam. If we use Gmail or sophisticated spam detector software, hopefully most spam ends up in a junk folder. But eventually, something ends up in the inbox that makes us think twice. There are the obvious spam messages hawking V1AGRA, but then there are the possibly legitimate emails about a problem with your Amazon or Netflix or online banking account. Maybe it looks okay, the icons are familiar, so you consider clicking on a link to check it out.
Pause right here and look for clues. If reading email on a computer, hover your cursor over the link to display the true link – does it look legitimate? Or does it try to fake you out by grouping a familiar URL with other info, such as “amazon.com.someothername.ru”?
Or look at the actual email address by hovering over the sender’s name. If it purports to be from Amazon but is actually from Gmail or any domain besides amazon.com, it is definitely a scam.
If reading from a smart device (phone, tablet, etc.) you can usually press and hold your finger on the sender’s name to see the underlying email address.
Instead of clicking on any links within the email, the best way to check for a purported problem with your account is to sign onto your account directly by typing the address (e.g., amazon.com) into your browser, or by using a bookmark you’ve saved and know to be correct. When logged in to your account, look at your account settings, your order history, your profile. If all that looks good, the email alert was a scam. If there are oddities, such as a shipping address you don’t recognize or other changes you did not make, someone has gained access to your account. Change your password immediately and notify the company.
If you use “Google” or another search method to find a website and click on a link, there is further possibility for deceit. Scammers can push their fake sites to the top of search lists, so instead of the actual Amazon site, the first link may take you to amaz0n.com or some other misspelled link, or even a completely different link. If, while browsing the web, you get a popup alert saying your computer is infected, click here to get help, never click on such a popup. Some popups do not allow you to close or get away from them, so you might have to resort to force -quitting the browser (Command-Option-Esc on a Mac; CTRL-ALT-DEL on a PC). A last resort is to force your computer to shut down.
One common popup alert – the Flash Player update scam – is still around. This lures you to a bogus site to download a version of Flash Player that will infect your computer and give access to scammers. If you want to update Adobe Flash Player, go directly to Adobe and download it: get.adobe.com/flashplayer. (Editor’s note: Flash Player’s end of life is December 31st, 2020.)
If you think you may have downloaded the fake Flash Player, do not resort to Google to find the fix unless you know what to look for. Many sites will discuss the problem credibly but then invite you to download a “cleaner” program. In most cases, these cleaner programs cause more problems than they fix. Some are even malware that create problems that they then claim can only be fixed by paying the scammers.
It bears repeating: your best defense is to be aware and cautious.
If an email, phone call, or browser popup suddenly offers to fix a problem you didn’t know you had, stop and think about it before paying, answering questions, or downloading software.
Above all, do not let someone unknown to you have access to your computer.
Have a question? Reach out to us at: firstname.lastname@example.org.