When looking through my list of brainstormed topics, this one keeps jumping out at me – there’s just so much going on here. Read on for more tips and some things we’ve experienced regarding computer security.
Social Engineering
I have had several calls in the last few months with people falling prey to scams online. Popups notifying you that a virus has been detected on your computer and requesting that you call a number for help – doing so can quickly result in someone guiding you through steps to allow them access to your system. In both instances, minimal damage occurred to the systems; the hacker merely showed the user normal system files buried deep in Windows stating that they were malware or viruses and demanding money for help cleaning them up. These are generally the most low-tech and common hackers that use what I call ‘social engineering’ to either threaten or show interest / compassion in “helping” the user (for an outrageous fee).
Tips to remember to avoid this scam – never agree to download or install anything on your computer from someone that you haven’t met in person or know for a fact to be a representative of a reputable company. Even then, ask lots of questions; if the answers sound suspicious or ‘dire’ – meaning, concern that if you operate for one more minute with your infected machine you are at extreme risk of losing everything, hang up. Call us! With no obligation, I can tell you in a minute or less if it is a scam (99% of the time, it is!).
The key thing to remember here is that you are not ‘dumb’ for falling prey to this kind of attack. These individuals have lots of experience in plying out our insecurities!
Reputable Companies
The latest example is one that is fairly chilling to me – a customer who purchased ‘legitimate’ computer monitoring services (I don’t advocate this) was recently contacted by an individual claiming to be from the company, and stating that there was an error and a refund was due to them. The red flag here though, was that the individual needed remote access to the customer’s computer to process the transaction. The quick-thinking customer realized the scam in time and disconnected their internet and then promptly contacted their bank on the phone to change all passwords and login credentials, and notify them that a breach was attempted.
When going over the computer for them, the hacker had downloaded a copy of the bank’s webpage that showed the clients’ account information. I believe that the next step was for the hacker to state that the refund had been overpaid, and request the customer send money back. Then, swap the browser with the downloaded copy showing the funds from a few minutes ago, and pleading that the overage hadn’t been returned and to send it again.
Again, as complicated as this sounds, these are very low-tech manipulations that at some point require action on our end to execute the hack. When in doubt – hang up!
Below, I wanted to list several phrases or actions that should be considered red flags to users, so that if these come up in your interactions with these individuals, you will know to be wary:
- Requesting remote access to your computer
- Requesting that you call a number for help
- Offering a refund, but requiring your input
- Dire warnings that your computer is infected
- Requesting images of checks
- Requesting ANY login credentials
- Requesting your email address to send you a file or document
- Requesting that you input any addresses into your web browser or ‘proxy settings’
While many reputable companies can need some of this information, double-check before doing ANY of the above actions.