Scams, Fraud, Phishing and How to Be Safe
Today’s blog post is written by Samantha Colbert, Senior Client Support Specialist.
One day while I was working from my home office in Texas, my personal cell phone rang. It wasn’t a number that I recognized, but the caller ID said: “United States.” I answered it.
“Hello, is Samantha Colbert there.”
“This is she.”
“Hello, Samantha my name is,” for the sake of the story let’s call them Marvin, “Marvin, and I’m contacting you today from the Microsoft Company because we have a report here that your windows computer has been hacked.”
I instantly knew something was off. Through mandatory internet security trainings here at PatronManager, stories I have read on the internet, and old jokes about Nigerian Princes, I had a feeling I was speaking to someone who wanted my personal information… a scammer. Marvin proceeded to try to prove that he was legitimate by telling me my email address. Besides that, clearly, he already had my phone number, but I just assumed this personal information was likely sold to his company from somewhere else.
After about 10 minutes of letting him lead me on, I decided that it had been long enough and said “It’s been really nice chatting with you. I’m glad I could keep you on the phone this long so that you couldn’t spend this time trying to scam someone else, but I really need to get back to work…” at which point he hung up on me.
You may be wondering, “What was Marvin after?” It’s hard to say exactly, as it could have been a wide variety of things and I didn’t get too far into his process. Maybe he wanted my IP address; and if I believed that he was truly trying to help with a security breach on my computer, he could’ve had me download software that would have granted him remote access. Or he could have sent things to me via email or directed me to different websites that would expose and capture personal information. I could have unknowingly installed a keylogger to keep track of the strokes made on my keyboard, for things like credit card numbers or passwords. I could have inadvertently installed ransomware that would delete my files if I didn’t pay them a fee. And the list goes on and on.
My point is, if you let a scammer in, they can do a great deal of damage, they could steal your identity, you could lose important personal files or other data, and even expose your friends’ (or coworkers’) contact information, putting them at risk as well. So, step one is obviously don’t let them in. But, of course, it’s hard to tell when someone has ill intent or is genuinely trying to help. Here are a few things that you can do if you think you’re dealing with a scammer:
Source: Check where they are coming from. For email addresses, make sure everything is spelled correctly, and the domain matches the company the person claims to be from (on most companies’ websites there are generally info@ or contact@ addresses that you can compare to). For a phone number, you can simply Google it and it should pop up with the company’s name if it’s legitimate.
Ask: If it’s a phone call, ask if you can call back. If you do, use an official number, not one they give you. If it’s an email address that you think is from someone you know, but it’s not their usual email address, send them a new message to their usual email address asking if this is them.
Facts: Keep the facts in mind. Do they really need this information, should they have it already, or not at all? For example, your cable company probably doesn’t need you to verify your social security number.
Examine: Don’t click on links or go to websites that people tell you to visit without examining the information first. You can always put your mouse over a link in an email to see where it really goes in the bottom left corner. Always be aware and conscientious of where you’re entering your login information and password because you may not be where you think you are.
In my case, the first thing that tipped me off was that Marvin called me, I didn’t call him. Sure it’d be very nice to have a personal computer security guard monitoring my computer security keeping the bad guys out, but it’s just not a reality, especially for free.
Additionally, these kinds of calls are very common this time of year… tax season. Many people report that “The IRS has called to tell them that they are facing tax fraud charges.” (The IRS will never call you.) This is an important reminder to not believe everything that comes across your path, especially when it’s from an unreliable source, and double especially when they are trying to hurt you (even if they are pretending to help). Keep informed, and be aware. There are bad people out there, (but good people too). If you can learn to spot the difference, and don’t give the bad guys what they want, then you win.
Want more information? Here are a few sites that can be helpful:
- Federal Trade Commission on Phishing: https://www.consumer.ftc.gov/articles/0003-phishing
- Federal Trade Commission on how you can avoid fraud: https://www.consumer.ftc.gov/articles/0060-10-things-you-can-do-avoid-fraud
- Usa.gov on reporting scams and frauds: https://www.usa.gov/stop-scams-frauds
- AARP on how to protect yourself from scammers: https://action.aarp.org/site/SPageNavigator/FWN_Tech_Scams.html