Scammers are after your business and no computer software can help!

In the current economic climate scammers are running rampant!

After being in the technology industry for over 20+ years I am seeing a lot more scams.  Yes in the past you heard of a few going on here or there.  Now I am seeing them on a daily basis.  It is no longer the odd email from the Nigerian price wanting to give you a large sum of cash in a grammar impaired email.  The current day scams are more direct and harder to spot.

The knee jerk reaction.

When most companies get hit or come face to face with a online scam they make a snap decision.  Words like best practices, multi form authentication, better anti virus software and advanced email security start getting tossed around.  Would you be shocked if I told you that NONE of these will stop it?

I am not saying you should not have good network and computer security.  This should always be top priority.  Right along with good backups but that is a subject for another day.  What I am saying that the weakest link in your company,  (don’t shoot the messenger) but it is your employees.  Unless you educate them on how to avoid scammers all your security is for nothing.

I will list some of the scams I seen in the last few months.  How they work and how to teach your employees to avoid them.  I would say that the names and places where changed to protect the innocent, but I think I can avoid them all together.

Your PayPal payment has been processed.

Situation.

You get a email from your PayPal, Amazon, Bank etc with a link to your account.  The email looks just like all the other emails you received.  Nothing looks strange even the “From” email address is good.  You click on the link and log into your account.  Hmmmm the username and password did not work.  I must of typed it wrong.  You try it once more and it works fine.  (Your account has been compromised)

How it works.

This is one of the easiest scams to pull off.  All the scammer needs to do is have any of these accounts and receive the email that they wish to spoof.  Email is just HTML just like a web page.  Looking at the source is not hard.  Take the HTML, add a few variables, and some code and you can send that email to millions of people with the account link pointed to the scammer’s website.  Most of the time it will go right thru any spam filter because it is 99% the same as a real email and malware scanners will not flag it because it just points to a login page and does not try to run anything on your computer.

The site that the link points to is a very small bit of code that pulls the real login site.  Finds the username and password field and when you hit enter it records the vales in a data base and sends you to the failed login of the real site.  The user is none the wiser.  Yes the url may be a little different but close to the real site that most users will not notice.

How to stop it.

DO NOT CLICK ON EMAIL LINKS!  That simple.  If you do get a email and need to check out your account.  Open a browser and go strait to the site, but do not use the link.  It may seem like a pain, and it is a lot faster just to click on the link in the email.  It only takes one scam email and someone in china is buying bit coins with your bank account.  So why risk it.

Google I need to log in to my bank account.

Situation.

You do not have your bank url handy so you open google.com type the name of your bank and click the first link.  (To late they got you now!)

How it works.

The fist few links in a google search are ads.  The scammer makes the web page does a little bit of SEO magic.  Logs in to a google account and places a ad for your bank and picks the demographic and keywords they want to target.  You would think that this would be easy for google to catch but since most of the process is automated it slides right thru.

How to stop it.

Scroll down past the ad links, double check the url and bookmark the REAL link so you will not be tempted to search for it.

Microsoft is trying to help me fix my computer!

Situation.

Your browsing a site that you have been on 100 times before.  All a sudden with out warning a huge pop up with “Microsoft had detected a virus on your computer please call XXX-XXX-XXXX.”  You can’t close it and the speakers are reading the message out loud.

How it works.

Most sites such as Facebook, Reddit, CNN etc allow people to place ads on their sites.  A scammer just buys a ad and in the ad there is a small bit of code that locks the browser and fires up a pop up.  When you call the number they will offer to fix your computer for a price and while they are at it they will try to steal as much info off your computer as possible.

How to stop it.

There is no true way to stop the pop up.  If you get hit with this open the task manager by ctl, alt and delete and clicking on task manager and close the browser.  You can also just reboot your computer by holding the power button down.  The pop up may say not to do that, but hay it is a scammer!

What EVER you do, DO NOT CALL THE NUMBER.  Call your IT department if you have to.

Microsoft does not care about your computer, and they will not fix it for any price.  Also other types of this scam are the police, FBI etc found something on your computer and you must pay now to avoid being arrested.

If you would like more let me know….

There are a lot more scams that are going on, if you want more let me know.  This is getting a little long.  The biggest thing is let your employees know!  They can not protect them self and/or your company if they do not know how the scammers work!  Also I would love to hear about your experiences too.

Leave a Reply

Your email address will not be published. Required fields are marked *