Netflix “Tech Support” scam

Posted by Common Sense Security on 28. September 2014 with No Comments as ,

Today I had an unexpected call from Unknown Caller. I get a lot of calls from this person and usually just ignore them. However, this time I decided to respond and was greeted by a nice guy, who  introduced himself as Andy and proceeded to tell me that there was a problem with my Windows computer. The script has not changed much in 2 years since I spoke to Sam from the same caring organization.

It used to be a scam run mostly from India, however these days they seem to diversify and expand the operation. Obviously, they find enough victims to make the swindle profitable.

They also vary the pitch in order to trick those who heard about the original scheme.

For example, a blog from a well-known security vendor Malwarebytes describes a variation that pretends your Netflix account have been suspended because of nefarious activity and conveniently provides a link for regaining access. Of course, the link steers you to a malicious website and providing your credentials there leads to identity theft. Once the Malwarebytes employee Jerome Segura provided random bogus information on website, he was told to contact Netfix member services at a [fraudulent] toll-free number. You can watch and listen to the  interaction of Mr. Segura with the fraudsters who pretend to be Netflix tech support and who ask Jerome for a lot of personal information. They also tell him that his computer is badly infected and try to sell him unnecessary and expensive “computer cleaning” services.

Another variation of the con actually plays on your awareness of tech support scam and offers you a refund. Of course, once fraudsters get your financial information they use it to take money from you, rather than give it to you. Federal Trade Commission posted a warning and details of this “Refund” ploy on their web site.

As is often the case, this scam can be easily averted by using Calling Back authentication technique. For Netfix variation you can either go directly to Netflix web site netflix.com and log into your account or you can call legitimate Netflix tech support phone number 1-866-679-7172 which can be found on their official  website. For other organizations you can use their known contact information instead of links and phone numbers so nicely provided by helpful strangers.

While security professionals and techies who thoroughly understand the technology are having a lot of fun at the expense of these scammers, I suggest that if you are neither, you should immediately hang up or should  start your authentication routine, because you don’t want to let strangers into your computer.

 

 

Relief or Foreclosure?

Posted by Common Sense Security on 22. September 2014 with No Comments as ,

Two years ago I wrote about mortgage fraud and ways to deal with it, but more people have been hurt since then and I would like to remind you to be vigilant.

When you are falling behind on your payments and somebody promises to dramatically reduce the amounts you have to pay monthly in exchange for a few fees and expenditures, you may feel you have to trust them, because this is your only chance to keep the roof over your head. Unfortunately, there are plenty of predators eager to benefit from your despair.

In one of the recent cases people lost almost 6 million dollars to the business with official and trust-inducing name of KATN. Its owners, however, used the money entrusted to them by anxious victims for their own pleasure and did not help a single homeowner. Swindlers promised  fast relief, told people to stop making their current mortgage payments and to only deal with KATN. As a result many hapless homeowners lost their homes to foreclosures.

Before giving your money to people or businesses you don’t know, always do as thorough check as possible about their reputation and existing complaints, as well as their history.

There are legitimate programs that you may be eligible for; check them out. Don’t let unscrupulous people exploit your desperation.

Talking Turkey

Posted by Common Sense Security on 17. August 2014 with No Comments as ,

Have your friends or relatives ever asked you for help? Are you a kind of person everybody relies upon? Bravo! Helping people is great as long as they really need help and are not fraudsters trying to scam you.

Recently I received the following email from my friend, “Joe”.
“I really hope you get this fast. I could not inform anyone about our trip, because it was impromptu. we had to be in Turkey for Tour. The program was successful, but our journey has turned sour. we misplaced our wallet and cell phone on our way back to the hotel we lodge in after we went for sight seeing. The wallet contained all the valuables we had. Now, our passport is in custody of the hotel management pending when we make payment.

I am sorry if i am inconveniencing you, but i have only very few people to run to now. i will be indeed very grateful if i can get a short term loan from you ($2,600). this will enable me sort our hotel bills and get my sorry self back home. I will really appreciate whatever you can afford in assisting me with. I promise to refund it in full as soon as I return. let me know if you can be of any assistance. Please, let me know soonest.

Thanks,
Joe”

I heard about a scam when people get a phone call, email or a Facebook plea for help. However, I also have a friend who, in a foreign country, managed to go a restroom, leaving all his possessions on a table in a restaurant. When he returned, his money, his phone, and all his documents were nowhere to be found.

I wanted to be thorough. First thing, just out of curiosity, I hit return and the address to which my reply was supposed to go was different from a “from” address on email. Red flag!

I called “Joe” (I changed the name to protect his privacy). He told me a sad story. Someone broke into his email and sent the message above to all his contacts. They tried to call him, but he was busy and his phone was off. When he switched his phone back on, “Joe” discovered that a lot of his friends had been trying to contact him and find out if he was in trouble. He called them back and let them know that it was a scam. Unfortunately, by then someone already wired the money to the crooks.

My other friend, “Paul”, solved a similar problem beautifully. When he got email from his colleague asking for help, “Paul” responded, “When and where did we meet last time?” Scam dodged!

Next time your friend asks you to come to their rescue, by all means help them, but first make sure it is indeed your friend whom you are bailing out.

Authentication each day keeps the fraudsters away!

Right on Target

Posted by Common Sense Security on 10. March 2014 with No Comments

Have you received an email recently notifying you of a Target data breach and offering you 1 year of credit monitoring? It claimed to be sent by Target and provided both a link to sign up online and a phone number to call. It was even signed, “Gregg Steinhafel Chairman, President and CEO”.
With the crooks sending phishing messages by the barrel, this one looked as fraudulent as they come.
If you disregarded this message, I am not surprised.
If you called the number or followed the link, it was imprudent and could have left you a victim of identity theft.
However, if you went directly to Target.com, you would have discovered that they do indeed offer support to breach victims and provide a phone number to call and a link to follow. The offer expires in slightly more than a month, so, if you shop at Target, you may want to take them up on their offer soon.
With the recent flood of breaches, it is very likely that your favorite shop will be attacked. If you read about it, or hear or get a notification, take a deep breath and then go straight to the source for information. If you keep your cool, you can take care of your problems and not be trapped by fraudsters.

Danger of using cards to pay for taxis

Posted by Common Sense Security on 5. March 2014 with No Comments as ,

Over the years more and more places were subverted by scammers stealing debit and credit card information. We received warnings from our banks, favorite shopping venues, eateries and gas stations.
However, you probably thought that paying with your card for a taxi ride was safe. Not anymore. Chicago bank warns both guests and locals to pay cash, because of a breach that affects lots of taxis in that beautiful city.
If you have paid for a cab ride with your card recently, I hope it was a credit card that you can quickly replace with a different account. If you used your debit card, talk to your bank and make sure you switch to a credit card or cash for all your purchases. If you are not sure why, read my report on protecting your money.

Fake Utility Bills

Posted by Common Sense Security on 9. February 2014 with No Comments as ,

Last time we discussed a phone version of utility payment scam; the email version has not been far behind. It may try to extract money from you or it may try to infect your computer. This scam affects utility customers nationwide.

Pepco, MidAmerican Energy and Florida Power and Light warn their customers about this scam.

This another scam you can avoid by using calling back authentication technique.
If it’s just a money demand, contact your utility the way you usually do. Call the customer service number you use to contact your utility or go directly to your utility web site. This way you avoid fraudsters and their accomplices.

If the email tells you to open an attachment or click on a link, do NOT do it. It may feel more convenient, but it can have unpleasant consequences. Even if it looks like your usual email that you get from your utility every month, it may still be an email that crooks copied and replaced links or attached malicious files to it.

Better to be safe than sorry.

Utility Payment Scam

Posted by Common Sense Security on 9. October 2013 with No Comments as ,

This is another scam that seeks to use your fear in order to extract money from you. It has been going around recently. You can read an FTC warning here.

Your phone rings. You hear that your account is in such a bad shape that your gas, water or electricity will be switched off now unless you pay immediately. If you panic and are ready to do anything to avoid losing your precious electricity or water, the caller will tell you an easy way out. You can pay by a GreenDot card, or pay by PayPal or use another cash equivalent. If you pay, you may never be able to recover your money.

If you get a call like that, you can resolve this situation in 3 easy steps:

1. Do not panic.
2. Get a phone number from the caller where they want you to provide payment information. Do not call it and do not pay anything yet.
3. Call your utility and find out what’s going on. Use the phone number from your bill. If you discover that the call you received was fraudulent, give your utility the phone number provided by your caller. The utility can contact the phone service provider and get that phone number disconnected.

If you receive a letter, a postcard or email with similar demands, go through the same 3 steps and provide your utility information they may use to go after the crooks. Only use the official phone number for your utility; never use any contact information from the demands.

You can also complain about scams to the Federal Trade Commission online or by calling 1-877-FTC-HELP.

Wireless phone scams

Posted by Common Sense Security on 24. September 2012 with No Comments as ,

This “Hooray, I get free money” scam targets Verizon Wireless customers, but it is easy for fraudsters to adapt it for any other phone company. The crooks call their chosen potential victims and tell them that Verizon is currently doing maintenance, but it will pay their customers $50 for every hour they are deprived of their phone service. The callers even provide a claim number that will allow people to get paid. All they want is 4 last digits of your social security number and your Verizon Wireless password. If you get excited and tell them what they want to know, they now have access to your account.

If you don’t believe in free lunch, crooks may try “Oh, no!” approach. They can tell you that your account is hundreds of dollars in the negative territory and is now locked. Then they ask you for your credit card number and other personal information in order to unlock your account. Whether your cell phone is your main way of communication or it is your emergency lifesaver, high debt can make you nervous even if you are sure you don’t owe anything. As soon as you lose your cool and start sharing personal information, crooks have you scammed and your information is at their disposal.

Providing crooks your personal information allows them to misuse that information in many ways. They can make changes to your account, they can buy phones and send text messages in your name, they can subscribe you to premium services, they may find out more personal information once they log into your account; including other phone numbers there, such as phone numbers of your children, spouses, and parents.

Be careful when you receive a call from your provider. Make sure it’s legitimate or call them yourself.

Better to be safe that sorry.

Refund Pending – really?

Posted by Common Sense Security on 22. September 2012 with No Comments as ,

Scams used to happen face to face,  on the phone or come by mail. Now they often arrive online, mostly through email, instant messaging, or a social network. The message can be general in nature or it can be very narrowly tailored. The most common name of such scams is phishing. One of the latest incarnations preys on PayPal users. It promises them a refund because of a mistake made by PayPal if they will only log into their account. A link is conveniently provided. However, when people imprudently click on that link they are taken to the fraudsters’ site, which imitates PayPal’s. Once fraudsters obtain all the personal information they need, they get access to your PayPal account and many other accounts of yours that use the same authentication information.

Be careful! Never follow the links in your email – only go to web addresses you know. If you get communication from your bank, an agency, or a merchant – go to a web address you normally use to bank, communicate with  that agency or shop. Call them if this is your usual way of dealing with whatever organization you think contacted you. It’s all too easy to copy a legitimate message and replace a legitimate link in it with a scam link to a malicious web site.

Whether a message gets you worried, excited, or concerned, do not click in a hurry. It’s better to take a sure route than to deal later with the consequences of being conned.

If it sounds fishy

Posted by Common Sense Security on 19. September 2012 with No Comments as

Last night I got a call from my friend Jane. She said, “I need your advice. I called my credit card’s customer service number and they immediately offered me a voucher to $100 which I can spend any way I want. The only thing they want me to pay is $4 for shipping and handling. They ask for my credit card number and I am not sure if I should give it to them. It’s unusual behavior for my card’s customer service. What should I do?”

I answered, “Is it possible that you misdialed that customer service number? On the internet crooks will often register a web address that is a common typo of a legitimate business web address. Then they can steal information and maybe money too by pretending to be that legitimate business. They can do the same thing with a phone number.”

Later, Jane called me and said that yes, the numbers on the card were so small, she misread that toll-free number. I was very proud of her: most people in her situation would be thrilled to get free $100, would not get suspicious, and would provide lots of their private information to the fraudsters.

When we call someone ourselves, we feel confident that we are talking to the right party. When we misdial a number or mistype a web address, it does not occur to us to check for possible mistakes. I learned a lesson today: double-check a phone number you dial if you are calling your bank, your credit card provider or any other place where you have to provide substantial private information. And if it sounds fishy, triple check before doing something you may regret later.

Be safe!