Your computer is infected …

Posted by Common Sense Security on 14. September 2012 with No Comments
in Tech support scams
as , ,

Have you heard about nice people who call you to let you know that your computer is infected and they can help you to cure it? Maybe one of those people called you or someone you know?

Recently my phone rang. When I answered, a voice with a thick Indian accent said, “Ma’am, I am from Microsoft Technical Support. Your computer is infected. I can help you. Please, go to your computer and I will tell you what to do.”

I was elated. I heard about such people before, but now I had a chance to see for myself how they operated. I said, “Sir, I am very glad you called. I cannot speak right now; can I call you in 10 minutes? Could you tell me your name and your phone number?”

My caller obligingly told me that his name was Sam Pakar (he spelled it for me) and that his phone number was 510-374-4990. He claimed to call from California.

I called the number back and hung up after two  rings. A minute later Sam Pakar called me back. He told me to open my browser, providing step by step instructions. Then he told me how to go to www.support.me web address. Most people should stop before going to an unknown web address, because your computer can get infected by a bad website, or even a good website subverted by crooks. However, I have so much protection on my computer, I could afford trying unknown web site. When I got to the web page to which www.support.me redirected my browser, I recognized LogMeIn remote access software that could allow my caller to take over my computer. Of course Sam did not tell me that was his plan; he dictated a six digit number and told me to type it in a box on that page and click a submit button. At that point I decided that the game was getting too hot and disconnected.

However, I was not done. I went to Google and checked that phone  number. Not only there were numerous complaints about these crooks, but at least one story mentioned a caller trying to log into the bank account of a woman he duped into giving him control of her computer.

When you hear the words, ‘infection’, ‘malware’, ‘virus’, you may get so nervous that you wish someone could help you. When people offer to do just that for you and mention such well known companies as Microsoft, Dell or whatever manufacturer you bought your computer from, you may feel relieved. However, these companies will never  call you out of the blue. If you think something can be wrong with your computer, get help from someone reputable, be it a computer repair shop, your family computer guru or your own computer-literate child. Do not follow instructions from people who cold call you on the phone. They may be trying to steal your information or money.

Fake charities

Posted by Common Sense Security on 13. September 2012 with No Comments
in Authentication
as , ,

Do you get calls for charitable contributions?

After every big natural disaster fake charities mushroom, but even in pretty quiet times a lot of crooks are ready to take your hard-earned money and spend it on themselves instead of people you intended to help.

How do you avoid being scammed?

Send money to well-known organizations, such as Doctors Without Borders or Red Cross. Before contributing to a new charity find out as much as possible about it. Use official sources of information to prevent crooks from deceiving you by providing glowing recommendations for themselves. Even if it’s an honest organization, finding out that it spends 80% of the money it collects on administrative expenses can convince you to invest your charity money with more bang for the buck.

Being generous does not require being gullible or impractical.

Even if your unexpected caller claims to represent your favorite organization, make sure you don’t provide any personal information over the phone. You can pledge money, if you want, but then use the address you know to send your contribution.

This way you can assure your money goes where you intend it to go.

Debit vs Credit

Posted by Common Sense Security on 12. September 2012 with No Comments
in Credit and Debit Cards
as ,

There are people who would tell you,  “For your financial health cut up your credit card and only use your debit card.”

I used to say,  “For your security, cut up your debit card and only use your credit card.”

Now some banks require your debit card for authentication, so feel free to keep it and use your debit card to have your bank assured of your identity.

However, never use debit card to get money from the bank or to make purchases. Why?

Too many ATM machines, point of purchase terminals, even gasoline dispensing devices get subverted to steal your purchasing card information. This information is later used to clone your card, that is to create a card that your bank cannot distinguish from yours. Skimmers (devices that crooks install to read information from your card’s magnetic strip) are usually so inconspicuous  that most people won’t notice them even when they are specifically watching for those devices. However, there is a big difference in the amount of problems created when your credit card gets fraudulently charged and when your bank account is depleted through your debit card.

In one of the latest cases ATMs in Publix supermarkets on the Florida East coast were subverted.

Even such well known places as McDonald’s can be a source of payment card fraud when they accidentally hire crooked employees – no skimmer needed.

PIN for debit cards is usually stolen using a miniature camera or a PIN pad overlay. Many merchants store your PINs together with your debit card information; that information can be stolen even if point-of-sale terminals are not subverted. Also, many places take debit cards without a PIN, especially abroad.

To save yourself a lot of headache, use a credit card.

Mortgage fraud

Posted by Common Sense Security on 11. June 2012 with No Comments
in Mortgage Fraud
as ,

Today I would like to tell you about some of the latest mortgage scams, for which the US Treasury Department recently published a fraud alert.

If you are having trouble with your mortgage, a call from a sympathetic organization that promises help for a “nominal” fee may sound like a godsend. Fraudsters can even mention existing programs, such as the Home Affordable Modification Program (HAMP).

However, if somebody asks for money upfront, this is most probably a scam. There exist free sources of help, such as Homeowner’s HOPE™ Hotline. If you need help with your mortgage, call them at 1-888-995-HOPE (1-888-995-4673) or contact them online at http://www.MakingHomeAffordable.gov and you will get legitimate and free help. They will tell you if you are eligible under HAMP and if yes, what you need to do to get relief.

If you have already been scammed by a fraudster who promised to help you with HAMP, call 1-877-744-2009 or visit http://www.SIGTARP.gov/pages/hotline.aspx and let them know what has happened to you. You can submit your information anonymously, if you don’t feel comfortable identifying yourself to the Special Inspector General for the Troubled Asset Relief Program.

For more information and more sources of help, you can check out the original fraud alert here:

http://www.treasury.gov/press-center/press-releases/Pages/tg1592.aspx