It’s hard to be witty about something you despise with every ounce of your soul, so I’m not going to even try. Do whatever it takes to make sure your less savvy family members know how to identify and ignore the absolute deluge of scam emails and phone calls people have been getting this year. You can help by pointing out the patterns they use, which will hopefully lead them to recognize the patterns and the methods these criminals will use to scam them. At minimum, it will help instill a healthy skepticism which is an essential foundation for being secure in today’s internet-soaked society.
What to watch for
A very common scenario involves the target receiving an email letting them know either that the moderately expensive product they ordered or subscribed to is in danger of not being delivered because of a payment issue. They are hoping that their target is actually a user of this product and will call to make sure the purchase isn’t in jeopardy, or call to cancel, thinking either they forgot to cancel it previously, or somehow mistakenly ordered it (also not difficult to do for real, unfortunately – another despicable marketing tact used by every major technology platform).
It is distinctly possible that you might actually receive a legitimate email from any of the scapegoat products scammers are using, but where they will differ will be in how they attempt to solve “the problem”. The scammers top priority is to get their target on the phone and their primary objectives are fairly obvious – they want access to your PC, or they attempt to get various payment methods identified to make sure your “purchase” is completed. Most obvious is when they insist on getting access to a payment platform that is tied directly to a bank account, whether it be Venmo, Gazelle or your bank’s actual mobile app. As a rule of thumb, unless the person on the other end of the line is someone you know and trust, you should never grant someone access to your PC, or even consent to installing software on your computer or phone. Full stop, no exceptions. If there is ever any doubt or suspicion, stop what you are doing and get a second opinion from a trusted expert.
If you or they have received an email from a recognized brand but are unsure of whether it is a legitimate notification and don’t have ready access to an IT or security professional, pick up the phone and call a known, good phone number for the company, or at minimum, go to the brand’s website typing in the website address directly into the URL field. DO NOT USE SEARCH UNLESS YOU KNOW HOW TO SPOT THE DIFFERENCE BETWEEN ADVERTISEMENTS AND SEARCH RESULTS. Teach yourself and everyone around you how to go directly to a website by typing in the actual website address. Searching for “(famous brand) Support” can lead to various fake websites built expressly to trick people into calling them instead of the actual company. Hackers pay to push these fake sites to what appears to be the top search result, but they are in fact relying on the various search engine advertising page placements to trick people into thinking they picking the top search result.
Criminals are counting on everyone being overwhelmed and rushed. They are hoping you will call the number or click the link they have conveniently provided to you. They will catch you in a moment of weakness and that mistake may end up being very costly. Go slow. Verify carefully. Be sceptical. Ask for advice from someone you trust and know personally.
Image by kewl from Pixabay