One of the most dangerous scams making the rounds is an email that appears to come from someone you know—a neighbor, friend, or even a family member. The message might say something like “RSVP for the celebration (of life)” ,“Click here to view the invitation.”, “Check out this important document” or “Check out the pictures”.
If you click the link, it discreetly downloads a remote access trojan onto your computer. Once installed, scammers can take control of your system, access your online accounts, steal data, or even lock you out completely. They wait for you to step away from your computer, or the middle of the night when you’re asleep. They go through your web browser, password manager and files. If they can access your financial institutions they may attempt to transfer money out. If they can access your Amazon or other online shopping accounts, they may try to purchase gift cards using your saved payment information.
If they can’t access those accounts, that’s where their social engineering skills kick in. Since they already know who you do business with, and likely your email address, phone number and other information contained in the profiles of those accounts – they may call you impersonating the fraud department from that business in attempt to get you to divulge missing pieces of information that allows them to complete a transfer of money or gift card purchase – such as your computer PIN/password, or a OTP (One-Time Password) sent to your cell phone.
Since the re-named file is a legitimate remote support tool often used by businesses, antivirus programs do not detect it as malicious. But what scammers can do via remote access to your computer can be very dangerous and impact your finances and identity.
This same method of a disguised remote support tool has also been seen as a fake Social Security Statement, and will likely evolve into other methods of deceptive delive How to protect yourself:
- Never click unexpected links, even if they appear to come from someone you trust.
- If the email feels suspicious, call the person directly to confirm they really sent it.
- Make sure you have a PIN/password that’s required ever time you access your computer.
- Make sure your web browser requests your PIN/password to show passwords and sign into websites.
- Sign out of financial and shopping web sites after using them.
- Consider turning off your computer when not in use.
- Stay informed and learn how to spot scam and phishing email and text messages.
If you’ve clicked a link in a similar email, immediately turn off your computer then contact Computer Techs or other trustworthy IT company that knows how to detect remote access programs. Remember, most security software will not detect this stealthy new threat.