NEVER respond or react hastily to unexpected messages: If you get a pop-up message, email, phone call, text message, or any other urgent message about a virus/security problem, account problem, or ask you to call about an unexpected charge – DO NOT click on any links or call a phone number provided in the message. Always initially assume it’s a scam until proven otherwise.
Refer to links in the article below about how to close out of fake warning messages that appear to lock your computer or device.
Scammers often PRETEND to be from a business, organization, or financial institution or even a person that you know.
Scammers advertise on search engines (Google, Yahoo, Bing) so that people looking for help with a product or service will call them instead of a real support number listed on an official company website.
Legitimate companies will never ask for remote access/control of your computer or smartphone, unless you initiate the call to a number listed on the official company website. If the person with a legitimate company accessing your computer asks you to log into your account to “fix” or “help” with a problem, asks for money, money transfer, cryptocurrency or gift cards, immediately turn off your computer and end the call. Then call your trusted computer tech, relative or close friend to help validate the communication you just had.
Scammers are becoming increasingly clever. Every month we hear from clients who have been scammed by letting someone take control of their computer and coerce them into paying for support for non-existent computer or account-related problems. With a little bit of knowledge of how these scams work, you won’t become a victim yourself.
Scams typically start with a website pop-up, email, phone call or text message from a well-known company such as Amazon, Windows/Microsoft, Apple, or Netflix. You are notified about a large purchase that has been or will be charged to your account – or there’s a problem with your account or device/computer. You’re told to call, click a link or talk to a fraud/account representative to confirm the purchase or account information. No matter how legitimate it sounds – It’s a scam! Read on about some of the most common scams we’ve encountered recently:
“Someone just charged an item to your Amazon account. I’m calling to confirm the purchase or refund your money.”
“This is the FBI and we’ve detected pornographic images on your computer. You must pay a fine right away!”
“This is your friend Bob. Can you please buy a gift card for me so I can give to my niece – I’ll pay you back.”
“Grandma, this is your grandson – I’m in trouble and you need to bail me out. Please don’t tell mom!”
“Your credit card number has expired. I’m calling to get your new number or your service will be cancelled right away!”
“I’ve hacked into your email account – I can prove it because your password is xxxxxx. I’ve got embarrassing pictures of you that I captured with your webcam. If you don’t pay up, I’ll release the the pictures to all of your contacts.”
“Your computer protection has expired. If you don’t call right away we’re charging $399 to your account to renew the protection.”
“Your Cloud subscription has expired or run out of space. Reply or click to renew or update you payment information.”
“Failure to pay your bridge toll in this message will result in fines or jail time”.
“The 50% discount on your Internet Service is about to expire. Call right away to renew.”
WHAT YOU SHOULD DO:Ignore the pop-up, email, call or SMS. If you answer an unexpected phone call, don’t answer or engage with the scammer – hang up. Most likely there is no problem at all. Unfortunately you can’t trust unknown or unsolicited callers to be who they say they are, nor can you trust the name or number on Caller ID – scammers frequently used forged numbers. NEVERallow someone you don’t know coerce you into letting them view your computer screen or allow remote access. You wouldn’t allow someone knocking on your door to come in – the same should be true for an unsolicited phone call or message.
If in doubt, log into your account normally (not via a link in an email or telephone number provided in a recording) to check for any unrecognized activity. Or you can call the company using the phone number listed on their official website, or printed on a card you have from the company.
If you’ve already gone too far and realize that you’ve engaged in a conversation with a scammer – below are some examples of how you can quickly get out of the situation.
“My attorney/caregiver handles all of my affairs. Contact him/her.”
“Send me an official correspondence in the mail – you should already have my mailing address.”
or simply, JUST HANG UP and don’t answer the phone if they call back. It’s OK to be rude to a scammer.
Often times scammers tell you that you must act fast – so that you don’t have time to think about it, contact a trusted tech-savvy friend, family member or computer technician. Stick to your better judgement, remain in control of the conversation – or just hang up.
Can you spot an email or text message trying to “phish” your personal information or is otherwise a scam? When viewing a suspicious email, here are some key things to look at to help identify phishing/scam emails. Treat all email as guilty/scam until proven innocent/not-a-scam:
Subject – Look for bad grammar, misspelling, trying to get to act immediately, emojis and excessive punctuations (!!!) to entice you to read the email.
“From” – Does the email addresses match the sender? For example, we’ve seen lots of emails from “McAfee”, but the email address shown is from a random @gmail.com address. However the email address that it’s coming from should not be your only determination whether or not an email is real since an email address is easily spoofed.
“To” and greeting – Is the email addressed to your email address and name, or “undisclosed recipients” and “Dear user”. – A company that you already do business with will send an email addressed to your email address and name.
Grammar – Treat every email that’s trying to get you to react as suspicious. Slowly read the email as if you’re a teacher grading a student’s English paper.
Punctuation – Look for words that should/should not be capitalized, periods and commas in the wrong place, spaces that should/should not exist, and excessive punctuation.
Fonts – Phishing/scam emails often overuse bold and colored fonts, and different typefaces.
Look for clues the the email writer’s native language/country is not English/U.S. – Are dates formatted as the U.S. Month/Day/Year – or it is Day/Month/Year? Do phone numbers begin with “+1”? Country code prefixes are often used outside of North America.
A sense of urgency for immediate action – “Must respond within 24 hours or else…”
A scare tactic – Look for threats such as “… result in loss of important information” or “we’ll be forced to terminate/charge your account.”
Personal/private information – A company that you do business with already knows your email address, name, password, etc. Unless you are logging into your account on their official website, they would not ask you to enter it into an email or web form and send it back to them.
Please review the screenshots below of emails received and forwarded to us by our clients. Can you spot all of the clues that each one is a phishing/scam email? Answers are given below each screenshot.
The digital age, while offering unprecedented convenience, has also brought with it a surge in data breaches. From corporations to government agencies, countless organizations have fallen victim to cyberattacks, exposing sensitive personal information to the dark web. This compromised data is a goldmine for scammers, who are increasingly employing it to perpetrate sophisticated imposter scams.
How Does It Work?
Cybercriminals acquire stolen personal information through data breaches, which can include names, addresses, Social Security numbers, birth dates, financial details, and even email addresses and phone numbers. Armed with this information, scammers can create highly convincing personas, impersonating trusted individuals or organizations.
Common imposter scams include:
Family and Friend Impersonation: Scammers pose as relatives or friends in distress, often claiming to be in a foreign country or facing an emergency requiring immediate financial assistance.
Government Agency Impersonation: Pretending to be from the IRS, FTC, FBI, Social Security Administration, or other government agencies, scammers threaten victims with legal action or promise benefits to coerce them into sharing sensitive information or sending money.
Financial Institution Impersonation: Scammers mimic banks, credit card companies, or investment firms to trick victims into revealing account details or transferring funds.
Protecting Yourself
While it’s impossible to completely prevent data breaches, there are steps you can take to minimize your risk of falling victim to imposter scams:
Be Wary of Unsolicited Contact: Avoid clicking on links or downloading attachments from unknown senders, even if the email appears legitimate.
Verify Information: If you receive a suspicious call or email claiming to be from a trusted source, independently verify the contact information before responding.
Monitor Your Accounts: Regularly review your financial statements and credit reports for unauthorized activity.
Consider a Credit Freeze: Placing a credit freeze on your credit report can prevent new accounts from being opened in your name.
Use Strong Passwords: Create complex, unique passwords for each online account and enable two-factor authentication whenever possible.
Secure Your Online Accounts From Take-Over: Make sure your email accounts, accounts linked to your computer or smartphone, and financial accounts have multiple, current contact and recovery information. Use 2-factor authentication when possible.
The threat of imposter scams is a serious concern, but by understanding how these scams operate and taking proactive measures, you can significantly reduce your risk of becoming a victim. Stay informed, be vigilant, and protect your personal information.
If you need help with steps mentioned in this article, contact us for a security consultation of your online accounts and/or your computing devices.
Your Data, Their Gain: How Hacked Information Fuels Scams
Data breaches seem like a constant threat these days, impacting millions of people every year. Recently, AT&T announced a data breach that impacted 73 million customer records from 2019 and earlier. But beyond the initial inconvenience of replacing credit cards or changing passwords, there’s a hidden danger: stolen information becomes a potent weapon in the hands of scammers.
From Names to Riches: How Scammers Exploit Leaks
Even seemingly insignificant details like your name, email address, and phone number, when combined with data from other breaches, can be a goldmine for scammers. Here’s how they exploit this stolen information:
Phishing Attacks: Scammers use your personal details to craft emails or phone calls that appear legitimate. They might pose as your bank, credit card company, or even a government agency. Trusting these messages can lead you to reveal additional sensitive information like passwords or account details.
Targeted Scams: With knowledge of your purchase history or location, scammers can craft highly believable scenarios. Imagine getting a call about a suspicious charge on your credit card for a store you recently visited, or a voicemail/text claiming to be from your internet service provider about a large discount.
Social Engineering: Armed with details like your birthday or children’s names, scammers can gain your trust by weaving these details into their stories. This emotional manipulation makes you more susceptible to their tricks.
Protecting Yourself from the Fallout
While data breaches are a harsh reality, there are steps you can take to minimize the damage:
Be Wary of Unsolicited Contact: Never give out personal information over email or phone unless you initiated the contact. Legitimate companies won’t pressure you for immediate action.
Strong Passwords & Two-Factor Authentication: Use unique, complex passwords for all your accounts and enable two-factor authentication wherever possible. This adds an extra layer of security.
Regular Monitoring: Keep an eye on your bank statements and credit reports for suspicious activity. Consider credit monitoring services for added protection.
Be Skeptical: If something sounds too good to be true, it probably is. Don’t hesitate to verify information directly with the source, like calling your bank instead of trusting the phone number provided in a suspicious email.
Data breaches are a threat we all face, but by staying vigilant and taking proactive steps, we can make it harder for scammers to exploit our information. Remember, a little caution can save you a lot of heartache.
The scam may start with a simple text or email message that initially seems directed to someone else, but responding to such messages can lead down a “rabbit hole” where most victims lose thousands of dollars. With worldwide communication at our fingertips these days, it’s easy for scammers to target anyone – and it may start with a simple message saying “Hi”. “Pig butchering” is a complex and evolving social scam that preys on victims through manipulative online relationships. Here’s the details that you need to know so that you don’t become a victim:
The basic premise: Scammers build trust with victims over prolonged periods, often months or even years, through online platforms like dating apps, social media, investment forums, or even seemingly misdirected emails or text messages. They often pose as wealthy individuals interested in romance, friendship, or business opportunities.
The manipulation: Scammers employ various tactics to gain trust and exploit victims’ emotional vulnerabilities, such as:
Mirroring victims’ interests and personalities.
Offering emotional support and flattery.
Sharing elaborate or fabricated stories about their lives.
Gradually introducing investment opportunities or financial requests.
The exploitation: Once trust is established, scammers may persuade victims to invest in fake schemes, cryptocurrency scams, or other fraudulent ventures. They may pressure victims to transfer increasingly large sums of money, often isolating them from family and friends to prevent intervention.
The dangers: Pig butchering scams can have devastating consequences, leading to significant financial losses, emotional distress, and even identity theft. It’s crucial to be wary of online relationships that seem too good to be true, especially those involving promises of quick wealth or sudden romance.
Remember:
DO NOT RESPOND to email or text messages that seem like they were meant for someone else. A message from an email address or number that you don’t know may include simply “Hi” or “Did you hear from Sally?”.
Be cautious of online relationships that develop quickly or involve excessive flattery.
Do not invest in opportunities presented by someone you haven’t met in person.
Never share personal financial information with someone you haven’t verified.
Report any suspicious activity or online scams to the appropriate authorities.
By staying informed and exercising caution, you can protect yourself from falling prey to social scams like pig butchering.
How did “pig butchering” become the term for this social engineering scam?
When I started Computer Techs in 2003, the most common danger on the computer was the virus. The computer virus was often spread through email attachments. Fast forward 20 years, now the most common danger is social engineering scams. And what was once just random guesses of people’s email addresses, now scammers also use phone numbers to call or send messages to contact their potential victims.
These days scammers and hackers have a lot more information about you due to website data breaches and the treasure trove of information that has been exposed about you – such as your name, email/physical address, phone number – and sometimes passwords. They often use that information to send emails, text messages or phone calls to persuade you to that there’s a problem that needs immediate attention. Examples of what they want you to do include:
Click a link or open an email attachment. Links often lead to look-alike websites in which you are asked to provide personal information – such as username and password – or even financial information
Call a number provided in the email or message so that you can dispute a (false) charge or purchase that was made
Request remote access to your computer or smartphone to fix or help with an account problem
When you receive such messages or calls – do not act immediately, it’s likely a scam. Instead read the following information to help you determine the authenticity of what you just received.
Online banking is one of the most convenient services available and offers individuals, businesses, and organizations a way to quickly and easily manage their finances. Unfortunately, online banking is also vulnerable to all of the same security risks that stem from the virtual nature of the internet. It’s important to take steps to ensure that your hard earned money is secure from theft and fraud.
You wouldn’t want to suddenly realize that your bank account has been drained of your hard-earned cash!
Let’s take a look at a dozen ways to keep your money safe while banking online.
The holidays are a busy time for online shoppers. According to a recent study, over 60% of consumers said they would do some or all of their holiday shopping online this year. That’s a lot of people clicking away on their keyboards and smartphones, looking for the best deals on gifts.
With all of this online activity, it’s important to remember to stay safe. Here are 10 tips to help you do just that:
Adopt Strong Password Security Practices
One of the easiest ways to protect your online accounts is to use strong, unique passwords for each one. That way, even if a hacker does manage to get one of your passwords, they won’t be able to access your other accounts.
It can be tough to remember a bunch of different passwords, so you might want to consider using a password manager. This will allow you to create strong, random passwords for all of your accounts and only have to remember one master password.
Avoid Clicking On Links In Emails From People You Don’t Know
Phishing emails are a common way for hackers to try to get your personal information. They’ll send you an email that looks like it’s from a legitimate company, but the link in the email will actually take you to a fake website. Once you’re on the fake website, they may try to get you to enter your personal information or login credentials.
If you get an email from a company you do business with, don’t click on any links in the email. Instead, go to the company’s website directly and see if there is any information about the email. Or, give them a call from a number obtained on their website to confirm that the email is legitimate.
Use A Credit Card Instead Of A Debit Card
When you’re making online purchases, it’s best to use a credit card instead of a debit card. This is because credit cards have better built-in fraud protection. If someone hacked your credit card information and made unauthorized charges, you would not be responsible for those charges.
With a debit card, on the other hand, the money is taken directly out of your bank account. So, if someone did make unauthorized charges, you’d have a much harder time disputing the charges.
Don’t Click On Suspicious Links
If you receive a holiday promo in your email from a store you’ve never shopped at before, be wary. It could be a phishing attempt to get your personal information. The same goes for links posted on social media. If it looks too good to be true, it probably is.
If you’re not sure whether a link is safe, you can always hover over it to see where it’s going to take you. If the URL looks suspicious or doesn’t match the store’s website, don’t click on it.
Only Shop Reputable Brand Websites
When you’re looking for holiday deals, it can be tempting to go to less well-known websites that seemingly offer great prices. But, these websites might not be legitimate. They might sell counterfeit goods or they might not even ship the items you ordered.
To avoid getting scammed, only shop at websites for stores that you know and trust. And, if you’ve never heard of the website before, do some research to make sure it’s legit.
Keep Records Of Your Shopping Transactions
After you’ve made an online purchase, make sure to keep a record of the transaction. This can help you keep track of your spending and also act as proof of purchase if there are any problems with the order. If your credit card information is stolen, you can also use these records to dispute any fraudulent charges.
Maintain Good Security Habits
In addition to following the tips above, it’s also important to maintain good security habits in general. This includes keeping your computer and other devices up-to-date with the latest security patches. It also means being cautious about the websites you visit and the email attachments you open.
Cybersecurity isn’t just about companies preventing their networks from being breached. It’s something that everyone that uses technology needs to be mindful of. On a personal level, you can think of it as information and device security.
Stopping hackers from getting to your personal data and keeping dangerous viruses out of your computer requires a personal level of cybersecurity. Being safe online is one part of the equation. The consequences of being lax about things like passwords and using free Wi-Fi without safeguards can be high.
Over 24 million Americans have had online accounts taken over by hackers, this includes workplace retirement apps. It’s scary to think of accounts having to do with your money being emptied by a scammer, but it happens all too often. Last year, account takeovers rose nearly 72%.
Every October, two US government agencies promote Cybersecurity Awareness Month. The Cybersecurity and Infrastructure Security Agency (CISA) and the National Cybersecurity Alliance (NCA) provide helpful tips and resources for both consumers and businesses to raise cybersecurity awareness.
Why not take some time this October to brush up on your security hygiene? You can visit the Cybersecurity Awareness Month website to get some free resources, and below we’ll highlight four key best practices being promoted this year.
Tips to Be “Cyber Smart” and Protect Your Data
This year’s Cybersecurity Awareness Month theme is “See Yourself in Cyber” and it’s all about breaking the misconception that cybersecurity is just for companies and IT people.
The site notes that cybersecurity is really all about people adopting best practices when using computers, mobile phones, and accessing online accounts.
Here are four simple, but effective ways to improve your cyber hygiene and keep your devices and online accounts from being hacked.
Enable Multi-Factor Authentication
Multi-factor authentication (MFA) is also called two-factor authentication (2FA) and two-step verification. What it means is that there is more than one step to gain access to your account.
MFA is very, very effective at stopping scammers from breaching your online accounts, such as a bank account, Facebook account, Amazon account, and others. Microsoft, which sees about 300 million attempts by hackers to breach its cloud services each day, says that using multi-factor authentication can stop 99.9% of attempted fake sign-ins.
With MFA/2FA, you will receive an additional prompt before you can access your account. This typically will come in the form of a one-time passcode (OTP) that is sent to your mobile phone.
Once you log in with your username and password, you will normally see a button to send the MFA code. Some systems give you a choice to send via text, email, or automated voice call. This OTP is usually about 5 or 6 digits, and you need to enter it to get access.
How do you add MFA/2FA to an account?
Go to your account settings for an online account.
Look for an area for privacy or security.
If there is a search option in the settings, search on either “multi-factor, two-factor, or two-step.
When you find this, turn this feature on.
Go through the prompts to set up a phone number (or another method) to receive the one-time passcode.
Tip: Open a new browser tabs to quickly check your email for a one-time passcode, then go back to the website to enter the passcode you just received.
The #1 cause of data breaches around the world is not some big virus or another form of malware. It’s breached passwords. Hackers are having a field day breaking into personal and business accounts by guessing, stealing, and otherwise compromising weak passwords.
Ditch those easy passwords that you find simple to remember. If they’re easy to remember, then they are easy to hack. You should use strong password best practices to create passwords.
Strong passwords look like this:
Have at least 10-12 characters
Use at least one uppercase letter
Use at least one symbol
Use at least one number
The best way to manage strong and unique passwords for every login is to use a password manager. There are both free and paid versions you can find online. Just be sure to use a reputable password management tool. I use LastPass since I can use it on multiple operating systems and devices. You can also use the password manager built into your browser or operating system as long as your devices are password protected.
Recognize Phishing
Fake emails and text messages can trick you into giving away your login information to a website. They can also cause you to download malware. Phishing can look like a shipping notification from Amazon or an urgent notification to update your email account.
Learn how to recognize phishing so you can avoid falling into its trap. It’s also helpful to use an email system – such as Gmail – with good spam and phishing detection.
Phishing recognition tips:
Hover over links without clicking them to see the real URL
Any slight misspellings or grammar that is “off”
If the email is unexpected (such as a receipt for something you never bought)
An email address that uses the company name first, instead of after the @ symbol – for example: (name of bank)@strangedomain.com instead of contact@(name of bank).com
Update Your Software
Software often has vulnerabilities that allow hackers to exploit a device. For example, poorly written code might allow a scammer to use a loophole to take control of your computer or smartphone.
Your best defense against software and operating system vulnerabilities is to keep all software and apps on your devices updated regularly. Those updates will include the latest patches for newly found vulnerabilities that keep hackers from using them.
Get Help With Your Personal Cybersecurity
Computer Techs enjoys working with Reno area residents to improve their cyber hygiene. We can help with virus scan and removal, email filtering to reduce phishing, MFA setup, and much more.
Cybercriminals are continuously targeting naïve individuals. They do not discriminate when it comes to defrauding people. They’ll obtain money from anyone – young, old, poor, and rich. The American Journal of Public health notes that about 5% of adults get scammed yearly.
In the United States, older adults lose about $40 billion per year due to cyberattacks. Cybercriminals can easily exploit the information of an older adult, which can be obtained through smartphones or computer systems. Unfortunately, senior citizens are easy targets of cybercriminals because of their inexperience with using technology. Many older citizens have social media accounts, surf the internet, and use credit cards online. Unlike the younger generation, older adults are generally less aware of cybercriminals’ activities, and as such, they lack the necessary information to help them stay protected from these malicious activities.
Cybercriminals may reach out in a non-suspicious manner. They may send a link through a legitimate email and offer to assist them with resolving issues. Or they may send an email posing as a company offering cheap vacation trips, or even coupons or prizes.
These fake emails are called phishing. The criminal is trying to fish for victims, just like fishermen fish for bass, trout, etc. The fake emails act as their lures. Phishing is one of the main causes of all types of data breaches, credit card theft, and other cybersecurity issues.
Then, these hackers will proceed to request personal information from the unsuspecting victim. They will use the information generated to access their credit cards and defraud them if successful.
Scams targeting the elderly population are becoming rampant in the United States, and their effect on them is damaging. For online criminals, scamming the elderly can bring easy monetary rewards.
One way to protect yourself from these malicious activities is to use the SLAM method of phishing detection. SLAM is an acronym that represents:
Sender
Links
Attachment
Message
How To Identify Dangerous Emails Using The SLAM Method
SLAM is an acronym that guides you to identify if an email is fraudulent. With it, you can easily recognize when cybercriminals use emails to carry out a phishing attempt.
S- Sender
As a rule, pay attention to the sender’s email address. Cybercriminals often use the email address of a trusted entity to carry out phishing attacks. So, don’t be in haste to open the email. It is best to ascertain the validity of the sender’s email address. You can do this by hovering your mouse over the sender’s name. It gives you appropriate information on the sender.
Cybercriminals often make little adjustments to the email addresses they want to use in carrying out a phishing attack. Look out for spelling errors or additional letters in the email addresses. If something doesn’t look right, then it probably isn’t.
L- Link
Many phishing emails have links in them. These links prompt the recipients to click on them so that they can reveal sensitive or personal information. Sometimes, the link in the phishing mail looks helpful and could even offer assistance in resolving bank, health, or payment issues. The link then redirects the user to a login page that may look very similar to one they are used to seeing. This is called a spoofed login page. It’s made to trick the victim into inputting their username and password for a specific site.
A-Attachment
Malicious attachments are standard in phishing emails. To stay safe, it is not advisable to open any attachments in your emails that you aren’t absolutely sure are safe and from a legitimate source. When you download a malicious attachment, it enables hackers to gain access to your device and compromise it. Therefore, don’t open an attachment in your email unless you confirm it is authentic.
M- Message
This represents the content of the email. Although many scammers have become very sophisticated in sending messages, many phishing emails have recognizable flaws such as misspellings, punctuation and capitalization errors, wrong or mis-formatted dates, and generic/non-personalized greetings.
Take the phishing quiz to see if you can spot phishing emails
Test how well you can follow the SLAM method by taking the following quiz which will open in a new tab: Phishing Quiz
Before conversing with a stranger/potential scammer, contact us if you have questions about a suspicious email, text or phone call.
Print This Article Published 5/5/21. Updated April 2025
