In the last few months we’ve had several clients that have been scammed online from various threats. Malicious people are always online, looking for new ways to obtain your personal information and it’s not just from virus and spyware any more.
Here’s how people are getting scammed online now.
Legitimate sites get hacked quite often and when it does they are sometimes turned into “Phishing sites”. A Phishing site or the concept of Phishing is when a malicious person or program deceives you in creative ways and you voluntarily give them your personal information. Usually people phishing online are trying to get any personal information they can, including:
- First and Last name
- Your email address and password
- Social Security number
- Credit Card Information
Phishing sites are so advanced and creative that you can easily be fooled because they appear to be an established business, or they mask themselves so perfectly that you actually think it’s real. Phishing is not something new, but with the Internet it’s makes easier to phish en masse.
Here are three basic things you can remember to avoid Phishing schemes.
- If you go to a website and it appears different, or they are asking for more personal information than before, be cautious on what you enter. Most companies will never ask you for your full social security number.
- If a website asks you to “further verify” your self – thread lightly. It’s always safe to just call them directly when you can and see if the policy has been changed.
- Enter or verify your personal information on a need to know basis. There’s no reason why a bank website needs to know your Hotmail or Gmail account password. Or why your favorite news site needs to know your Bank information. Typically when people say that their email account got hacked, it’s not really the case. They most likely ended up on a phishing site and it asked them to log in with their email account. Thus their their email and password fell into the wrong hands.
- Don’t be fooled by emails with catchy subject lines. They typically will lead to malware sites which will infect your computer. Some examples of catchy subjects include: o IRS Return Delayed o UPS Package is Late o Chase Payment Denied o Etc.
Still not convinced? Here are a few examples of how good these phishing sites are getting.
We had someone that tried to call hotmail.com for technical support. They went online and Googled “ Hotmail Support” and came across a website that appeared to be legitimate. They called the number listed on the website and a friendly operator answered. The operator then asked the caller for her Hotmail username and password to further check the issue. Once she gave him this, the caller said that it appeared that her computer was hacked and the operator would need to remotely access the callers system to look into the issue further. She then allowed the operator to remote into her PC. At this point the operator said she found the issue, but would need a credit card to further continue because she needed to install an updated antivirus. Luckily at this point she didn’t continue with the remote assistance and hung up the call. You should beware that Hotmail/Microsoft does not provide phone support and the company she thought was helping her out, was actually a Phising site that preys on callers to gain access to your email account, lock you out, and then remote into your PC and finally try to get your credit information.
This one happened to a close friend of mine. He went online to try to access his Chase account, but had forgotten his password. He then clicked on the “Forgot Password” link and was redirected to what appeared to be a Chase website. It then asked him for his Social Security number and his security pin. He entered as much information as he could to verify himself and kept clicking submit. The website kept telling that the information was incorrect. He finally called Chase and he explained his frustration with the website. The Chase operator told him that they will never ask you for your personal Information like your Social Security number, and that his PC was probably infected.
He finally got his password reset with the operator’s assistance and was able to login. He didn’t take into consideration that he might have a virus on his pc. However. Shortly after logging in, he was greeted with a prompt asking him to further verify his Chase account and that he needed to enter his ATM Card and Pin. Luckily he didn’t go this far, but instead called Chase immediately and the new operator informed him that his PC was probably infected and that Chase website would not ask you for your ATM account information. In this situation he had a virus that specially turned sites he access into a phishing site.
The typical one that most everyone might be familiar with is when your PC has been infected with spyware, and you receive a pop-up stating that your PC is infected and that you should click “remove now” to fix your Pc. You click “remove now”, but then it tells you that you’re running a trial and you need to purchase the full version to clean your pc. The software then conveniently makes it easy for you to enter your credit information. However, the application is actually fake and it’s only purpose is to frighten you into purchasing the software so that they can have your credit and billing information.
I hope everyone finds this useful.