Several times a day, we seem to get bombarded with bogus emails wanting us to click on links for “great deals” or to see an “invoice” being sent to us by some unknown company that we have never done business with. And then there are the phone calls that magically originate from our same area code that want us to buy something, donate money, or even try to tell us that our PC is infected and needs to be “cleaned.” One that I have personally experienced a lot lately is that a voice message recording is actually left (since I never answer from numbers I don’t recognize), and it is:
Well, “Rachel” never referred to me by name, and I never discussed trying to obtain business financing with anyone. It was most likely yet another robocall trying to drum up business for someone who does financing, and they leave the same message over and over regardless of who they are calling.
In the age of the cell phone and most everything being sent by email these days, we are at the mercy of techno-savvy salespeople and even scammers. So, where do they get our phone number and email address, anyway?
Much of this information is publicly available because we are all on a list with companies that we have done business with in the past, or maybe even signed up with them for information on a product. Many of the online services that allow us to sign up for periodic information and news require us to submit our phone numbers and email addresses. Some companies sell these lists to others because we are potential customers for similar products or services. These lists are easily obtained by other people who want to sell us something, and unfortunately by people with nefarious purposes in mind. Those with a more criminal intent got this information on the dark web as a result of a security breach where someone stole the information. The thieves then sell this information to websites run by bad actors for the purposes of identity theft and other types of fraud. The LinkedIn breach of 2012, for example, released 167 million email addresses and associated passwords to potential criminals. Many social media breaches divulge phone numbers and email addresses.
So what can we do? Blocking phone numbers is like playing a game of whack-a-mole. Most of the time, the number that shows up on our caller ID is spoofed (not the real number). And the spoofed number that they use is constantly changed. Many times they use a number in our specific calling area so that we will think it is someone local to us. Our service providers can’t (and won’t) keep blocking all these numbers for us. They won’t because it is a never-ending game that would tie up their resources. And about email – the same thing applies here. If we tried to block the email address ourselves, it is an endless game, and they will only email us again using a different address. The good news there, though, is that many providers, and especially enterprise email administrators where we work, do have a way to detect large numbers of emails that are the same and match known malicious or scamming patterns, and they can set rules to block these.
It is frustrating to be sure. But there are some things that we can all do to at least minimize the annoyances, and prevent from becoming a victim of the more sinister attempts to steal identities.
Refuse to be a Victim:
- Ignore the Calls: If you don’t recognize the phone number on your caller ID, and it turns out to be a legitimate caller, they will leave a message. Even if it is a legitimate sales call and they do leave a message, then you can simply delete the message if you are not interested. But just be aware that even the scam perpetrators will leave a message to try to get you to call them back and give information or do something with your computer to allow them to access your data. Just use discernment when you listen to the messages. If you don’t know who they are, don’t call back.
- Do Not Click on Links in Emails: Hover over the link with your mouse and see what web address is actually revealed. If the address looks phishy (suspicious), then don’t click on it. If the email claims to be from one of your providers, like your bank, utility services, or health care provider, then go to their known good web address yourself and log in. Most of these services, in addition to sending you an email, have a message area when you log in with important information on which you need to act.
- Don’t click on Advertising Links: If you are on a website and the advertising content or the product interests you, do a web search and see what reputable businesses pop up. Then go to their website on your own. Many of these advertising links, in addition to redirecting you to another website, also install fake and useless pieces of software that you don’t need, and may even have malicious code.
- Robust PC Security Scanning Suite: Many internet service providers provide a free security suite that you can install. In fact, these security suites are usually very robust and include such things as real-time antivirus scanning tools, personal firewall, add-ins to direct your searches to results listings that are verified to be safe, and even password managing utilities. My provider offers its customers the Norton Security Suite which does all of the above and additionally has a constantly updated list of known bad websites that alert us if we or another process on the computer tires to redirect us to one of the known bad sites.
- Go to the Known Reputable Web Address: As mentioned previously, never use a link in an email to go to a website that you want to visit. Always manually type in the known good web address of a business or service. You can always bookmark the address, and then use your bookmark for future visits, not the email link. Use a reputable search engine, such as one provided by the software security suite mentioned above, to find the known good address of the reputable businesses and services that you are seeking.
- Use a “Throw Away” Email Address: Many news sites and social media sites require an email address in order to sign up. Use a “throw-away” or what we often refer to as a “disposable” email address for these. Keep your primary email address for use with family and friends, and organizations that you actually do frequent business with, such as your bank, health provider, and utility services. All others, just use the disposable email address. That way, your primary email stays junk and “spam” free and is less likely to be compromised.
Technology has given us a great many tools to stay informed, stay connected with loved ones, and be able to do our business quickly and efficiently. But this technology has also given legitimate salespeople ways to bombard us more with their sales pitches, and the bad guys a way to more easily lure us into giving away information or even our identities. But there are some simple and free (or very inexpensive) things that we can all do to use our technology safely and keep from becoming a victim. Use your technology wisely, use discernment, and stay safe!
For more resources and tips, please visit:
- DHS Cyber Infrastructure Tips: https://www.us-cert.gov/ncas/tips
- CenturyLink – Tips for Email Safety: https://www.centurylink.com/home/help/internet/security/tips-for-email-safety.html
- Microsoft – Protect Yourself From Tech Support Scams: https://support.microsoft.com/en-us/help/4013405/windows-protect-from-tech-support-scams
- USAgov – Report Scams and Fraud: https://www.usa.gov/stop-scams-frauds
No comments:
Post a Comment