(NMC) Don't let your accounts get hijacked

[Jess L.]

At the risk of being scolded for NMC, I want to remind fellow mandolinners to *never* click email links asking you to "update your info" (or variants thereof) at popular websites such as eBay, PayPal, Amazon, various banks, etc. That's a good way to get your account hijacked.

Especially if the email came out of the blue, and not 30 seconds after you've been at a legitimate website and requested a password reset or something.

("Hijacked" means that bad guys will be using *your* account and ruining *your* good name. Or stealing your money. Etc.)

I know, nowadays people are 'supposed' to know about avoiding 'phishing' scams, but not everyone does or they forget (if some of our friends here in this region are any indication) so I'm reminding everyone again.

In my case, since nowadays I only get a few such phishing attempts per year, it would be easy to be not as "on guard" as I used to be. For a few years there, it was like 10 of those things a week, easy to ignore. But now that they've become less common (depending on how good your email service's filtering is), a person could forget and drop their guard. Don't!

What prompted this post, is that just today I got a scam 'phishing' email purportedly from PayPal, I'm like "um yeah whatever" ... it was asking me to click a link and log in to confirm my account. [1]

I didn't click the link but the nerdly part of me was mildly curious as to where this scam was coming from, so I copied the link and ran it through a service that decodes short urls (I happened to use CheckShortUrl but there are probably other services that work just as well)... at first glance the link looked legit (this is how they fool people), it started out with the usual paypal dot com yadda yadda, but when you looked at the *entire* url it belonged to a website in Malaysia (hmm....)

So, a phishing attempt. Deleted.

In the 1990s I actually fell for one of these scams, I clicked a link that wanted me to update my eBay info (this was in the early days of eBay), I had not heard of 'phishing' yet, well that didn't turn out so good because I logged in to the *fake* eBay site (it looked exactly the same as the real one) and confirmed the stuff they wanted confirmed, all seemed good, but...

A few months later I got a notice from the *real* eBay telling me they'd permanently shut down my account due to fraudulent activity... I was like "What?!!!??? You're blaming *me* for fraud? I haven't even used that account in months!"

But someone else had been using my account for nefarious purposes, probably involving scamming people out of money or something. I had no clue.

The bottom line for me, in that 1990s phishing experience, was that it ruined that whole account and I had to start over with a new account and new username. Made me a *lot* more careful!

Some of these phishing scams are more obvious than others, for instance if the spelling and grammar is all wrong, that's a clue that it's not legit. But others can look *very* convincing.

P.S.: Phone text phishing scams are another area to beware of, same modus operandi, they try to get you to log into an existing account via a phony URL. Same purpose, to get your login info and hijack your account to use it for bad things.

---
Footnote:

1. Some email services are smart enough to send most of these things to the Spam folder, but I still have to sift through the Spam folder because sometimes important non-spam things get sent there by mistake. I can't simply ignore the entire Spam folder. Presumably other people are in a similar situation. Thus the warning here.

[pops1]

If you receive a phishing attempt I forward them to the appropriate place. Spoof@paypal.com for paypal. They will attempt to end these so if you can forward them to the service that it was supposed to come from.

[Petrus]

I just got one today from a pseudo-Amazon phisher. Usually you can tell by reading them -- they are often full of bad grammar, typos, and similar giveaways that are just sloppy conmanship. If you hover your cursor over the reply link, it'll be another giveaway (as you indicated in the OP) -- the site might show something like "www.amazonia.di/cheapsunglasses.ng" or "www.yougotphished.xb" or whatever.

Generally at this point I've gotten enough of 'em to just delete them without opening (always the preferred course of action.)

I do feel sorry for the band Phish, though.

[Ivan Kelsall]

Along with 45,000 other Brits.,i had my Facebook account 'hacked' 4 years or so back. I received an e-mail from somebody with a name i didn't recognise. It 'might' have been a Cafe member e-mail,from someone who's real name i didn't know, so i opened it.
It downloaded a stupid virus onto my PC. A fake AVG Anti-Virus scanner which told me i had 'x' million viruses on my PC. When i tried to deleted them,it simply loaded a trillion more !. It took me 3 days with the help of the real AVG guys to get rid of it - i also got rid of my Facebook account as well.

That's one reason when shopping 'on line',if i'm asked to open an account in order to purchase,i'm gone !!.

I don't know what it's like in the USA,but phone scams happen all the time over here. In the past 3 months i've had 4 phone calls (''number witheld'') from persons apparently from 'Windows' asking about my PC. Don't these berks even realise that ''Windows'' is an operating system NOT a company !!!,
Ivan

Ivan

[Bertram Henze]

They're getting better at looking legit. Less outlandish grammar, more personalized (Dear Mr RightName instead of just Dear Customer).
Just don't click their "convenient" Link. Login to the real site via your bookmarks and see if everything is OK.

[Jess L.]

... I don't know what it's like in the USA,but phone scams happen all the time over here. In the past 3 months i've had 4 phone calls (''number witheld'') ...

Yeah we have those here in the US too.

They often call from "spoofed" (fake) numbers that look legit on your caller-ID.

They are not even up to telemarketer standards, these are outright scams, trying to get people to divulge financial info etc.

Used to be, we could sign up for the "Do Not Call" list, that worked great for a few years, with legitimate telemarketers that play by the rules. But the outlaws don't obey the list, in fact they don't even need to know any individual numbers, they just do automated dialing in numerical sequence (555-1234, 555-1235, 555-1236, etc). In years past you just carefully guarded your phone number and didn't give out your real phone number to online retailers etc, but it seems that that is no longer sufficient.

The latest thing I've seen with the spoofing is they make your caller ID show a local number, sometimes only a few digits off from your own number, because people are much more likely to answer a *local* unknown call than an out-of-state call.

Here's a good article from PCWorld magazine, "How caller-ID spoofing has ruined the simple phone call".

I get anywhere between zero to several dozen scam calls each week, it seems to run in streaks. I used to put them in my phone's "auto-reject" list but that list only holds 200 numbers so I save the auto-reject feature for repeat offenders. Most of the scam calls, however, don't come from the same number twice. It's to the point I simply don't answer unknown numbers. I figure if it's anything important, they can leave a voicemail and I'll get back to them. The scammers very seldom leave voicemails (although there have been a couple of exceptions).

And there's another phone scam, I hadn't even contemplated this possibility until reading about it today, "One-ring cell phone scam can ding your wallet". Always wondered why the 1 or 2 short rings then hang-up, thought maybe they were just looking for 'live' numbers to make into lists to sell to other scammers or something.

... persons apparently from 'Windows' asking about my PC. Don't these berks even realise that ''Windows'' is an operating system NOT a company !!! ...

Ha! Lol that's funny. Sounds typical though.

[Tobin]

Since we're on the subject of scams, this is one that has been going around recently, and I've gotten several calls like this.

When you answer, a friendly voice will say something like, "Hi, this is Julie from the service department. Can you hear me OK?" If you get a call like this, hang up immediately. Do not reply to the question. It's called the Can You Hear Me Scam.

Yeah, I'm to the point where I don't even answer my mobile phone any more unless I recognize the caller. It's sad that this is what it has come to.

[Ivan Kelsall]

We've been made aware of the ''Can you hear me'' scam over here,but some on-line doubt has been aired regarding it's authenticity. Nevertheless,i warned my wife about it - better safe than sorry.

The first 'scam' call i had was a woman who told me - ''Hello,i'm phoning from Windows about your PC ''. I replied ''What about my PC ?''. She replied - ''I'm phoning from Windows about your PC ''. I asked her - '' Have you got my account #'' & she replied 'yes'. So i asked her what it was - she rang off !!. In that particuar case,the # wasn't witheld. However it didn't correspond to any valid UK numbering system.

The second scam call was a few weeks later - ''Hello,i'm 'calling' from Windows about your PC''. I asked the guy to hold on while i traced his call - he rang off !!. I can't trace his call,but the dummy didn't hang around to find that out.

The other 2 calls were pretty much the same - all from 'Windows'. If i get another one,i'll tell 'em i'm double glazed all round !,

From Tobin - ".....I don't even answer my mobile phone any more..." Somebody please tell Tobin that they're 'Cell Phones' in the US.
Ivan

[Bertram Henze]

It's sad that this is what it has come to.

I've never been friendly to strangers on the phone anyway. Has the world conveniently changed to fit my view? I think not. It's always been that cruel place, and I knew it. Next time, I'll just place the receiver on the table and play my OM - these people will get what they deserve

[pops1]

I have had several call telling me my computer has problems and they want to fix it. Depending on my mood for the day I will ask them what they want me to do. Then I will tell them I am doing it but it is not working or I can't find what they want. Actually I am doing nothing but wasting their time. One guy swore at me, it took him 15 minutes before he figured out I was playing with him. He was quite angry that he wasted 15 minutes when he could have been scamming someone else.

[Timbofood]

The telephone was designed for my convenience, I extend that to my computer and any other "devices" bogus numbers are irritating and I've learned to pretty much disregard any number I do not know. Sometimes I miss real calls but, that's what an answering machine is for!

[Randi Gormley]

My son -- who is young enough to still be trusting -- fell for the 'this is dell, we hear you're having problems with your PC' scam which ended up with our (relatively old) computer becoming a doorstop, so we were aware of this -- and he is too, now! -- for a couple of years. They seem to have stepped up the calls. I got 3 of them in the past 2 months. I just tell them I don't own a computer. The first time, the guy repeated that he was from Dell and wanted to check my computer and I had to spell it out for him: "I don't have a computer. What is wrong with you?" The last two, they just hung up when I told them I didn't have a computer.

[Astro]

My son -- who is young enough to still be trusting -- fell for the 'this is dell, we hear you're having problems with your PC' scam which ended up with our (relatively old) computer becoming a doorstop, so we were aware of this -- and he is too, now! -- for a couple of years. They seem to have stepped up the calls. I got 3 of them in the past 2 months. I just tell them I don't own a computer. The first time, the guy repeated that he was from Dell and wanted to check my computer and I had to spell it out for him: "I don't have a computer. What is wrong with you?" The last two, they just hung up when I told them I didn't have a computer.

I love this. Next time they call, tell them you don't have a phone...

[CarlM]

I have demanded to know how they got the number. Then insisted they stay on the line telling them it is a highly secret number of an agency NO ONE is supposed to ever reach. Then that we know who and where they are and will be sending a car with people to pick them up for interrogation or else sending a drone in to level the building where they are at. And don't DARE to hang up. That calling this number was the biggest mistake they ever made. They try to talk over me but I do not let them. Then they hang up.

[Jess L.]

... Next time, I'll just place the receiver on the table and play my OM - these people will get what they deserve

Lol! But your octave mandolin actually sounds really good. Not suitable punishment for miscreants.

Hmm, what might work instead, well I could play them some fast Bach on that electric banjo I'm thinking about building...

I have had several call telling me my computer has problems and they want to fix it. Depending on my mood for the day I will ask them what they want me to do. Then I will tell them I am doing it but it is not working or I can't find what they want. Actually I am doing nothing but wasting their time. One guy swore at me, it took him 15 minutes before he figured out I was playing with him. He was quite angry that he wasted 15 minutes when he could have been scamming someone else.

... the guy repeated that he was from Dell and wanted to check my computer and I had to spell it out for him: "I don't have a computer. What is wrong with you?" The last two, they just hung up when I told them I didn't have a computer.

... tell them you don't have a phone...

I have demanded to know how they got the number. Then insisted they stay on the line telling them it is a highly secret number of an agency NO ONE is supposed to ever reach. Then that we know who and where they are and will be sending a car with people to pick them up for interrogation or else sending a drone in to level the building where they are at. And don't DARE to hang up. That calling this number was the biggest mistake they ever made. They try to talk over me but I do not let them. Then they hang up.

Ha those are great!

I did some more reading today, found some tales of "scam baiting" (pranking the scammers), like this one:

"[The scammer] was waiting for me to arrive on a flight that I wasn't actually on. I told him to show up with a black backpack and hold it very very close to his chest (that's how I would know that it was him). Airport security didn't find it amusing, apparently, and thought he was acting suspicious. My plane fictitiously arrived after he had been detained and I ended up chewing the scammer out for being so inconsiderate as to get detained and leave me waiting for an hour until I finally just hailed a cab and went to my hotel. When airport security finally released him, he went and waited in the lobby-bar of the hotel for four additional hours while I 'freshened-up' in my room." ...

"... the end goal [is] to keep the scammers' attention directed away from real victims and hopefully frustrate them to the point of quitting. "Every minute the scammer I'm communicating with is spending on me is a minute he is not scamming a real potential victim" ..." - from arstechnica article.

And then there's this guy:


(or direct link)

[MikeEdgerton]

Just a note of caution about scammers and hackers. They are generally better at what they are doing than you are. It's best to simply ignore them. When you make it personal for them you become a target instead of just a random phone number. The reason the grammar is so bad in e-mails and telephone messages isn't because they are stupid. They are simply pre-qualifying you as a potential victim. If you don't catch the errors or ignore the errors then you qualify. If they call simply hang up. If a message pops up on your screen don't click on it just end task your browser. Whatever you do don't call even if you feel like being a macho guy and showing them what for. Calling them gives them two things. It tells them there is a live person on the other end and it gives them proof that you reached out to them by calling them. Most of the telephone computer scams are operating in a gray area. They don't want to infect your computer. They want you to give them your credit card information so they can "fix" your computer. Since you called them, and they have the record of that they can charge you a few times a year for cleaning things up. Illegal? Maybe yes maybe no. Remember, you called them so you must want their services, right?

Hackers are a different story. They have the ability to make your life really miserable. It's best just to not be a personalized target.

Carry on.

[Ivan Kelsall]

From Mike E. above. - "Whatever you do don't call...". The one's who are running the scams in the UK mostly don't leave a phone number, hence the 'number witheld' mention in my first post. If they do leave a number,the one i had at least, didn't conform to any known UK phone numbering system - i did check that one out,
Ivan

[MikeEdgerton]

Ivan, that's more for the ones that pop up in a browser window. They generally have a telephone number to call. The robo calls in the US will sometimes have a number that "You must call back".

[Jess L.]

Just a note of caution about scammers and hackers. They are generally better at what they are doing than you are. It's best to simply ignore them. When you make it personal for them you become a target instead of just a random phone number. The reason the grammar is so bad in e-mails and telephone messages isn't because they are stupid. They are simply pre-qualifying you as a potential victim. If you don't catch the errors or ignore the errors then you qualify. If they call simply hang up. If a message pops up on your screen don't click on it just end task your browser. Whatever you do don't call even if you feel like being a macho guy and showing them what for. Calling them gives them two things. It tells them there is a live person on the other end and it gives them proof that you reached out to them by calling them. Most of the telephone computer scams are operating in a gray area. They don't want to infect your computer. They want you to give them your credit card information so they can "fix" your computer. Since you called them, and they have the record of that they can charge you a few times a year for cleaning things up. Illegal? Maybe yes maybe no. Remember, you called them so you must want their services, right?

Hackers are a different story. They have the ability to make your life really miserable. It's best just to not be a personalized target.

Carry on.

Good points, thanks.

[John Eischen]

Some spam emails have an "unsubscribe" button, I would be cautious with those links also. I've been receiving ads for "non-stick cookware." I've blocked them several times, they slip through with alternate addresses. Today it had a very prominent "unsubscribe" button, and came from a strange source.

[MikeEdgerton]

That Unsubscribe button just lets the spammer know they have a live user at that address. You are correct, it won't stop anyone. I run a good sized e-mail system and we filter out millions of messages in a given year.

[Ivan Kelsall]

I have 2 telephones,one's a 1960's phone.re-vamped as a digital phone,the other is a hands-free set that displays the number of the caller. However,in the UK as i'm sure it is in the US,we have a 'code' which,if you dial/press it prior to dialing the actual number,willl prevent the receiver from seeing it. In the UK we can dial/enter '141' to prevent the receiver from seeing your number. I'm pretty sure that's what the UK scammers are doing,
Ivan