Friday, March 27, 2015

Scams and Hacks

Maybe it’s because I’m now “older,” or maybe it’s just because there are more of them.  But whatever the reason,   I’m now finding myself the target of different scams.  I’d like to list some of them here – maybe this will help someone else avoid being taken advantage of.

“Hello, I’m calling from Microsoft Windows about your Windows PC” – this is one that is really frustrating to me.  Not because I fall victim to it, but because I get this call at least once a month and it’s been going on for a couple of years now.  The call is always from a different phone number (or an “unidentified caller”), so I can’t screen them out based on the caller ID.  It’s always a voice from India and the message is always the same.  I’ve tried hanging up as soon as they start talking.  I’ve tried engaging in a long conversation to waste their time.  Nothing seems to work.  I know what they want – they want me to approve some new software they are going to send me – but one that is malware and will log my keystrokes or other such things.  It seems that no one can shut these folks down, even though they break the do-not-call list, because they really don’t care about it since they are not in the US.  It gives India a bad name.  See http://blogs.microsoft.com/cybertrust/2014/09/18/how-to-report-the-microsoft-phone-scam/ for further details.

“You’ve won a trip to the Bahamas” – this is another frequent one.  Same M.O.; same repeated calling from multiple faked caller IDs.  This one will eventually ask you to pay a “port tax,” which of course you never see again, nor will you ever see a ship.  But it’s at least the same robo-voice every time so I can hang up quickly.  See http://www.welivesecurity.com/2012/06/15/close-call-with-a-caribbean-cruise-line-scam/ for more details.

“This is ___ from the IRS …” – just got this one for the first time this past week.  Caller gives details about the man from the IRS, fake badge number, phone to call – where they will tell you that you owe money to the IRS and need to send it immediately.  And of course they will be happy to take payment over the phone with your credit/debit card.  Interestingly, this one did not fake the caller ID – it was from a VoIP line in New York.  And the number they gave to call was another VoIP in Arkansas.  But that’s usually a clear sign of a scammer.  The numbers they give are just the exit point from the Internet – the real caller is somewhere else, often outside of the US.  Here’s further information -- http://www.irs.gov/uac/Tax-Scams-Consumer-Alerts.  One of the interesting things about my caller was that there were a couple of instances of improper English in the pre-recorded message.  For example, they ended by saying, “Have nice day,” not “Have a nice day.”

While I’m still talking about scammers, let me add in “Romance Scammers.”  I don’t get these calls myself, but I’ve been helping my sister-in-law deal with them.  Her husband passed away last year and she’s been looking for companionship – but doing so on a couple of dating websites.  After I helped her with the first one, she’s now pretty quick to give me details whenever she gets someone else interested in her and asking me to check him out.  I can usually ferret them out quickly.  The phone number they use is always a VoIP line.  The name they give never appears in the phone directory for that city.  The email address they give is nearly always something like johnsmith345@yahoo.com (very unimaginative) that has never been used before.  Their occupation is often a contractor or an engineer (so they can later get “stranded” in a foreign country on a job and ask for money).  They usually had a wife and kids, but they were killed in an accident (so you both feel sorry for them and realize that they are a “family man”).  What’s the most funny is the messages that they send you which you can look up and find having been used hundreds of times before (including the same misspellings, same punctuation errors, etc.)  Here is a website that gives other ideas - http://anythingartzy.hubpages.com/hub/Internet-Dating-Scammers-How-To-Identify-Them

Finally, I’d like to discuss a hack that I got involved in.  You may have seen in the news the past few years about a couple of instances where someone hacked into a major bank/company and stole several million credit card numbers.  The Home Depot and Target instances come to mind with 53 million and 40 million card numbers stolen (see http://www.usnews.com/news/newsgram/articles/2014/11/07/53-million-customer-email-addresses-leaked-in-home-depot-hack and http://www.businessinsider.com/heres-what-happened-to-your-target-data-that-was-hacked-2014-10).  We had shopped at both those stores during the hacking period involved.  Most often we use a Discover card.  Their response in both instances was to issue a new card – with the same card number, but a different expiration date and a different CVV (the security code that’s printed on the back).  They did it automatically.  The benefit of that is that I didn’t have to memorize a new number – although I did have to give the new expiration date to all the places where I have auto-payments set up.  But even though I got a notice from my MasterCard issuer, I decided to not get a new card at the time because they always change the number when they reissue – and I don’t really use my MasterCard that often.  But that turned out to be a mistake.

It was over a year later that someone tried to use my card (the numbers were stolen in late 2013 and I didn’t get involved until February 2015).  I got a call from the bank’s fraud unit, asking if I had been to the Walmart in Abington, PA earlier that day (which of course I had not).  They had detected six usages of my card within a couple of hours that morning – two purchases at different Walmarts (which had been denied), two $1 trial purchases online to see if the card was valid, and two purchases at different Target stores (which had not been denied!).  Once the person from the fraud unit had confirmed that the card number was stolen, she immediately inactivated it, and we began the process of getting me a new card, issuing credits for the Target charges that had gone through, etc.  A few extra hours of my time, but next time I’ll definitely get a new card number right away.  Little did I think that it could come back to bite me over a year later.

Unfortunately, the increased availability of technology for convenience (like VoIP and going cashless with credit cards) also means new ways for people to use these technologies for illicit purposes.  One can only hope to stay one step ahead of the “bad guys.”


1 comment:

  1. There are always scammers going on. We get a robo call nearly daily about being eligible because we are seniors for (I forget what they call for cuz I hang up). They do not offer an opt out number... and some of the calls we get say as soon as we say hello is "we are experiencing a high number of calls and cannot take your call right now" and then it hangs up. What the heck? We didn't call them!! And that call is at 8:15 at night when we are already in bed. Very frustrating!

    ReplyDelete