Who is on the other end?
One of the first steps to avoiding the pitfall of scammers, is to stop and do your homework. Especially if you see words like "You must act now or we will close your account", do not fall into the trap of doing anything that the email, text or pop-up browser window says. Learn who it is that you are really dealing with. The various practices of identity spoofing (pretending to be a person or company that really exists) are reasonably simple to perform. The advantage for someone who is targeted with such practices is that they are reasonably easy to detect, if you know what you are looking for.Why do they think that they know me?
Ever received an email from a retail chain, thanking you for being a loyal customer, and offering you a reward? The first question you should ask yourself is, have I ever shopped there? If not - discard the email. If it is not a scam, then it is a marketing ploy to collect your details so they might spam you with advertising. Or perhaps their business is about to be sold, and they wish to find the names of 10,000 people to add to their database of customers to make the business look like it is worth more than it really is.Let's say you have shopped at that retail chain once or more. Did you take out a loyalty card? Did you enter a competition with them? Did you return an item for refund and have to provide your name and details? If you answer 'No' to all of these details, then how did the retailer get your details. How do they really know that you have been a loyal customer if they have not had your details to be able to trace your purchases against? If you are uncertain in your answers to the above questions, then act as if you have never done business with the retailer.
Email sender details
With scams that are received by email, there are some tell-tales that you might spot that will help you to determine whether it is a scam or not.Spam and Junk Mail Lists
Whether you have a desktop email client (Outlook 2013, Mozilla Thunderbird, etc.) or you use a web based email service (GMail, Outlook.com, etc.), there should be some level of spam filtering that will automatically occur.For those with desktop email clients and an ISP based email account, your ISP may do some spam filtering for you, but this may require you to turn that on in your account settings for your email account. Contact your ISP for further assistance. However your desktop client also has the ability to filter junk and spam emails. However most email clients require that you actively participate in filtering junk emails by 'teaching' your email client which emails you consider to be spam or junk emails.
For those using web-based email accounts, most of the reputable providers offer decent spam filtering. That said, some have really weak spam filtering. From my experience I can recommend both GMail and Hotmail (Outlook.com). If any problems exist with the strength of their filtering routines, it is that some emails I legitimately wish to receive get diverted to the Spam folder. Again, this is where each user must actively participate in their own security - every couple of weeks I open the Spam folder to see what non-spam emails have become caught in there, and mark them as "Not Spam".
Did that email really come from Microsoft?
Scammers are smart. When they send out a massive lot of emails to create a trap for people, they are likely to spoof a well known government or business organisation. The programs that they use to do this will be smart enough to make a basic detection of where you are located based upon your email address, and so the scam email will often appear to come from a government or business body that is local and relevant to where you live. For example, Australian consumers would be more likely to trust an email that appears to come from the ATO or AFP, but we should automatically laugh at and delete an email from the IRS (Inland Revenue Service - US Government) telling us that we owe $10,000.00 in unpaid taxes.So, if the scammers are smart enough to customise the scam emails based upon where their targets live, what hope do we have of being alerted to the scam? One of the first and easiest ways to detect a scam email is to look at the detail of where it came from. In web-based email services this may be achieved by hovering the mouse pointer over the name of the sender, revealing a pop-up that displays the email address of the sender.
In the above example, you can see an email in a Spam folder on GMail, it appears to have come from Telstra. Hovering over the sender name reveals the sender address which is 'no-reply@telstra.com.au'. From experience I'd expect this to be marketing from Telstra.
In this second example, an email from a Jasmine McNair, promising the opportunity to possibly own a new car. That's great, I could be in the market for a new car. However, I do not know a Jasmine McNair. Revealing the senders details, the email address is 'info@progressdeals.com'. Probably not a scam. However, it is definitely an unsolicited email, I'm not sure where they got my email address, and I do not know what Progress Deals will do with my email address if I do reply to this email. If I don't open it, the company the sender will never have confirmation that my email address exists. If I preview the email, open the email, reply to the email, or click on any 'unsubscribe' links in the email, the sender will know that my email address really does exist, and continue sending marketing emails I do not want. Or worse, they will sell my email address as a piece of information to another business or to a scammer. No thanks.
This next example is a classic. It comes from a bank. Or does it? The first clue is the first word in the subject "Warning!". Suspicious already. The second clue is the all-caps subject line. This is trying to instill an an unnecessary sense of urgency in the recipient. The third clue before we even look at the sender's email address is the bad English used in the subject; "ANZ BANK SEND YOU A IMPORTANT MESSAGE" is not even proper English. Any professional organisation that is making contact with valued customers is going to make sure that the person sending emails is able to communicate fluently in the language of the customer. In short if ANZ did send emails like this out, there would be a few sackings. The fourth clue from the subject line, is the inclusion on my email address that I partially obscured. If I really was known to ANZ, would they not be using my actual name, rather than my email address? Of course they would. It would be far more polite and respectful to do so.
So, looking at the senders email address in this third example, we have 'no-reply.36864@anz.com'. That does look like it could be legitimate. If I do a Google search for ANZ, it does confirm that anz.com is their Internet domain. But let's not go believing this one for now. If it is not enough that you are not an ANZ customer, or that the subject line of the email is so suspicious, please do the due diligence of contacting ANZ by their phone numbers listed in the White Pages, or by the contact numbers that they list on their own website. Do not open the email to look for contact numbers - they may be bogus. My recommendation would be to delete this email without opening. However, if you are still not sure, there are steps you can take.
Is there a return address?
Whilst it is possible for scammers to make an email appear to have come from a legitimate email address on the surface, there are ways we can dig into the header details of an email to confirm. This can be a little bit confusing at first, and if you are not that comfortable with doing so, please delete such emails.For those that are comfortable to continue, what we are looking for in the header details of the email is confirmation of where the email has come from, and if you were to reply to it, where would the reply go to.
If you are using a desktop email client, select the email without opening it (single-click). Depending upon your email client the commands will be slightly different, but should be something along the following lines, From the View menu select the Message Source option. Some clients may allow you to see the message source by right-clicking and selecting the Message Source option from the pop-up context menu.
If you are using a web-based email client, this is a little different. First, you must open the email. Now that can be scary, but fortunately with email clients like GMail, if the email is in the spam folder and GMail thinks it is a scam it really will lock things down, and will only show you the basic header information and the coding of the email without downloading any images, like so below:
First GMail displays a nice big red warning - good.
Next, GMail tells us two of the most important details, the Reply-To address, and the Message-ID. These two values help us to confirm where the email has come from. Whilst the reply-to address is the same as the sender address for this email, the message id tells us that the email originated on a computer system in the thinksr.com network - definitely not part of ANZ's networks!
Finally we get to see the coding of the email - which was in an HTML format. Done so that it could more easily contain images and clickable links. Whilst I have obfuscated my email address details, I have also highlighted the important tell-tales. The first one shows the level of guile and sophistication that the scammers have employed - the images that they have used in the email come directly from ANZ's own servers, so that the email looks even more believable. The second highlighted tell-tale is a hyperlink to a URL containing the domain "vidafamiliayalgomas.com". Definitely not the ANZ bank!
With any other email that was not as dangerous, web email services will allow us to open it, without downloading images. From there, we can investigate further to view the source of the email.
In GMail, click the down arrow next to the reply button and select Show original.
From Outlook.com, select the down arrow next to the reply button, and select View message source.
When viewing the message source from web or desktop based email clients, you should see something like the image below:
Again, I have obfuscated my email details, and highlighted the important content. Generally the details that we are looking for are; Return-Path, Sender, Reply-To, Message-ID, and the very last Received item in the list.
In the example above, the email I chose was in my Spam folder, but one that I was pretty certain was legitimately from Telstra. Certainly the Sender address, the Return-Path address and Reply-To address are all the same, and appear to belong to Telstra. The Message-ID also belongs to a server that appears to be part of the Telstra network given the "bigpond.com" at the end of the message id.
The Received items are often listed in a list of two or more. These are read from top to bottom as the last receiving email server, through every intermediary email server and last is the originating email server. We can see from the last Received item in the details above that it originated from a Bigpond (Telstra) email server, and the server name is the same as that which appears in the Message Id. We can be strongly certain that this message is legitimate, and not a scam.
Revealing hyper-link truths before you click
The Internet is a treasure trove of useful information. Unfortunately it contains a lot of opinion and other not-so-useful information, plus a more than generous smattering of dangerous information, including scams, viruses, etc. The challenge of the Internet is less about finding what you want - more about avoiding what you do not want.If your computer has a decent firewall/anti-malware solution installed, such as Bullguard, when hyperlinks are presented to you in a search engine's results, you might see something like this:
The green-tick is Bullguard's way of saying that the link is not a scam/malware site. Some other firewall/anti-malware products do have similar features, and can be helpful in protecting your family and guiding younger family members in what is safe and what is not.
Even if your anti-malware program does not do this, there are still ways in which you can check a link before you click it. If you hover the mouse pointer over any link before clicking on it, the destination URL (address) of the link will appear in the bottom corner of most browsers, like below.
Compare this address with where you expect the link should take you. In the example above we are expecting the link to take us to another ACMA page or article. From the beginning of the address, before the first slash ('/') we can see that the link remains within ACMA's web site (www.acma.gov.au), so we know that this link will lead somewhere that we can trust.
How do they know my computer has a virus?: Beware of bold-face lies
Fortunately, the world is now at your finger-tips, thanks to the Internet. We can video-chat with loved ones in New York, read about the day's happenings in Milan, while buying new shoes from a shop in London.Unfortunately, just as we have easier access to the rest of the world, the rest of the world also has easier access to us. That pale-skinned dodgy-eyed salesman who wants to sell you a kitchen food processor that you don't actually need, no longer needs to jam his foot in your front door to make the sale, and you'll never see what his complexion nor eyes are actually like. Despite that, the general marketing pitch of such people is still the same - creating within you the false need to buy something even when you didn't know you needed it. And they are still using the same basic tactics of either creating fear in your mind, or promising improbable success for no effort. And they are more than aware that they have to close the sale with you very quickly - if you have any chance to think things over, you'll either forget about it, or start to question what they are selling and whether you actually need it.
The range of ruses, tricks and lies that scammers can employ is limited only to their imagination, and is far too expansive to attempt to include in this simple article. The most prevalent scams of this type that I have seen are delivered by either phone or pop-up ads/in-page ads on the web. Whilst many people seem to be aware of the phone based scam, they do not realise that the web-based ads really are just the same thing. The phone based scam that we are all familiar with goes like:
Scammer: Good evening. I am John from Microsoft, may I speak with the primary Internet account holder.
Victim: Speaking.
Scammer: Good evening. We have detected that your Windows computer is infected with viruses and is sending out infected emails.
At this point the scammer is hoping that you will start to panic, and because they say they are from Microsoft, that you will automatically trust them to fix your computer. and they will attempt to walk you through a range of things to do and install on your computer, possibly including giving them remote access to your computer - DON'T DO IT!
I would recount the rest of the patter that they go through, except that I gave up listening to such calls long ago. The truth in their lie is that if you say that you don't have a computer, don't have the Internet, or that you have a Linux or Mac computer, they hang up. Whilst this seems odd, it exposes the reason that such calls are a hoax. The people making the calls are not actually the scammers. Often they are in a call centre in countries such as India, Pakistan or the Philippines. The are working for a company that they are lead to believe is Microsoft, or some related company, or other tech giant. They are given a range of phone numbers to call, and a set script of things to say and steps to go through with you. At some point they will hand over the technical work to someone behind the scenes - possibly in another location. The person who is placing the call is lead to believe that they are genuinely helping you. They do not know that at best they are fronting an unethical, yet legal business operation, or at worst, an operation established by an international crime syndicate.
The web-based version of this scam, is similar, but actually costs the scammers less to operate - because they get you to call them. They will post an add on a web page, or a pop-up add on a web page that will claim something along the lines of "Your PC is infected with 6 viruses. Take action now to avoid damage to your hard-drive." The ad will give you a link to click, or it will direct you to call a 1800 or 1300 number. It is also worth noting that such scams may also appear on your smart phone when browsing the Internet.
Irrespective of whether you engage the scammers by clicking the link, calling their number, or if you accept their call, you are opening up a dialogue with them that will lead to them wanting to take a credit card payment, and to gain remote access to your PC, all in the guise of fixing the supposed problems. Let's be clear, once someone has remote access to your computer, they can help themselves to any information on the computer and do anything that they want to it, anytime that they want to.
To be fair to some of the companies that operate in this space, that I have referred to as 'scammers': They are legitimate companies. They may provide some benefit to consumer through the supply of anti-malware software. They provide consumers with the confidence that someone is looking after them and their computer 24/7 for 6 to 12 months, and you may even get responsive service from them. However, for these companies to actually scan your PC without approval is illegal under Australian law. Therefore when they phone you, or their ad pops-up in your browser claiming that you 'x viruses infecting your PC', either they have done something illegal, or they are outright lying to you. That is unethical. Therefore, they are scammers.
From the contracts that I have seen offered by these firms, the contract is not properly formed, and provides the consumer with no guarantee or protection. That is unethical.
Their service desk operations promise results within 24 hours, but to be able to access those services requires that you send them a signed service request in writing using a formatted template. To get the formatted template, your computer needs to be working. To print, sign and scan the request, your printer, scanner and computer need to be working. To email the request to them, your computer and your Internet connection need to be working. What happens, if the problem you want them to solve is your computer or your Internet is not working? There is no way to resolve it. That is a big shortfall in the service that they are selling you, and one that they will hope you do not notice. That is either poor planning for their services, or worse, unethical conduct.
Worse still, the poorly worded contracts attempt to contain clauses that allow the company to transfer the provision of remote access support to a third party, at any time that they choose. What this means is that they can sign you up, get remote access to your computer, fix any problems that do exist on your computer, and then hand over the details of your computer (possibly your credit card details too) to another party who could be a legitimate business, or a criminal gang.
Not all companies who offer remote computer management services are going to be like this. There are reputable players in this space, and they will not be chasing you for business. They will let you contact them when you are ready, and they should provide you a decent, fair and understandable contract.
So, to sum up this third part of my series, when dealing with people you don't know online, ask yourself, would you do business or talk to them if they came to your front door with the same proposition. Who is it that has contacted you, and do they really know you or have a real reason to do business with you? Use the features of your email client to see if they are likely to be who they claim to be. And, be wary of traveling salesmen - especially those who come to your digital-front-door. In short, follow the old adage, "if it looks too good to be true, it probably isn't true".
No comments:
Post a Comment