Scams, Phishing, Hacking and Protection

“I Don’t Remember Ordering That!”

In this post, I’m going to try and help you understand how to spot scamming and hacking attempts. I’ll try to include images of actual hacking and scamming attempts. Remember that any of our Protection and Service Plans we offer include FREE “Comfort Care”, so if you encounter something suspicious on your protected device(s) we will help you determine whether or not it’s a scam at no additional cost.

Phishing, Hacking, Scamming… what’s the difference?

There are countless different types of attacks out there and lots of pages of information about which one is what. The truth is, for most people it doesn’t matter so much which type of attack, or attempted attack, you’re dealing with. It’s enough to know that you’re dealing with bad people who are trying to take advantage of you. The one important difference is whether you’re dealing with a “live scam/hack” or a “bot”. Each of these things has their particular dangers, as well as advantages to dealing with the situation once identified.

Phishing

Phishing is usually not a “live” hacker, at least not initially. It’s an attempt to steal your information by automated processes, like clicking links, filling out forms, stuff like that. These folks are trying to trick you into entering your passwords (so they can either take over your accounts and use them for malicious purposes, or hold them for ransom, or both). The only thing you have to do to avoid falling into this scam, is to not click the links or fill out the forms. These scams often look like an email claiming you purchased something you didn’t actually purchase, or that your account has been suspended due to illegal activity, or that you need to verify your login information due to a “hacking attempt” (irony, right?). I’ve also seen text messages that say something like “Your UPS Package cannot be delivered…” Nope.

The best practice is to NEVER click on links you were not specifically expecting in your email. If you have a concern about an unauthorized purchase or an account issue, open a new window in your browser and go directly to the site in question. Contact the customer support on that site if you need to.

Note that if you DO end up falling for a phishing scam, you may end up actually dealing with a “live scammer” who will do their best to convince you, often using a lot of pressure and even insulting language and threats, to cooperate with their attempts to gain access to your valuable information. If you find yourself in that situation, hang up. If you see them actively doing something on your computer, shut it down using the power button. See the “scamming” section below.

Scamming

Scamming usually involves a live person. These folks are trying to get you to give them your bank account or credit card information. They might call you directly and claim to be from your bank, or say that Microsoft has detected a problem with your computer (Microsoft will never call you) or that your “Copy of Windows has Expired” (Windows is not a subscription service) or even that your Microsoft Office has expired (if it did, Microsoft would not call you about it). You might get a scary looking “pop-up” on your computer, saying something like “Microsoft has detected a problem on your computer! Please call this number to fix it!”, or “The FBI has detected illegal activity on your computer! Call this number!”. Sometimes it will even use your webcam to show yourself on the screen, as if you’re being recorded by the FBI. These types of pop-ups usually warn you not to turn your computer off, saying that if you do it will erase your hard drive.

Now, there ARE threats that will encrypt all of your files (ransomware), but there are ways to avoid that ever being a problem. We’ll get into that below. Typically though, the first thing you SHOULD do is just turn your computer off completely and then restart it. **DO NOT** call any number that has popped up on your screen!! When you reopen your browser (if you are given the option), choose to NOT restore the open browser windows you had open. If this doesn’t fix the issue – call me!! I can help you.

If you do happen to fall into one of these traps, the scammer will try to find a way to get control of your computer. They may tell you to go to a website and enter a code (don’t). Occasionally, the threat is sophisticated enough that you don’t need to actually do anything and they will take control of your computer. This is one of the worst case scenarios because they might then be able to access your saved passwords, banking information, hide or delete your files and cause all sorts of trouble. If you ever see a situation where someone untrustworthy has gained access to your computer, shut it down immediately and call someone (like me) to help you!

Hacking

scary looking computer hacker giving side-eye

Hacking also involves a live person, but they usually don’t actually have contact with you directly, unless they have physical access to your computer. If an untrustworthy person is in the same room as your computer, they may try to gain access to it. A simple login password is normally enough to prevent casual “trespasser”. There ARE ways to get around a computer login password, but most folks don’t have the tools or the knowledge to do it. It’s also important to understand that a login password does NOTHING to protect your computer from online threats.

If you forget to log out of your (facebook, twitter, email… etc) account on a public computer, or on a computer that you share with other household members, that is not being “hacked”. That is just an unscrupulous person being opportunistic.

Actual hacking normally involves software tools to break passwords or even disable security on a network. If a hacker is motivated enough to target you specifically, they can normally bypass whatever security you might have in place, eventually. If you think about it, even the most sophisticated security systems in the world have been compromised by hackers. So, if you’re a target, there’s very little you can do to stop them other than keeping your most important data OFFLINE. People who ARE in the position of being heavily targeted normally have their own dedicated team of security people keeping an eye on their computer systems, watching out for security breaches and actively working to block hacking attempts. That being said, you can take comfort in knowing that MOST people are NOT specifically targeted by hackers (at least not to the point where there is a team of dedicated hackers working full time to breach the person’s security).

MOST folks may encounter a more low-key type of hacking, what I might call “incidental” hacking where you’re not specifically targeted, but you sort of stumble into dealing with a hacker. For example, let’s say that you left your password list where someone could find it and they decided to take over your accounts. This also happens when larger companies get hacked and the usernames/passwords (and sometimes even more sensitive information) are leaked to the internet. Nearly all people who have online accounts fall victim to this. You can check your status by going to the website: “Have I Been Pwned“. This website is free and safe to use (as safe as any website can be). You can even sign up to be notified if your email address is listed in a password breach. If you see your email(s) listed in that site… don’t panic. The best thing to do is just go and change your passwords at the sites listed. It’s best to use a password manager and generate a new, complex password for each site. The downside is that you really end up relying on your password manager for those passwords! Yes, I do offer a managed password manager! Just ask me about it.

So, back to hacking.

How will you know if you’ve been hacked? The most common way is when you try to log into one of your accounts and your password no longer works. This is why 2FA (Two Factor Authentication) is important! While it’s still possible to get around it, it’s a LOT harder for hackers to steal your account if you have 2FA… unless you help them of course. Be wary of ANYONE who contacts you and says they need a code that was sent to your phone or email. These are almost NEVER legit. A new hacking attempt I’ve seen recently is when a Facebook “Friend” contacts you by messenger and asks if you will be one of their security backup contacts or something like that. They might say they are locked out of their account and need your help getting back in. They will ask you to click on a link, or ask you for a code that was sent to you. Do NOT engage in that. You could lose your account or worse.

How to prevent it?

It’s always important to have GOOD protection on your devices.

We sell a comprehensive protection and monitoring package that includes real-time, personal assistance if you see things that are concerning. This will prevent most malicious software from stealing your information. Not sure if you need it? Ask us about a Free Security Scan!

Be very careful about what you click on and who you accept as “friends” on social media. If you’re not sure whether a link, or attachment is legit, reach out to the person who sent it to you. Ask them questions that only they would know the answer to, such as where you met them. If you’re unable to verify, it’s better to just delete the suspicious item, or ignore it.

Set up 2FA (Two-Factor Security) on your social media and email accounts. You can also set up a special code generator for an extra layer of protection.

Finally…Computer Chick offers remote assistance to help you do all of the things mentioned in this article. If you need help, schedule an appointment and we will happily assist you!Stay safe out there!

– Computer Chick