Tricksters are getting trickier. Here’s how to stay safe.
This one nearly got me.
An email arrived “confirming” my latest iTunes purchase and providing a link for me to click on if there were any problems. Well heck yes, there was a problem --- I have an iTunes account, but I didn’t purchase the items shown in the email. I was just about to click that link when I remembered that the email was to a different address than the one associated with iTunes.
That’s when I began to look more carefully at the email. It was a phishing email, and it was very, very good.
Phishing (pronounced “fishing”) is attempting to obtain sensitive personal information such as passwords, credit card numbers, and bank account information by posing as a trusted entity in an email. (See this Wikipedia article for more: http://en.wikipedia.org/wiki/Phishing).
This email implied that there’s been a fraudulent purchase. Naturally we want to click on the link to report the problem! The link looks legitimate in the body of the email, but in fact it directs us to an infected website where we are then redirected to a very good copy of the Apple Store website. If we enter our Apple ID and password, the bad guys can use that to log in to our real account which is tied to a credit card and it’s all downhill from there.
How can we spot a phishing email? Sophos provides an extremely clear and detailed explanation of the fake iTunes email here: http://nakedsecurity.sophos.com/2014/07/28/anatomy-of-an-itunes-phish-tips-to-avoid-getting-caught-out/ and I encourage you to read it if you want to know more. But to summarize, there are a few things to look for when you suspect ANY email might be a phishing attempt.
- Hover your cursor over the link. Often, that reveals the actual link is to an unrelated site.
- Look at the To: field. It might not have your actual email address in it. It might say Undisclosed Recipients. That’s a tip off. BUT --- it really might have your real email address, so keep checking.
- Look at the From: field. It might not have a legitimate address. BUT --- again, addresses can be spoofed, so even if it looks right, keep checking
- Use your common sense. If you receive an email asking you to provide account information to a bank or store or credit card company where you do not have an account for heaven’s sake don’t click on anything. That is a phishing email.
Microsoft does not make unsolicited phone calls to help you fix your computer
The Fake Microsoft Technician scam is, unfortunately, alive and well.
What am I talking about? You receive a phone call from someone claiming to be with the “Technical Department” at Microsoft. S/he says s/he has information that your computer is spreading viruses. The “technician” convinces you download a program that will let them access your computer remotely.
Don’t do it. Just hang up.
The technician installs a malicious software program, and that program likely drops other malicious software on your machine, and then offers to fix the problem and sell you protection.
Law enforcement know who is responsible for the attempted fraud, but have been unable to reel them in. Microsoft is aware of the problem and has issued a warning on their website: http://www.microsoft.com/security/online-privacy/msname.aspx.
It’s all about getting your credit card information. At best, you end up with software that doesn’t work and a hefty credit card bill. At worst, it’s identity theft. These guys are really, really convincing. Don’t fall for it.
If you have already been talked into this:
- Check your credit card and bank statements immediately.
- Whether or not you see any unauthorized activity, contact you bank/credit card company at once and let them know you think your account might have been compromised and why.
- Clean the malicious software out of your computer or have a professional do that.
- Change your passwords for all your financial information and your email. (Do this AFTER you know your computer is free of malware, or from another computer.)
Let’s be careful out there!
Do you need help with your computer? I'm here to help you and your home or business computer get along!
Cate Eales runs Computer Care Kelowna (http://computercarekelowna.com/) a mobile service helping home users and businesses get along with their computers. To arrange an appointment phone her at 250-764-7043. Cate also welcomes your comments and suggestions. Send email to firstname.lastname@example.org.
You can read previous columns here: http://rlis.com/column.htm . If you'd like to subscribe to this column by email, please visit this link: http://www.feedblitz.com/f/f.fbz?Sub=20618 . It's easy, and free. If you'd prefer the RSS Feed, click here: http://rlis.com/rlis.xml.