Criminals love telephone scams. According to consumer information provided by AT&T, a new scam hitting U.S. consumers may generate hundreds or even thousands of dollars in unwanted phone charges. The basic hook is a phone call saying that the person calling has vitally important information for you, and you must return the call by dialing their number right away. The number will begin with 809, or one of the other international area codes such as 284 and 876 which belong to the U.S. Virgin Islands. According to some sources, the calls can cost as much as $2425 a minute!
The scammers make up any of a number of stories to get you to call, including information about a family member or other close friend who has been arrested, has died, or is in need of dire help. Other stories are the classic “you have won a prize.” In each case, you are told to call the 809 number right away. Since there are so many new area codes these days, people unknowingly return the se calls.
The bottom line here is that there are a number of ways to get scammed over the telephone. And with the ability to fake or “spoof” a caller-ID number, you cannot verify the caller using caller-ID alone.
Security Tip: Never respond to any request for a return call without first verifying the identity of the caller and the purpose of the call. Be cautious about area codes you don't recognize. Check your telephone directory or call the operator to determine where the area code is before making your call. If the call-back number is area code 809, 284, 876 or any international number (starting with 011) and the message is “urgent” you know you are getting scammed.
Related Tips: "International Call Forwarding Scam" and "Beware of Fake Phone Numbers"
Wednesday, October 31, 2007
International Call Forwarding Scam
Hacking into and messing with phone systems has always been an interest to criminals. There are many scams to try to either get free phone calls, or to trick you into calling pay services. This one comes directly from AT&T. The basic idea is that the criminal tricks you into forwarding your phone to one of their lines. Here’s how it works:
You may receive an automated message on your telephone that says you have won a prize or money. The message directs you to dial a 2-digit code preceded or followed by the * or # key (such as *79 or 72#), and then an 800 number to claim your prize. When you dial the number, you are not connected to anyone. What this procedure has done, though, is program your telephone to forward your calls to a long distance operator. Con artists can then call your number, be forwarded to the long-distance operator and place calls that are billed to your home telephone number.
Security Tip: Know the numbers used for call forwarding from your local telephone company. If you receive a call that requests a two-digit command followed by # or *, simply hang up. If you receive this message on your answering machine, do not place this call. No legitimate sweepstakes or contest would likely contact you in this manner.
Related Tips: "Watch out for fake phone numbers"
You may receive an automated message on your telephone that says you have won a prize or money. The message directs you to dial a 2-digit code preceded or followed by the * or # key (such as *79 or 72#), and then an 800 number to claim your prize. When you dial the number, you are not connected to anyone. What this procedure has done, though, is program your telephone to forward your calls to a long distance operator. Con artists can then call your number, be forwarded to the long-distance operator and place calls that are billed to your home telephone number.
Security Tip: Know the numbers used for call forwarding from your local telephone company. If you receive a call that requests a two-digit command followed by # or *, simply hang up. If you receive this message on your answering machine, do not place this call. No legitimate sweepstakes or contest would likely contact you in this manner.
Related Tips: "Watch out for fake phone numbers"
Beware of the latest YouTube Video
One thing you can guarantee is that spammers and other internet criminals will always be using the latest techniques to get you to open an email and download some spyware. Security firm Sophos has recently been discovering SPAM messages that claim to be a link to a YouTube video, but in fact is a link to downloading some nasty spyware on your computer.
If there is one thing we need to emphasize over and over, it is to NEVER click on a link within an email unless you can verify that it is legitimate - even if it apparently comes from a “friend.” Many times your friends have their computers infected with a virus or spyware and without knowing it will forward these messages to you so that they seem legitimate.
So how do you know it is safe to click on an email link? (See our Tips for Not Becoming a Phish) First, if the email is “unsolicited” (meaning that you didn’t ask for it) it has a good chance of being dangerous, even if it is from a friend. Second, if the email is from someone you don’t recognize, and they REALLY want you to click on it, then about 99% of the time is it likely something for the trash bin.
Security Tip: Never click on a link in a email message encouraging you to download a cool anything, unless you can verify the sender of the message and the safety of the link.
If there is one thing we need to emphasize over and over, it is to NEVER click on a link within an email unless you can verify that it is legitimate - even if it apparently comes from a “friend.” Many times your friends have their computers infected with a virus or spyware and without knowing it will forward these messages to you so that they seem legitimate.
So how do you know it is safe to click on an email link? (See our Tips for Not Becoming a Phish) First, if the email is “unsolicited” (meaning that you didn’t ask for it) it has a good chance of being dangerous, even if it is from a friend. Second, if the email is from someone you don’t recognize, and they REALLY want you to click on it, then about 99% of the time is it likely something for the trash bin.
Security Tip: Never click on a link in a email message encouraging you to download a cool anything, unless you can verify the sender of the message and the safety of the link.
Thursday, October 18, 2007
Watch for ATM Onlookers
Part of protecting your personal information is to always be alert of your physical surroundings. In many cases, a criminal will use a combination of techniques to steal information. One of the most common methods is called "surveillance" - which is a fancy term for watching. Just like in the spy movies, criminals will often spend time watching a person or place to determine patterns that may give them an advantage.
One common and simple way to steal personal information, such as a PIN number, is to watch people type their password on a keypad. Since for ATM machines the PIN is often only 4 digits, these can be very easy to remember. While there are many sophisticated methods, such as "keystroke loggers" (which monitor your typing) or video cameras, in many real-world cases people are able to steal passwords or PINS simply by watching.
ATM machines are perfect for this crime since it is common for people to be standing in line waiting to use the machine. Some people stand uncomfortably close during these transactions.
Security Tip: Whenever you are using your ATM, or any other keypad where you type in your personal PIN, make sure nobody is watching. If they are watching, more your body in front of their line of site or simply abandon the transaction and return later.
You can use this tip whenever you type any personal login or password information into any keypad that is in view of others.
One common and simple way to steal personal information, such as a PIN number, is to watch people type their password on a keypad. Since for ATM machines the PIN is often only 4 digits, these can be very easy to remember. While there are many sophisticated methods, such as "keystroke loggers" (which monitor your typing) or video cameras, in many real-world cases people are able to steal passwords or PINS simply by watching.
ATM machines are perfect for this crime since it is common for people to be standing in line waiting to use the machine. Some people stand uncomfortably close during these transactions.
Security Tip: Whenever you are using your ATM, or any other keypad where you type in your personal PIN, make sure nobody is watching. If they are watching, more your body in front of their line of site or simply abandon the transaction and return later.
You can use this tip whenever you type any personal login or password information into any keypad that is in view of others.
Fake ATM Readers Steal Your Bank Card and PIN
In the category of "what will they think of next" - a new scam to steal your bank card and PIN number is hitting a lot of people.
Teams of organized criminals are installing equipment on legitimate bank ATMs to steal both the ATM card number and the PIN. The team sits nearby in a car receiving the information transmitted wirelessly over weekends and evenings from equipment they install on the front of the ATM. The University of Texas Police has an excellent set of pictures to help to recognize these convertee ATMs. Reports are that these false fronts are also being used at gas stations and other outlets. So what can you do to help spot these fake ATM machines?
ATM Security Tips: First, be extra careful using ATM machines that are in poorly secured areas, such as gas stations or grocery stores. Thieves are likely to target these locations because there is much less change of being detected.
Second, examine the ATM machine a look for any suspicious-looking attachments, including the location of mini-cameras on nearby walls or envelope holders (see the pictures).
Finally, always be aware of suspicious-looking vehicles parked nearby, probably in dark or poorly lit areas. In this scam, the perps need to be nearby to receive the data via a wireless link.
According to police, if you see an attachment like this, do not use the ATM and report it immediately to the bank using the 800 number or phone on the front of the ATM.
Related Tips: Watch out for ATM Onlookers
Teams of organized criminals are installing equipment on legitimate bank ATMs to steal both the ATM card number and the PIN. The team sits nearby in a car receiving the information transmitted wirelessly over weekends and evenings from equipment they install on the front of the ATM. The University of Texas Police has an excellent set of pictures to help to recognize these convertee ATMs. Reports are that these false fronts are also being used at gas stations and other outlets. So what can you do to help spot these fake ATM machines?
ATM Security Tips: First, be extra careful using ATM machines that are in poorly secured areas, such as gas stations or grocery stores. Thieves are likely to target these locations because there is much less change of being detected.
Second, examine the ATM machine a look for any suspicious-looking attachments, including the location of mini-cameras on nearby walls or envelope holders (see the pictures).
Finally, always be aware of suspicious-looking vehicles parked nearby, probably in dark or poorly lit areas. In this scam, the perps need to be nearby to receive the data via a wireless link.
According to police, if you see an attachment like this, do not use the ATM and report it immediately to the bank using the 800 number or phone on the front of the ATM.
Related Tips: Watch out for ATM Onlookers
No need to register your cell phone for Do-Not-Call
A number of emails have been circulating that warn you that your cell phone number is about to be released to telemarketers. The email has a number for the Do-Not-Call registry, claims that you must call from the actual cell phone number, and encourages you to forward this to all of your friends.
While the email may be well-meaning, there are several problems to look out for here. First, it is good to be suspicious of any email that tells you you MUST follow a specific procedure that requires giving up personal information. There is a 99% chance that these are "phishing" emails that are tricks to get you to reveal your personal information. Another key to look for is the tell-tale request at the end of the message to "Send this to all your friends." In fact, if I wanted to steal a bunch of cell phone numbers, I couldn't think of a better method than this! Send out a fake email message that looks well-meaning, have everyone call a number and give up some personal information, and BINGO!
Finally this well-meaning email does not have any information that points to the REAL do-not-call registry. A quick check of the FTC web site reveals that there has been an email telling everyong to register their cell phones, and that this is not necessary. In fact, the FTC provides a helpful document called "the truth about cell phones and DO-NOT-CALL."
So in this case, a 5-second validation process allows you to potentially save your personal information once again.
A copy of the email I received is located below:
____________________________________
Subject: Cell phone numbers going public tomorrow
Cell phone numbers going public tomorrow REMINDER....all cell phone numbers are being released to telemarketing companies tomorrow and you will start to receive sale calls....YOU WILL BE CHARGED FOR THESE CALLS. To prevent this, call the following number from your cell phone: 888-382-1222.It is the National DO NOT CALL list.
It will only take a minute of your time It blocks your number for five (5) years. You must call from the cell phone number you want to have blocked. You cannot call from a different phone number.
HELP OTHERS BY PASSING THIS ON TO ALL YOUR FRIENDS. It take about 20 seconds.
While the email may be well-meaning, there are several problems to look out for here. First, it is good to be suspicious of any email that tells you you MUST follow a specific procedure that requires giving up personal information. There is a 99% chance that these are "phishing" emails that are tricks to get you to reveal your personal information. Another key to look for is the tell-tale request at the end of the message to "Send this to all your friends." In fact, if I wanted to steal a bunch of cell phone numbers, I couldn't think of a better method than this! Send out a fake email message that looks well-meaning, have everyone call a number and give up some personal information, and BINGO!
Finally this well-meaning email does not have any information that points to the REAL do-not-call registry. A quick check of the FTC web site reveals that there has been an email telling everyong to register their cell phones, and that this is not necessary. In fact, the FTC provides a helpful document called "the truth about cell phones and DO-NOT-CALL."
So in this case, a 5-second validation process allows you to potentially save your personal information once again.
A copy of the email I received is located below:
____________________________________
Subject: Cell phone numbers going public tomorrow
Cell phone numbers going public tomorrow REMINDER....all cell phone numbers are being released to telemarketing companies tomorrow and you will start to receive sale calls....YOU WILL BE CHARGED FOR THESE CALLS. To prevent this, call the following number from your cell phone: 888-382-1222.It is the National DO NOT CALL list.
It will only take a minute of your time It blocks your number for five (5) years. You must call from the cell phone number you want to have blocked. You cannot call from a different phone number.
HELP OTHERS BY PASSING THIS ON TO ALL YOUR FRIENDS. It take about 20 seconds.
Subscribe to:
Posts (Atom)
Posts
