Protecting yourself from becoming an unsuspecting victim of financial fraud

There are an abundance of security risks on the internet and via the phones. Scammers are known to impersonate organizations such as Revenue Canada, Microsoft or even your bank may tell you scary  stories. The process of convincing someone of facts that are not true is a type of social engineering.
What is social engineering? Social engineering is defined as the manipulation of people  in order to  get them to divulge personal and confidential information from them, for the purpose of malicious activity. This can result in fraud. Most of this fraud is of the financial type.

Who can be easy targets of social engineering?

  1. The non-tech savvy and those that typically need assistance from others when using smartphones or computers
  2. Business owners, administrators and colleagues that use the internet to run their business but don’t understand the fundamentals of GDPR or had very little training on social engineering
  3. Users that are looking for free internet downloads
  4. Computer users that have no certified malware protection
  5. Residences that have their landline phone number posted in the public White Pages
  6. Facebook users
  7. Someone that has shared with you a forwarded WhatsApp or Facebook spam message for a "free gift card"
  8. Someone that has been scammed before

If you do know any of these people, share this article with them for awareness.

What are the characteristics of these social engineers?

  1. Upon contact, they tend to be extremely friendly: "How are you doing today?" or "By god's grace, the lord has shined this blessed fortune upon you"
  2. Ensure safety: "We need to remote to your computer. You will be connected to our 'secure' server"
  3. Embed scare tactics either on the phone or by email and text message: "You will be arrested" or "Click here to login to fix your suspended bank account"
  4. Convince of guarantee to fix an issue you don't really have: "After you pay, we will cancel the arrest warrant" or "We will fix all the computer issues and get rid of the hackers"
  5. Will stay with you on the phone line for hours till they get what they want: "You are not allowed to hang up the phone"

Let's go through a few examples of the popular encounters:

FAKE MICROSOFT / WINDOWS SUPPORT WEBSITES

These websites can popup if you spell the website incorrectly like 'yooutube.com', 'gooogle.com' or 'outlooook.com'. Microsoft or Apple will never ask you to call them. All that is needed is to just shut the device off and turn it back on to get rid of the message.

When you call them, they may ask you for access so they can remote into your computer and connect  you to their "secure server". They may lie to you to make your computer look damaged when it really isn't. When they remote into your computer if they show you a screen with a bunch of red X's and yellow exclamation marks, these are all normal.

If they showed you a black screen with white writing and then showed hackers or viruses at the bottom, they did a CTRL - V and faked it. This is a DOS command prompt and virus detection is not possible in this window.

If they showed you a screen that says stopped services, that is normal. They should be stopped until Windows needs those services.

If you already contacted the scam artists and they convinced you to remote into your device, then uninstall all software that was used in the process of remoting  them in. If they asked you to install TeamViewer, it is possible that they will still be able to remote back into your computer without your knowing at a later time. If you're not able to determine what was done, then pull the device off of the internet and shut it down. Report the issue to your IT person or trusted Geek Squad or Staples tech department. If you paid any money with your credit card, call your credit card company and alert them to reverse the charges. It would probably be best for the credit card company to send you a new credit card number.

FAKE APPLE CARE WEBSITES and EMAILS

Apple devices can have fake messages as well. If you are provided with a number to call, they will tell you that there was some unauthorized people trying to access your Apple ID and that they got the notifications from the hackers. You may also get an email or a phone call scaring you into thinking they are Apple Support when they really aren't.

FAKE SAGE SUPPORT WEBSITES

We try to make sure that searching for us is not difficult. But in the rare instance when you do a web search for 'Sage', a fake sight may show up. See our other Sage City blog for tips on ensuring you are calling the legit Sage.

Some fake Sage hotlines have been known to ask for account ID information. If you feel that you have spoken to a 'fake Sage' call 866-996-7243 to report the issue and address any of your account security issues.

CRA VOICEMAILS

Tax season is around the corner. One can easily get tricked into thinking the CRA or IRS is really out to get you when they really aren't. They leave a message  and when you call them back, they will introduce themselves with a 'fake badge ID number'. They tell you "the police are coming to arrest you and put you behind the bars".
If you want to settle it out of the court they end up asking you to go to the local store and get a gift card - iTunes, Google Play or Walmart are the popular ones they ask for. If you get one of these phone calls, don't just hang up the phone. Report the incident by calling 1-888-495-8501 or visit this site regardless if you got scammed or not. They may be able to pull down the number before anyone else gets scammed. If you want more information on how to differentiate between the real or fake CRA, see https://globalnews.ca/news/4907961/cra-phone-scams/

Examples of CRA messages:

SMS BANK MESSAGES

Your bank will never send you a text message that your bank account is deactivated. When you open the link, it will take you to a website that looks like your bank website but all it does is capture your username and password so that they can login later. Try not to click on the link. Report the issue to your bank so they can take the appropriate action to secure your account. Delete the message after speaking with your bank.

REFUND SCAMMERS

You may one day get a call that you paid for computer services and that the 'fake computer support company' is going out of business and they need you to login to your bank account to refund the money. They ask to remote into your computer and bank account. They end up playing with the html code on the page to make it look like they are transferring more money to your account than they should be transferring. They tell you to go to the local store and buy some iTunes or Google Play cards to fulfill the fake refund. The video below tells the story of their operation: