The Modern Con
By Paul Forni, Information Security Officer Email: firstname.lastname@example.org
- I’ve been robbed, arrested, or in an accident scam. This scam could come in the form of a phone call or an instant message through a Social Media site. The cyber-criminal poses as a relative or a friend. Since the criminal has been watching your activity on Social Media, chances are they have some knowledge about you. They use this knowledge to gain your confidence.
Normally the criminal claims to be in a foreign country and this is an emergency. They’ve been robbed, arrested, or in an accident. They don’t have their passport and are in need of money. What comes next is the biggest warning sign this is a scam, they ask you to WIRE them money and please don’t tell anyone because this is very embarrassing for them.
- Fake Advertising and Rogue Links are another real threat on Social Media. Not all advertisements are real or genuine offers and clicking on them may expose your computer to malicious software, which in turn could allow a cyber-criminal direct access to your computer. Think before you click.
Vishing is when criminals use the telephone in an attempt to scam someone out of money or getting access to their computer. If you have caller ID on your phone, you can’t trust it. It is very easy for a criminal to “spoof” a phone number and they can make whatever telephone number they want appear on your caller id. Some popular Vishing scams include:
- “Hi, I’m calling from the IRS and you ow back taxes.” The IRS does not make phone calls, they send letters.
- “Hi, I’m calling from Microsoft and we’ve noticed a problem with your computer, if you allow us remote access, we’ll be able to fix that for you.” Microsoft does not monitor customers’ computers.
- “Hi, I’m calling from your Credit Card Company and I’d like to help you lower your current interest rate. Would you just please confirm your card number by reading it to me?” Your bank or Credit Card Company should never call you and ask you for your account number. If they are truly your bank or Credit Card Company, they should already know your account number.
As a rule of thumb, NEVER give out sensitive information like account numbers, social security numbers, etc. unless YOU have initiated the phone call and are 100% certain you know who you are talking to. The best defense for staying safe and to avoid becoming a victim, stay educated. There are a number of free resources you may access, like www.OnGuardOnline.gov ,that have a lot of great tips and advice.  Mann, Ian (2008). Hacking the Human: Social Engineering Techniques and Security Countermeasures. Gower Publishing Company. ISBN: 0566087731  Symantec (2015). Internet Security Threat Report. Symantec Corporation World Headquarters.