How to protect yourself from Hackers and Scam Artists
It was Saturday afternoon, and I was working at my desk when I received a call from my sister-in-law. She called to tell me that she found this great new service that had a partnership with Microsoft. She proceeded to explain that she was working on her computer when she received a Windows pop-up notification notifying her that she had a virus and that she should immediately call the listed phone number to fix the problem. She told me “they are logged-in to my laptop right now fixing the problem”. Before she could say anything else, I blurted out “you are kidding, right?” She responded “no”.
Now at this point I go into full panic mode. “Turn off the computer or yank the router cable. Don’t let them do anything else. You are being scammed!” I exclaimed. A pause comes over the phone. “Are you sure? They sound so convincing. They told me Microsoft doesn’t make an anti-virus, so they partnered up with Microsoft to help Microsoft’s users” She explained.
“Yes, I am sure! Microsoft does have an anti-virus. It’s called Windows Defender, and it is free. Yank the cable! Were you on the Internet when the window popped up?” I asked. She replied “Yes”.
“Think about it, You are surfing the web and you get what you think is a Windows notification that you have a virus, and you get someone on the phone on a Saturday that is willing to help you, and the first thing out of their mouth is a lie. Yank the cord!” I exclaim. She responds with “I’ll call you back”.
I don’t know why she decided to call me. Maybe, something in the back of her mind told her this was too good to be true, and that maybe she should get the resident geek’s input, or maybe she was so happy she had her own geek now, she had to share it with me. Regardless, the damage was done. She called me back and told me she had called her son to the computer. After speaking with him, we realized that they had removed all the restore points in Windows. There was no reset switch to be found at this point. Her only real option, in my opinion, was to reinstall Windows and hope for the best.
Her son ended up installing antivirus software called “Nod32” and found several trojans.
Unfortunately, the drama had not ended. I recommended he change all her online account passwords from a different computer and keep an eye on her financial accounts for any suspicious activity. Two days later I get a suspicious email from her with a link to a phishing site. Her email account had been hacked! I sent her an email stating “Congratulations! Your computer is now controlled by the Russian Mafia.” I repeated my previous instructions and asked her to change her email password again from a different computer, and to not use the hacked computer again. To add insult to injury, the so-called “Microsoft partner” was trying to bill her for $400.00 in technical support. Wow! What a nightmare.
The truth of the matter is this could have happened to anyone. It almost happened to me a week prior. I was traveling, checking my email on the way, using my cell phone’s hot-spot, when I get a similar pop-up from someone claiming to be Verizon with a similar message and a phone number. It looked just like a Windows systems pop-up. However, I noticed the URL of the site, and it wasn’t Verizon’s.
These scams are happening way too often. I have had both friends and family members who have had their identities stolen, and I’ve seen first-hand the toll the frustration, anger and the feeling of being violated takes on a person. These scam artists aren’t just attacking Target and Home Depot, they are attacking regular people like you and me. Their favorite tool of attack is called social engineering. They study people, figure out what people want and make them think they are getting it. We have all seen the rich Nigerian diplomat scam; the one that wants to share his money with you if you help him get it out of the country by depositing in your account. Most of the time, it isn’t always so obvious.
So, how does one protect oneself? The best defense is education. I have listed some simple tips to follow, and some resources to protect yourself, and your company.
- Be smart. If it sounds too good to be true, it is. Don’t open emails or click on links baiting you with “Nigerian Prince needs your help to secure his treasure” or, something less obvious like, ”click here to track your package”.
- Create restore points on Windows, Backup, restore and test. Here are a couple of links that show how to do this;
- Use anti-virus software. I use Eset’s NOD 32 (paid). Windows has a free option (Windows Defender), and I have used Malware Bites in the past as well.
- Keep your software updated. Turn on auto update. Download the latest patches for all the software you use. Make sure your browser is up to date. You can check your browser at https://whatbrowser.org/
- Use unique passwords for every account. For critical accounts like banks, email, etc. use longer passwords that are non-dictionary words with numbers, special characters, and mixed case (capitalization). For my critical passwords, I use a multi-word sentence with Sci-Fi character names and replace some letters with numbers. I also I include information about the site in the sentence, so each password meets the criteria above but is simple to remember. I also use a password management program like 1password to manage my other 100+ passwords.
- Don’t open files from people you don’t know. Don’t ever open files that end in “.exe” or “.bat”. If you receive an email from someone you do know, and they ask you to check out the attachment, call them before opening to verify they sent it, unless you expected to receive something from them.
- Install Sandbox software on your computer in order test files, sites and software in a protected environment. Http://www.sandboxie.com/ is the one I use.
- Use Drobox or other similar software to store and share your files across computers and phones. I use this as a backup to my backup software. Doing this will save a copy of each file to Dropbox and on each of your computers.
- Never use public hot-spots unless you know for sure the name of the wireless connection you are connecting to. I never use public hot-spots because they are so easy to exploit. I don’t even use the free WiFi in hotels. Make sure the firewall on your computer is active before connecting to any network.
- Protect your personal information. Shred your mail and docs before throwing them away. Secure your mailbox so someone can’t easily open it. Don’t post personal information on-line (aka Facebook). Get a PO box in a different zip code and use that as your Credit card mailing address. Use nonsensical answers to security questions. For example; place of birth = Krypton.
- Use a credit monitoring service to make sure you have not been compromised.
- Don’t use Facebook or other social media credentials to login to other accounts. Have a unique login for every account you have.
- Use two-factor authentication for any account that has that option. You can use https://twofactorauth.org/ to see which sites offer that option.
- Create and use aliases in Gmail or other email clients, and use them when setting up accounts on websites that you don’t necessarily trust, so you can track and filter just the emails using that specific alias. Here is the link on how to use aliases in Gmail. https://support.google.com/mail/answer/12096?hl=en
- Set up a free Google voice account and give that phone number out instead of your cell. You can filter calls, mark as spam and you get free voice to text messaging, so you can read the voicemail instead of having to listen to it.
Please share with your friends, employees, and loved-ones, and comment below with any tips or lessons you have learned, and would like to share.