Page 1 of 2 12 LastLast
Results 1 to 20 of 34

Thread: Advice on Scams

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. #1

    Advice on Scams

    My city sends out a weekly report on criminal activity. A few weeks ago it was reported that a woman got a pop up on her computer that the computer was taken over and to get it back she needed to deposit over $37K into a bit coin ATM machine. Which she reportedly did. I could not phantom how that could happen.

    I just learned that last Wed a woman I know got a phone call that the FBI wanted her to help them. She followed their instructions to withdraw $15K and deposit it into a bitcoin ATC machine. Which she did. It was raining pretty hard that day. The ATC machine was in a liquor store. The idea that this woman took out $15K in hundreds, drove in the rain to a liquor and stood there and deposited 150 hundred dollar bills into a bit coin ATM machine just blows my mind. This woman is neither senile or stupid. She supports herself with a business that she runs. Evidently she tried to reach her two daughters but neither was available.

    A relative of hers told me that she had done some research and evidently as we age a part of the brain ages to and we lose some common sense or judgement. No idea if that is true.

    This morning I got a phone message that I had won a prize in a publisher's lottery. Since I never entered, think it is safe to ignore.

    I think we all know that if it is too good to be true it probably is. We should also know that the FBI does not contact 80 year olds by phone to ask for their help and our home computers can probably be restored for less that $37K.

    My advice is to go over these stories with anyone you love who is elderly. I think widows are the main target. Have them check with you or a relative they trust before making any deposits into bitcoin ATM machines or buying gift cards and giving the numbers to strangers. These scammers must be very clever.

    SoCal

  2. #2
    Join Date
    Feb 2008
    Location
    New Bern, NC unless it's a home football game then I'm grilling on Devil's Alley
    At least once or twice a week I have clients that come in that have fallen victims to scammers. Thankfully most recognize it early enough and just bring me their computers to doublecheck. However, a few have lost thousands of dollars and it's heartbreaking.

    My most recent issue is a client/friend who had her Facebook account hacked. Not only was her FB account hacked, but her email (that she set up ONLY for her FB) was also hacked, so she has no way of proving to FB that she is who she is since any verification notice goes to that email, which she can no longer access. The verification phone # is that of the hacker, so she can't use that method either. Her only recourse was to set up a whole new account, which Facebook suspended after 5 minutes of its creation since they thought she was someone pretending to be "her". It's maddening.
    Even more maddening is that even though it all could likely be resolved with a phone call, unlike a bank, you CAN'T call FB! You have to go through their steps, which can include uploading a government issued ID, which we did, and was still rejected.

    She's in her 70s, and FB was essentially her #1 means of communicating with friends and family, and now she's locked out of that experience.

    Also, if you haven't lately, take this as a reminder to change your passwords often.
    Q "Why do you like Duke, you didn't even go there." A "Because my art school didn't have a basketball team."

  3. #3
    Join Date
    Feb 2007
    Location
    Ashburn, VA
    Quote Originally Posted by CameronBornAndBred View Post
    Also, if you haven't lately, take this as a reminder to change your passwords often.
    Sorry to hear that story, but I wanted to actually clarify the advice above.

    You're far better off coming up with a system that makes sure you don't re-use passwords. Password re-use is by far a bigger problem than [lack of] password rotation, as most people just rotate passwords into something no better off than the one they had before. Even NIST guidance has been updated to clarify that regular password changes for companies often have cons that outweigh the pros (see NIST SP 800-63B).

    Though obviously you should change your password if you know they have been compromised in any way.

    Password manager tools are best bet to avoid re-use, but even just having your browser auto-suggest a new password and keeping it their keychain is better than nothing.

    And finally, of course, use multi-factor authentication for anything that offers it (that you consider important at least). Use an authenticator app if it's an option, and SMS as last choice (but again, still much better than nothing).
    A text without a context is a pretext.

  4. #4
    Join Date
    Feb 2018
    Location
    Dur'm
    Quote Originally Posted by snowdenscold View Post
    And finally, of course, use multi-factor authentication for anything that offers it (that you consider important at least). Use an authenticator app if it's an option, and SMS as last choice (but again, still much better than nothing).
    SMS is a worse choice than e-mail? Genuinely curious about that. Can you elaborate?

  5. #5
    Join Date
    Feb 2007
    Location
    Washington, DC area
    Quote Originally Posted by Phredd3 View Post
    SMS is a worse choice than e-mail? Genuinely curious about that. Can you elaborate?
    Typically you'd have an email account as the primary connection to an account. You should have a secondary option ("2 factor authentication") using an authenticator app (Google and MS make popular ones) or SMS. SMS is by far the weakest option as it's way to easy to hack a SIM.

    Microsoft, Google, and Apple are working on a system using a phone to authenticate, trying to get rid of passwords entirely. It's OS based, and explicitly not using SMS. Do make sure your phone is set to lock, though!

    -jk

  6. #6
    Join Date
    Feb 2018
    Location
    Dur'm
    Quote Originally Posted by -jk View Post
    Typically you'd have an email account as the primary connection to an account. You should have a secondary option ("2 factor authentication") using an authenticator app (Google and MS make popular ones) or SMS. SMS is by far the weakest option as it's way to easy to hack a SIM.
    Sorry, I was speaking of e-mail as an authentication option. Many accounts use usernames, rather than e-mail, as the primary option. I've always treated e-mail as the least secure authentication option. SMS is second-worst. Apps are clearly the best, and I prefer that whenever it is permitted.

  7. #7
    Quote Originally Posted by Phredd3 View Post
    SMS is a worse choice than e-mail? Genuinely curious about that. Can you elaborate?
    Yes because SMS is susceptible to spoofing & phishing (attack the individual) and SIM swapping (attack through the phone company). Some companies even allow password resets by SMS. I just shake my head when a site gives me the option of email or SMS to get a code. (Looking at you Ticketmaster) Generally the order for 2FA is: RSA Fob/card or a USB/NFC hardware key > Authenticator App > >> e-mail >>>>> SMS. SMS is just the most convenient and probably cheapest. None of my banks use let me use an Authenticator app. Wells Fargo will sell me a RSA fob but it would be require the account use it every time. I don’t really want to carry a bulky fob all the time just in case I want to check something.

    Quote Originally Posted by -jk View Post
    Microsoft, Google, and Apple are working on a system using a phone to authenticate, trying to get rid of passwords entirely. It's OS based, and explicitly not using SMS. Do make sure your phone is set to lock, though!

    -jk
    I like the passkey idea in theory. The problem is it’s open to the current snatch and run crimes we are seeing. A crooks watches a target entering their PIN for the phone. They then steal the phone either covertly or blatantly and change the PIN. Then it’s just a race to get as much from the victim until the freeze the accounts.
    Last edited by Kdogg; 03-27-2023 at 04:31 PM.

  8. #8
    Join Date
    Feb 2011
    Location
    Summerville ,S.C.
    Quote Originally Posted by CameronBornAndBred View Post
    At least once or twice a week I have clients that come in that have fallen victims to scammers. Thankfully most recognize it early enough and just bring me their computers to doublecheck. However, a few have lost thousands of dollars and it's heartbreaking.

    My most recent issue is a client/friend who had her Facebook account hacked. Not only was her FB account hacked, but her email (that she set up ONLY for her FB) was also hacked, so she has no way of proving to FB that she is who she is since any verification notice goes to that email, which she can no longer access. The verification phone # is that of the hacker, so she can't use that method either. Her only recourse was to set up a whole new account, which Facebook suspended after 5 minutes of its creation since they thought she was someone pretending to be "her". It's maddening.
    Even more maddening is that even though it all could likely be resolved with a phone call, unlike a bank, you CAN'T call FB! You have to go through their steps, which can include uploading a government issued ID, which we did, and was still rejected.

    She's in her 70s, and FB was essentially her #1 means of communicating with friends and family, and now she's locked out of that experience.

    Also, if you haven't lately, take this as a reminder to change your passwords often.
    My daughter had her Facebook hacked.they wanted a Ransome to get it back.
    She told them to keep it.started another one.
    Fb was of little help.
    As rudimentary as my computer skills are
    I back up everything in multiples i have 4 google photo accounts.
    Things like fb .I have a rule I should be able to walk away from it anytime.
    I have maybe 5 people on fb i interact with 3 of them.
    If I don't talk to you on the phone your expendable.
    Unfortunately that includes blood relatives .
    IMHO we need to call our elders on the phone .make time for it.
    Life is short and precious.

  9. #9
    Join Date
    Nov 2007
    Location
    Vermont
    My wife and I volunteer for a local organization the goal of which is to keep older people in their homes and out of nursing homes, etc. As such, it's really alarming to see how sophisticated the emails scams have become...it used to be that scam emails had messy looking logos, etc, but now I'm seeing stuff allegedly (but not) from UPS (about the package they want me to have) or Amazon (confirming my non order of a $2600 computer) which look alarmingly real...I have no doubt a lot of people click on the links...

  10. #10
    Join Date
    Feb 2007
    Location
    Durham, NC
    My mom gets the Grandma calls occasionally. Deep male voice saying "Hi, Gramma!"
    She asks, "Who is this?"
    "It's your grandson!"
    "Funny, I don't have a grandson!" (lie)
    Click.

    She knows her grandson would always identify himself. It's sad to think of how many people are scammed by these jerks.

  11. #11
    Join Date
    Feb 2007
    Location
    Washington, DC area
    Quote Originally Posted by budwom View Post
    My wife and I volunteer for a local organization the goal of which is to keep older people in their homes and out of nursing homes, etc. As such, it's really alarming to see how sophisticated the emails scams have become...it used to be that scam emails had messy looking logos, etc, but now I'm seeing stuff allegedly (but not) from UPS (about the package they want me to have) or Amazon (confirming my non order of a $2600 computer) which look alarmingly real...I have no doubt a lot of people click on the links...
    From what I've seen, a big part of the everyday efforts is generating a sense of urgency to get you to react before thinking.

    Renewals of antivirus (Norton and McAfee - the irony!), tech support (Microsoft, Geek Squad), fake orders/packages (Amazon, UPS, and FedEx), expiring credits or rewards for taking surveys (CVS). All companies with massive branding/market penetration. All of the messages have a sense of "act now!"

    Many email/texts just have a phone number to call, then they social engineer their way into your finances. "We need your credit card number to reverse that charge." Or they want to get remote access to your computer to do who knows what. I had one client fall for that one; we opted to save data files and otherwise start from a fresh windows install.

    I occasionally get the robo-call, "This is Microsoft. We've detected a problem with your computer and need to access it to fix it." I played along once for a good 20 or 30 minutes, getting escalated a couple levels, while they tried to walk me through the installation of remote control software. They were really good. I see how people fall for it.

    I tell all my clients to text me a picture of any such email/text they're unsure of, and to never respond to a phone call of that sort. A client's friend had $30K removed from a bank account by one of these scammers.

    -jk

  12. #12
    Join Date
    Nov 2007
    Location
    Vermont
    Quote Originally Posted by -jk View Post
    From what I've seen, a big part of the everyday efforts is generating a sense of urgency to get you to react before thinking.

    Renewals of antivirus (Norton and McAfee - the irony!), tech support (Microsoft, Geek Squad), fake orders/packages (Amazon, UPS, and FedEx), expiring credits or rewards for taking surveys (CVS). All companies with massive branding/market penetration. All of the messages have a sense of "act now!"

    Many email/texts just have a phone number to call, then they social engineer their way into your finances. "We need your credit card number to reverse that charge." Or they want to get remote access to your computer to do who knows what. I had one client fall for that one; we opted to save data files and otherwise start from a fresh windows install.

    I occasionally get the robo-call, "This is Microsoft. We've detected a problem with your computer and need to access it to fix it." I played along once for a good 20 or 30 minutes, getting escalated a couple levels, while they tried to walk me through the installation of remote control software. They were really good. I see how people fall for it.

    I tell all my clients to text me a picture of any such email/text they're unsure of, and to never respond to a phone call of that sort. A client's friend had $30K removed from a bank account by one of these scammers.

    -jk
    Yep, urgency is key. Your Social Security Is Suspended is another especially provocative one...I also keep getting a message that Netflix has suspended my account (though I'm not sure of the reason, maybe eating too much in front of the TV)?
    It's too bad that these clowns can't be traced, or are offshore, because they deserve a cruel fate.
    I got the Microsoft call a number of times and ultimately came up with an especially lewd way of stringing them along, which apparently they came to dislike.

  13. #13
    Join Date
    Feb 2007
    Location
    Durham, NC
    I use these scam calls, and the non-scam ones from the foreign groups bugging me to buy my property, as an opportunity to try out new expletives. It's kind of fun!

  14. #14
    Join Date
    Feb 2007
    Location
    Ashburn, VA
    If you're looking for a free and simple way to get a lot of value, go into your router and point the IP addresses for your DNS resolvers to the OpenDNS ones:

    IPv4 addresses:
    208.67.222.222
    208.67.220.220

    IPv6 addresses:
    2620:119:35::35
    2620:119:53::53

    That should block a lot of malware and phishing from every making an initial connection out of your house.

    More info and some guides: https://umbrella.cisco.com/products/...e-dns-services

    Here's an example from a Verizon FIOS G3100 router, but the UI for other products will be different.

    VZ-Fios-DNS-settings.jpg
    A text without a context is a pretext.

  15. #15
    Quote Originally Posted by snowdenscold View Post
    If you're looking for a free and simple way to get a lot of value, go into your router and point the IP addresses for your DNS resolvers to the OpenDNS ones:

    IPv4 addresses:
    208.67.222.222
    208.67.220.220

    IPv6 addresses:
    2620:119:35::35
    2620:119:53::53

    That should block a lot of malware and phishing from every making an initial connection out of your house.

    More info and some guides: https://umbrella.cisco.com/products/...e-dns-services

    Here's an example from a Verizon FIOS G3100 router, but the UI for other products will be different.

    VZ-Fios-DNS-settings.jpg
    Just curious… have you heard of Cloudflare DNS 1.1.1.1 If so, any comments?

  16. #16
    Join Date
    Feb 2007
    Location
    Ashburn, VA
    Quote Originally Posted by gep View Post
    Just curious… have you heard of Cloudflare DNS 1.1.1.1 If so, any comments?
    Yeah, so all the "quads" (1.1.1.1 by Cloudflare, 8.8.8.8 Google, and 9.9.9.9 by... wait for it... Quad9) are fine, and preferable to the defaults used by your ISP*.

    The benefit of OpenDNS is that they actually provide malware and phishing blocking by default. So instead of returning you an IP address for a malicious site, they'll return you an IP address for their block page instead.

    You can then get a family package (there's both free and paid versions) to do more granular content filtering for kids, etc. But last I checked the malicious stuff was blocked by default whether you have an account or not.



    * Certainly much faster! All the "quads" and OpenDNS should give you < 25ms latency vs. potentially > 200 ms latency for your ISP.
    I guess it's just a question of who do you want seeing all your DNS requests.
    A text without a context is a pretext.

  17. #17
    Quote Originally Posted by snowdenscold View Post
    Yeah, so all the "quads" (1.1.1.1 by Cloudflare, 8.8.8.8 Google, and 9.9.9.9 by... wait for it... Quad9) are fine, and preferable to the defaults used by your ISP*.

    The benefit of OpenDNS is that they actually provide malware and phishing blocking by default. So instead of returning you an IP address for a malicious site, they'll return you an IP address for their block page instead.

    You can then get a family package (there's both free and paid versions) to do more granular content filtering for kids, etc. But last I checked the malicious stuff was blocked by default whether you have an account or not.



    * Certainly much faster! All the "quads" and OpenDNS should give you < 25ms latency vs. potentially > 200 ms latency for your ISP.
    I guess it's just a question of who do you want seeing all your DNS requests.
    Thank you very much for your information. I'll look into OpenDNS. I've heard of it years ago, but haven't looked at in detail.

  18. #18
    Join Date
    Feb 2007
    Location
    Ashburn, VA
    Quote Originally Posted by gep View Post
    Thank you very much for your information. I'll look into OpenDNS. I've heard of it years ago, but haven't looked at in detail.
    You'll see it rebranded as Umbrella since being acquired by Cisco some years back, but the free/home versions still have a lot of reference to the old name.
    A text without a context is a pretext.

  19. #19
    Quote Originally Posted by snowdenscold View Post
    You'll see it rebranded as Umbrella since being acquired by Cisco some years back, but the free/home versions still have a lot of reference to the old name.
    Thanks again. I changed the 2 DNS entries in my router to OpenDNS... I did not set up an account. Works fine... in fact, seems a bit faster than Cloudflare that I was using. And from what I can tell, Umbrella/Cisco is more for businesses and enterprises.

  20. #20
    I don't want to turn this into a thread full of perpetrated scams but this example exposes the mentality of someone that falls for them. Even with all the red flags and people telling her it was a scam, an educated, long time principle continued to believe it was real. Social engineering is as dangerous as clicking a malicious file/link. There's always going to be a part of a person that wants to believe. I've not sure how to control that impulse.

    Florida Principal Scammed Into Sending $100k Check to Elon Musk Impersonator

    A Florida principal resigned on Tuesday after sending a $100,000 check to an internet scammer posing as Elon Musk. Jan McGee was the principal at the Burns Science and Technology charter school in Oak Hill since the school opened in 2011 and reportedly communicated with the scammer for months before sending the check from the school’s account.

    McGee said she believed the $100,000 would act as a down payment and in return, the billionaire reportedly promised he would invest millions of dollars in the school, NBC affiliate WESH first reported.

    The school’s business administrator, Brent Appy, noticed the payment and was able to cancel the check before it could be cashed. McGee announced she was resigning after a school board meeting when her fellow administrators said they refused to work under her.
    Burns Sci-Tech is a highly ranked school with roughly 1,000 students who attend and has a lengthy years-long waiting list.

Similar Threads

  1. Car Advice
    By Highlander in forum Off Topic
    Replies: 166
    Last Post: 04-05-2023, 07:59 AM
  2. Mac/PC Advice
    By JBDuke in forum Off Topic
    Replies: 30
    Last Post: 02-08-2013, 05:16 PM
  3. advice on a new car...
    By bjornolf in forum Off Topic
    Replies: 23
    Last Post: 05-27-2008, 11:24 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •