March 22, 2017

Are you handing over your bank accounts to cyber thieves?

There are many different strategies we can implement to secure our online experience. Hackers routinely go after passwords because they are easy and weak chain in the security link. Most people would be surprised to know that there is still an even weaker link then your password, that is you, the user. Hackers have come a long way from the archetype kid like the one in the movie War Games. They have a very particular set of skills that makes them adept in getting into secure spaces over the years. They employ all sorts of attacks like brute force, DDOS attacks, botnet attacks, SQL injection, vulnerability zero-day attacks, keyloggers, and ransom-ware, but not always do their methods employ a high degree of computing sophistication especially when it comes to exploiting us.

Have you ever received an error message while surfing that looked scary? Maybe it sported flashing lights, sounds, and a dire warning to call Microsoft or Mac support or risk all your info being destroyed? Hackers preying on our ignorance attempt to make end users fall for this scam by pretending to be Microsoft, once the victim believes they are talking to Microsoft, the attacker (usually a foreigner in a call center  outside U.S. jurisdiction)can log in with your help to your computer and further convince you of the NON EXISTENT problem, most try to get you to fork over your credit card to the average tune of $300 for support, sometimes the charge is repeated!

Have you ever seen a home for rent or sale on Craigslist that was too good to be true? IT probably was. Scammers take pictures of houses and put them online, then pretend to be the landlord and either request an upfront deposit and sometimes first and last month rent! Eventually, you realize that you are the trespasser and are out of thousands of dollars.

Did someone ever offer to buy something from you for a lot more than what you have it advertise in your classified for? This type of attack often begins somewhere else to someone else’s bank account or credit card info. The attacker gains access to a stolen bank account then writes you a bogus check which if you attempt to cash will bounce. If you sent the attacker the merchandise now you are out of your goods and are liable for bank fraud. If the check clears the attacker only asks that you keep several hundred extra for yourself and send him the rest. now he has his money and your goods and you are still liable for bank fraud.

Phishing scams are another relatively easy way to lose your bank account.  Suddenly you receive an email from your bank, credit card, or other financial services stating that your account is in peril. You frantically click on the link provided and type in your password to view your account information. Congratulations, you have just been phished. The link provided upon closer inspection leads to a different site other than your bank. It was specifically setup to load a javascript to log your every keystroke and then redirect to your actual bank site.

You get a call from your antivirus, software company or operating system provider. This is direct scamming at its finest. The hacker calls you up and pretends to be associated with a company that has software on your computer. They try to get you to pay them for support of some unspecified error. Usually, the novice computer user knows no better and grants the hacker access plus a credit card to charge.

Catfish scam. I actually experienced a close relative fall for this scam. It took an extraordinary amount of convincing to make them see the light. Catfish scams are social engineering hacks. They attack people looking for romance on popular social sites like facebook, instagram, or romance sites like okcupid. The hacker puts up a fake profile of a very attractive person. Then waits for lonely people to chat them up. Once a conversation is initiated, the scammer will send love letters, poems, emails, calls, anything to make you feel that they are interested and sincere. Unfortunately, it is just a charade designed to make you waste money on them, hey love is blind after all. Once you are emotionally invested, sending hundreds if not thousands of dollars to this stranger will not feel so bad, until you find out it was a lie.  Some people find it so impossible that it was all a lie that they will defend their faux lover even to their own family! There is an excellent video of Dr.Phil that deals with this. It is a must watch.

Purchase scam. Sites like Ebay and Amazon make it easy for anyone to setup an online shop and leverage the volume and footprint of these online giants. Anyone including scammers. A scammer sells a couple of real items on their site to get positive reviews. Usually, the items are very low cost and the reviews maybe 5 stars. The giveaway here is the average cost of the items offered and the low amount of reviews in contrast to the fake item for sale which will be alot more money. Once you purchase, the scammer will try to get you to wait until the return period on PayPal or your credit card expire making it impossible to recover your money.


The takeaway here is if it is too good it probably is. Don’t be embarrassed to have the seller show you their credentials. See what other buyers have said. Deal with checks for housing deposits. Research the landlord to a property on your county’s tax website. Remember that no one legitimate will ever call you in reference to your computer or the sites you visit. And when it comes to romance, the relationship must be face to face and even still you could wind up with a gold digger, but at least it will not be a catfish scam.  Final thoughts: it’s never too late pull away from something that sounds too good.