Tag Archives: scam

The technical support scam and how to avoid it

When talking about cybersecurity, we instantly think of viruses and malware. But advances in personal computer security have made it much harder for hackers to infect your PC through traditional channels like email.

As a result, they have developed new attack methods to get around your defences using a range of techniques, on and off-line. One of the most used and also successful is the “Technical Support Scam” that combines social engineering and technology to empty a victim’s bank account.

What is the Technical Support Scam?

Social engineering relies on building trust with a victim, before tricking them into doing something that gets around their security defences. In the case of the Support Scam, criminals telephone their victims pretending to be from a reputable business, like Microsoft or your security or telephone provider – a company name you recognize.

Posing as an engineer, the hacker informs their target that they have already fallen victim to criminals, and they must take urgent action to plug the security gap. The victim is asked to visit a webpage from their computer, and to download a remote control tool that will allow the engineer to access their system to perform “repair work”.

Once in control of the computer, the “engineer” may call up the computer’s event log and show a number of scary looking (but completely harmless) alerts. They will then suggest downloading further tools that allow them to fix these errors.

Unfortunately these tools are actually malware that will steal valuable information from the victim’s computer – particularly online banking details and passwords. The victim may feel that the engineer has done them a favor, but the reality is that they have invited the hacker to steal from them.

Avoiding the Technical Support Scam

There are several ways you can protect yourself from becoming a victim of this scam. These four tips will help keep you safe:

1. Use your common sense

Microsoft or Panda (for example) never ring customers to inform them of security problems. These companies may provide assistance by telephone, but they never call you first. In fact, unless you pay for a third party technical support service, no one should call you about problems with your computer or router.

No matter how urgent the issue sounds, anyone claiming to be calling about PC security problems is lying.

2.Protect your personal and sensitive information

Never give your account numbers or passwords to anyone over the phone or the Internet unless you are 100% sure who they are. If you are in any doubt at all, hang up. Keep in mind that fraudulent activities are profitable for the bad guys.
A good rule to follow for any incoming call: never hand over your credit card or bank details. Just don’t do it!

3. If you have a doubt: tell everyone about it

The Telephone Support Scam preys on people’s insecurity about their lack of tech knowledge. It is very easy to be a victim, and the best defence is sharing knowledge – telling other people about this scam, and what the criminals are doing. It is much easier to put the phone down if you know that the call is a scam.

You should also consider reporting the scam to the company being investigated. If you do, make sure you find the right details though.

4. Protect your PC in advance

Do not forget to use antivirus protection for all your devices. If your device is protected by an anti-malware toolkit, it will not be generating security errors online or anywhere else. So you know that someone claiming you have a problem is also lying.

If your computer does not have an up-to-date security toolkit installed, you must act now – download a free trial of Panda Security to get started.

Most social engineering attacks can be avoided by taking a second to think through the implications of what you are being told. You must not allow yourself to be bullied into making what could be a very costly mistake.

For more useful tips and advice about staying safe online, please check out the Panda Security knowledge base.

The post The technical support scam and how to avoid it appeared first on Panda Security Mediacenter.

'MethBot' Ad Fraud Operators Making $5 Million Revenue Every Day

The biggest advertising fraud ever!

A group of hackers is making between $3 Million to $5 Million per day from United States brands and media companies in the biggest digital ad fraud ever discovered.

Online fraud-prevention firm White Ops uncovered this new Ad fraud campaign, dubbed “Methbot,” that automatically generates more than 300 Million fraudulent video ad impressions every day.


I'm Warning You, Don't Read this Article. It's a Federal Crime!

Yes, you heard it right. If I tell you not to visit my website, but you still visit it knowing you are disapproved, you are committing a federal crime, and I have the authority to sue you.

Wait! I haven’t disapproved you yet. Rather I’m making you aware of a new court decision that may trouble you and could have big implications going forward.

The United States Court of Appeals for the Ninth

The Dirty Dozen tax scams: Identity theft, phone scams and phishing schemes, oh my!

Scammers target taxpayers as they prepare their tax returns or hire someone to do so.

Scammers target taxpayers as they prepare their tax returns or hire someone to do so.

It’s that time of the year again – tax season is upon us.

Recently, the Internal Revenue Service wrapped up its annual “Dirty Dozen” list of tax scams. This year, identity theft topped the list, but phone scams and phishing schemes also deserve special mentions. It’s important that taxpayers guard against ploys to steal their personal information, scam them out of money or talk them into engaging in questionable behavior with their taxes. While discussing the topic of tax scams, IRS Commissioner John Koskinen said:

“We are working hard to protect taxpayers from identity theft and other scams this filing season. . .Taxpayers have rights and should not be frightened into providing personal information or money to someone over the phone or in an email. We urge taxpayers to help protect themselves from scams — old and new.”

In addition to releasing the “Dirty Dozen” list, the IRS has also renewed a consumer alert for email schemes. This renewal came after seeing an approximate 400 percent surge in phishing and malware incidents so far this tax season.

We encourage taxpayers to review the list in a special section on IRS.gov and be on the lookout for the many different forms of tax scams. Many of these con games peak during filing season as people prepare their tax returns or hire someone to do so.

Taking a closer look at this year’s “Dirty Dozen” scams

Here‘s what you should keep your eyes open for throughout this tax season:

Identity theft: Taxpayers need to watch out for identity theft — especially around tax time. The IRS continues to aggressively pursue the criminals that file fraudulent returns using someone else’s Social Security number. Though the agency is making progress on this front, taxpayers still need to be extremely careful and do everything they can to avoid being victimized.

Phone scams: Phone calls from criminals impersonating IRS agents remain an ongoing threat to taxpayers. The IRS has seen a surge of these phone scams in recent years as scam artists threaten taxpayers with police arrest, deportation and license revocation, among other things.

Phishing: Taxpayers need to be on guard against fake emails or websites looking to steal personal information. The IRS will never send taxpayers an email about a bill or refund out of the blue, so don’t click on one claiming to be from the IRS.

Return preparer fraud: Be on the lookout for unscrupulous return preparers. The vast majority of tax professionals provide honest high-quality service, but there are some dishonest preparers who set up shop each filing season to perpetrate refund fraud, identity theft and other scams that hurt taxpayers.

Offshore tax avoidance: The recent string of successful enforcement actions against offshore tax cheats and the financial organizations that help them shows that it’s a bad bet to hide money and income offshore. Taxpayers are best served by coming in voluntarily and getting caught up on their tax-filing responsibilities.

Inflated refund claims: Be wary of anyone who asks taxpayers to sign a blank return, promises a big refund before looking at their records, or charges fees based on a percentage of the refund. Scam artists use flyers, ads, phony store fronts and word of mouth via trusted community groups to find victims.

Fake charities: Be on guard against groups masquerading as charitable organizations to attract donations from unsuspecting contributors. Contributors should take a few extra minutes to ensure their hard-earned money goes to legitimate and currently eligible charities.

Falsely padding deductions on returns: Taxpayers should avoid the temptation of falsely inflating deductions or expenses on their returns to under pay what they owe or possibly receive larger refunds.

Excessive claims for business credits: Avoid improperly claiming the fuel tax credit, a tax benefit generally not available to most taxpayers. The credit is generally limited to off-highway business use, including use in farming. Taxpayers should also avoid misuse of the research credit.

Falsifying income to claim credits: Don’t invent income to wrongly qualify for tax credits, such as the Earned Income Tax Credit. Taxpayers are sometimes talked into doing this by scam artists. This scam can lead to taxpayers facing big bills to pay back taxes, interest and penalties and in some cases, criminal prosecution.

Abusive tax shelters: Don’t use abusive tax structures to avoid paying taxes. The vast majority of taxpayers pay their fair share, and everyone should be on the lookout for people peddling tax shelters that sound too good to be true. When in doubt, taxpayers should seek an independent opinion regarding complex products they are offered.

Frivolous tax arguments: Don’t use frivolous tax arguments in an effort to avoid paying tax. Promoters of frivolous schemes encourage taxpayers to make unreasonable and outlandish claims even though they are wrong and have been repeatedly thrown out of court. The penalty for filing a frivolous tax return is $5,000.

Proceed with caution while filing taxes

Perpetrators of illegal scams can face significant penalties and interest and possible criminal prosecution. IRS Criminal Investigation works closely with the Department of Justice to shut down scams and prosecute the criminals behind them. Taxpayers should remember that they are legally responsible for what is on their tax return even if it is prepared by someone else. Be sure the preparer is up to the task.

For more information about tax scams, check out the IRS on YouTube.

Follow Avast on FacebookTwitterYouTube, and Google+ where we keep you updated on cybersecurity news every day.

Facebook hoax promises giveaway of 4.5 million company shares

When I was checking my Facebook News Feed this morning, I found this message.

Facebook newsfeed hoax

Facebook newsfeed hoax

It seems one of my friends was very excited because Facebook founder, Mark Zuckerberg, was scheduled to give away 4.5 million shares of Facebook stock at midnight. To enter this lottery-like giveaway, all you had to do was copy and paste the message to your own news feed. The message, and variations like it, go on to say that the winners will be announced  live on today’s Good Morning America. Other variations look like this,

Facebook newsfeed hoax Metro

Facebook hoax image via metro.co.uk

Like others before it, this viral Facebook message is a hoax. You will not be entered by copying and pasting a message. And Mr. Zuckerberg is not giving away 4.5 billion dollars to 1,000 random Facebook users. If this message makes its way to your News Feed, please do not copy and paste it or share with your friends. The best action is to delete it and maybe go buy yourself a lottery ticket. The odds will be a little better. ;-)

Using surveys to better understand viral stories

Facebook is actually doing something about these hoaxes. Early in December, the Facebook newsroom published a News Feed FYI: Using Surveys to Better Understand Viral Stories. In the article they described how they have started using surveys to improve the news feed experience. Every day they ask thousands of people to rate their experience, share suggestions for improvement, and help them infer what might be an interesting story so they can work their algorithms to take that into account when ranking. Here’s what they say about that,

People also take story surveys where they see two stories that could be in their News Feed and answer which they’d most want to see. We compare their answer to the order we would have put these stories in their News Feed. If the story picked is the one News Feed would have shown higher up, that’s a good sign that things are working well. If the story picked is the one we would have put lower down, this highlights an area for improvement.

So if you receive one of these surveys, make sure you fill it out – your feedback will help to eliminate this type of clutter in everyone’s News Feed. :-)

Follow Avast on FacebookTwitterYouTube, and Google+ where we keep you updated on cybersecurity news every day.

‘Secret Sister’ gift exchange is a scam

Tis’ the season for scams to circulate on Facebook and other social sites.

It sounds like great fun! Join your friends for a “Secret Santa” type gift exchange, and invite lots of others to the party. Only problem is that it’s a hoax.

Secret Sisters scam on Facebook

Don’t wait by your mailbox for gifts from this exchange

Watch out if you get a message on your Facebook Newsfeed (also spotted on Reddit) inviting you to join a ‘Secret Sister’ gift exchange. And don’t pass it on, either. It’s a scam, it’s against Facebook’s Terms of Service for sharing personal information, and it could very well be illegal.

Recent messages shared on Facebook

Recent messages shared on Facebook

The invitation describes the way it works; you send one present valued at $10 or more to one person and list six other women’s names to continue the process. You are promised to receive up to 36 gifts in return. Sounds fun and lots of women are falling for it. The messages above were sent this weekend, and one of them only 2 hours ago!

What this gift exchange really looks like is a social media version of the old Chain Letter people used to get in their mail boxes. It’s also known as a Pyramid or Ponzi scheme. The recipient of a chain letter was instructed to copy the letter and send it to a bunch of their friends in order not to “break the chain”.

The United States Postal Inspection Service (USPIS) describes a chain letter as “a get-rich-quick scheme that promises that your mailbox will soon be stuffed full of cash if you decide to participate.”

A typical chain letter includes names and addresses of several individuals whom you may or may not know. You are instructed to send a certain amount of money–usually $5–to the person at the top of the list, and then eliminate that name and add yours to the bottom. You are then instructed to mail copies of the letter to a few more individuals who will hopefully repeat the entire process. The letter promises that if they follow the same procedure, your name will gradually move to the top of the list and you’ll receive money — lots of it.

If you don’t think about it too carefully, it sounds like it could work. The problem is that it doesn’t work, and it’s illegal. USPIS says,

They’re illegal if they request money or other items of value and promise a substantial return to the participants. Chain letters are a form of gambling, and sending them through the mail (or delivering them in person or by computer, but mailing money to participate) violates Title 18, United States Code, Section 1302, the Postal Lottery Statute.

Why do people fall for these scams?

When you receive a message over and over again by friends that you have learned to trust, you automatically think that the information they share is trustworthy. Because these scams exist (read about The Tiffany & Co scam), it’s better to stop and think about it, even do a quick search for the topic, so you don’t become a victim,too.

If you receive a message like this, do not participate in it. You may also want to inform the sender of the scam by sharing this blog with them.

Follow Avast on FacebookTwitterYouTube, and Google+ where we keep you updated on cybersecurity news every day.