Tech Solutions NC

Your one stop for home and small business computer and network support

Antivirus software

Beware of Phony Tech Support!

by Leave a Comment

phony tech support

Yesterday I received from the North Carolina Department of Justice Alert mailing list a warning — to beware of phony tech support.  The ruse is elaborate and devious, and can cost you hundreds, even thousands, of dollars if you fall victim.  Here’s the email I received:

Phony tech support and overpayment: two scams in one

For years, crooks have charged victims to repair nonexistent problems on their computers in order to gain access to sensitive personal and financial information stored inside. Now they’ve added a new scam: trying to talk you into long-term technical support that is actually just an excuse to swindle you out of as much as $10,000.

It starts when you agree to charge the tech support membership to your credit card. The scammers call back a few days later to say the company is closing and needs your bank account information so they can to refund money directly into your checking account. To get the so-called refund, they take a large cash advance from your own credit card and deposit it into your account. Next, the con artists claim that they’ve accidentally overpaid you by thousands of dollars and need you to wire the extra funds back to them, usually in China, India or the Philippines.

These greedy crooks have been known to take out another credit card advance, put those funds into the victim’s account, and then claim that the first wire transfer didn’t go through. Victims have been convinced this way to send multiple wire transfers to the scammers. One elderly North Carolina woman ran up $10,000 in credit card debt when she fell for this scam.

Remember:

  • Avoid tech support scams. You can learn more about phony tech support from Microsoft and the FTC.

  • Be very skeptical if anyone asks you to wire money overseas. Once you’ve wired money it’s nearly impossible to get it back.

  • If you receive one of these calls, report it to the Attorney General’s Office at 1-877-5-NO-SCAM or online at www.ncdoj.gov.

I’ve been a subscriber to the NCDOJ Alert mailing list for years, and I suggest you do the same.  Click the link to subscribe. Also, check out their website for their list of alerts that they have written about in the past.

So how do you know who to trust? I’ve written a post about that, please read it, and remember that you need to do your homework when it comes to who you are going to trust. Contact us if you have any questions, or need any support for your computer. We are a source you can trust.

Related articles

Why having a home firewall isn’t enough security

by Leave a Comment

home firewall

Why having a home firewall isn’t enough security.

By Mike Ellis.

Having a firewall for your computer, as discussed in my post on the security settings you need enabled on your computer, is a must for any computer system. However, while having a home firewall is good, it’s not enough security. Today, I’m going to explain in greater detail why this is the case.

In normal firewall operations, if someone outside of your network attempts to make a connection to you, that traffic is blocked by the firewall.  That is one of the main purposes of the firewall, to prevent unauthorized access to your computers. I can go into great detail other aspects of the firewall, and talk about the DMZ and what that means, but in this case, I’m going to just leave it at this. So, unauthorized user outside of our network attempts to connect to your computer, and the firewall blocks it.  So far, so good.

However, what happens when you want to make a connection to something outside of your network? What, you say, you don’t make connections to other computers? Well, here are some that you may make many times a day without even thinking about it:

The key to this list is that each of those services that you and your computer makes each day is to a server, or, in all actuality, a series of servers, all located all over the web. So yes, you make connections to other computers all day long, perhaps without even realizing it.

There is actually nothing wrong with that at all, the point is to gather data, whether it be in the form of that email you are waiting on, or to see what status update your significant other left, or to see what the price is for that new game is.  The difficulty, though, lies in this one little fact:

When you connect to a website, you actually download content from the website into your computer.

I hope I’m not making you feel foolish for writing it this way.  If I am, please accept my apologies, for that is not my intention. In my experience, though, there are a lot of people who just don’t realize what actually happens when they go to a website. So, when you do access a website, your firewall isn’t going to stop you because it’s default behavior is to allow that traffic, so when you connect, you download content into your computer for viewing.  If that content, i.e., that website, is compromised, then you could be bringing into your computer a virus, spyware, trojan horse, keystroke logger, etc., without you even realizing it. Just like that, your computer, your network, even, is compromised — unless you have good, reliable anti-virus software that can detect the malware.

So, if that’s the case, how do I prevent my computer from being compromised? Well, first of all, you need to have a defense-in-depth strategy in place concerning your computer.  You need to have your firewall, you need to have current and reliable anti-virus software, you need to keep your computer updated, and you need to keep your User Account Control settings enabled. The key here is that one of these things may not stop the compromise, but combined together, they might just do the trick.

Another thing you need to have is someone who’s got your back, someone who will take time to explain what is happening, why it is happening, how they are going to clean it up, and how they are going to prevent it from happening in the future.  My company, Tech Solutions NC, is able to be that resource. Do you need support? Reach out to me by phone at 919-606-6725, email at mike@techsolutionsnc.com, or by leaving a comment on this post.

The internet is a useful tool, and there are a lot of good things about the internet. The key to using it, though, is to safeguard your computer and yourself from the things that lurk in the shadows.  That’s my goal — to help you safely navigate the waters of the internet without harm.

Phishing Attacks — what are they?

by 4 Comments

Phishing Attacks

phish – verb “to try to obtain financial or other confidential information from Internet users, typically by sending an email that looks as if it is from a legitimate organization, usually a financial institution, but contains a link to a fake website that replicates the real one.” ~ from dictionary.com

In the connected world that we live in today, the good that the internet provides is countered with all of the bad that exists on it’s web pages.  For every good use that we see the internet being used for, there are at least two bad purposes that are being utilized.

Over the next three days, we are going to take a hard, in depth look at one risk of using the internet — phishing attacks.

In today’s post, we’re going to get into the nuts and bolts about what a phishing attack is.  The definition you see at the top of this post certainly does cover a lot of detail, but let’s expand on that just a bit, shall we?

Phishing Attacks

Like the definition mentions, a phishing attack is an attempt by an unknown party to trick you into providing personal information on a website that looks like a legitimate company website, but in actuality is not legitimate at all. The purpose of doing so is for the attacker to collect sensitive data — such as your social security number, bank account information, login usernames and passwords, and so on — so that they can use that information to secure financial resources without you knowing about it.  This is one of the primary ways that Identity Theft occurs.

phishing attacks
(click to enlarge image)

In the email posted above, you see a poor attempt at a phishing attack.  The email, reportedly from “Citibank Customer Service”, references that your Citi account has been locked.  In the email, the sender indicates that if you did not trigger this lockout, that you should click the link and follow the instructions.  What makes this a poor example is that the link directly shows that clicking the link will take you to a website in the comcast.net domain, not to citibank.net.  Often, a link like that would show the domain for Citibank in the text, making you think it is legitimate, but in reality the link would be taking you to a different domain and website entirely.  For example, the link in this sentence to “click here” takes you to the Tech Solutions NC website, even though the text for the link does not list the name of the website.  Fortunately, though, most browsers today will show you what website that link will take you to just by hovering your mouse over the link (and not clicking it).  You can see an example of that in the image below.

phishing attacks
(click to enlarge image)

To summarize:

  • A phishing attack is an attempt by an unknown attacker to trick you into going to a website that you think is legitimate, but has actually been faked in order to get you to enter personal information so it can be compromised.
  • Most phishing attacks occur in emails that you receive.
  • Often, there are clues you can see in the email that convince you that the email is not legitimate.
  • The purpose of phishing attacks is to steal your identity so that the attacker can profit from it.

Tomorrow, we’re going to explore in more detail how you detect them.  Stop back by tomorrow, and thanks for checking in!