Tech Solutions NC

Your one stop for home and small business computer and network support

Personally identifiable information

Beware of Phony Tech Support!

by Leave a Comment

phony tech support

Yesterday I received from the North Carolina Department of Justice Alert mailing list a warning — to beware of phony tech support.  The ruse is elaborate and devious, and can cost you hundreds, even thousands, of dollars if you fall victim.  Here’s the email I received:

Phony tech support and overpayment: two scams in one

For years, crooks have charged victims to repair nonexistent problems on their computers in order to gain access to sensitive personal and financial information stored inside. Now they’ve added a new scam: trying to talk you into long-term technical support that is actually just an excuse to swindle you out of as much as $10,000.

It starts when you agree to charge the tech support membership to your credit card. The scammers call back a few days later to say the company is closing and needs your bank account information so they can to refund money directly into your checking account. To get the so-called refund, they take a large cash advance from your own credit card and deposit it into your account. Next, the con artists claim that they’ve accidentally overpaid you by thousands of dollars and need you to wire the extra funds back to them, usually in China, India or the Philippines.

These greedy crooks have been known to take out another credit card advance, put those funds into the victim’s account, and then claim that the first wire transfer didn’t go through. Victims have been convinced this way to send multiple wire transfers to the scammers. One elderly North Carolina woman ran up $10,000 in credit card debt when she fell for this scam.

Remember:

  • Avoid tech support scams. You can learn more about phony tech support from Microsoft and the FTC.

  • Be very skeptical if anyone asks you to wire money overseas. Once you’ve wired money it’s nearly impossible to get it back.

  • If you receive one of these calls, report it to the Attorney General’s Office at 1-877-5-NO-SCAM or online at www.ncdoj.gov.

I’ve been a subscriber to the NCDOJ Alert mailing list for years, and I suggest you do the same.  Click the link to subscribe. Also, check out their website for their list of alerts that they have written about in the past.

So how do you know who to trust? I’ve written a post about that, please read it, and remember that you need to do your homework when it comes to who you are going to trust. Contact us if you have any questions, or need any support for your computer. We are a source you can trust.

Related articles

Phishing Attacks — what are they?

by 4 Comments

Phishing Attacks

phish – verb “to try to obtain financial or other confidential information from Internet users, typically by sending an email that looks as if it is from a legitimate organization, usually a financial institution, but contains a link to a fake website that replicates the real one.” ~ from dictionary.com

In the connected world that we live in today, the good that the internet provides is countered with all of the bad that exists on it’s web pages.  For every good use that we see the internet being used for, there are at least two bad purposes that are being utilized.

Over the next three days, we are going to take a hard, in depth look at one risk of using the internet — phishing attacks.

In today’s post, we’re going to get into the nuts and bolts about what a phishing attack is.  The definition you see at the top of this post certainly does cover a lot of detail, but let’s expand on that just a bit, shall we?

Phishing Attacks

Like the definition mentions, a phishing attack is an attempt by an unknown party to trick you into providing personal information on a website that looks like a legitimate company website, but in actuality is not legitimate at all. The purpose of doing so is for the attacker to collect sensitive data — such as your social security number, bank account information, login usernames and passwords, and so on — so that they can use that information to secure financial resources without you knowing about it.  This is one of the primary ways that Identity Theft occurs.

phishing attacks
(click to enlarge image)

In the email posted above, you see a poor attempt at a phishing attack.  The email, reportedly from “Citibank Customer Service”, references that your Citi account has been locked.  In the email, the sender indicates that if you did not trigger this lockout, that you should click the link and follow the instructions.  What makes this a poor example is that the link directly shows that clicking the link will take you to a website in the comcast.net domain, not to citibank.net.  Often, a link like that would show the domain for Citibank in the text, making you think it is legitimate, but in reality the link would be taking you to a different domain and website entirely.  For example, the link in this sentence to “click here” takes you to the Tech Solutions NC website, even though the text for the link does not list the name of the website.  Fortunately, though, most browsers today will show you what website that link will take you to just by hovering your mouse over the link (and not clicking it).  You can see an example of that in the image below.

phishing attacks
(click to enlarge image)

To summarize:

  • A phishing attack is an attempt by an unknown attacker to trick you into going to a website that you think is legitimate, but has actually been faked in order to get you to enter personal information so it can be compromised.
  • Most phishing attacks occur in emails that you receive.
  • Often, there are clues you can see in the email that convince you that the email is not legitimate.
  • The purpose of phishing attacks is to steal your identity so that the attacker can profit from it.

Tomorrow, we’re going to explore in more detail how you detect them.  Stop back by tomorrow, and thanks for checking in!