Telemarketers call several times per day, every day. Maybe they don’t take holidays? Most of the time we ignore the calls. They usually hang up after three or four rings, so we don’t lose any time or money to them.
The more insidious contacts come from scammers who have learned to hide behind a familiar-looking phone number on caller ID, or behind a familiar-looking email or corporate logo on email. This is a form of phishing, in which the scammer uses something familiar to trick you into revealing account information, a PIN number, or a password so he can steal your money. Or get you to click on an embedded link in an email so he can plant malware on your computer.
This morning someone called claiming to be from our health care provider. A few days ago someone called claiming to represent our credit card carrier. Last week it was someone who claimed to be with Amazon. What to do? Don’t talk with them, since they have no way to prove their validity. Instead, if you think there really is an issue needing your time and attention, hang up and call the company at a number you know is correct (e.g., the phone number on the back of the credit card). They can tell you if there is a problem and, if there is no problem, they would probably like to know about the scam call so they can turn it over to their fraud investigators.
Turning to email, you probably used to see messages from a Nigerian prince claiming that he had money to give you, if you would either give him your bank account to send it to, or send him a large fee to enable his even larger transaction. Those days seem long gone, but emails claiming to be from Amazon, Apple, Chase Bank, or other companies have taken the place of the Nigerian prince. They come with convincing logos, official-sounding words, and as much of a personal touch as any good scammer can muster. Sometimes they want you to click on a convenient link to log in and fix some supposed problem with your account, except doing so will send your login name and password directly to the scammer. Or, they want you to click a link to reach an agent or receive some important information, but clicking that link will download some kind of bug or malware to your computer. The malware could try to harvest account information (logins and passwords) from your machine, or it could lock up your computer in a ransom attack, or in a twofer, it might even try to do both. Bottom line: don’t click that link! Instead, and particularly if the email claims to have come from a company you know, find that company’s email address for reporting fraud and forward that note to them. I am sure they will find it amusing, and their fraud investigators will appreciate the lead.
You probably know why they call it phishing: it’s because the scammer uses your interests or some bit of trivia about you (like you posted in a Facebook quiz yesterday?) as bait to get past your natural caution. Don’t take the bait!
A Cup of Brouhaha 