Thursday, November 2, 2023

Fraud Alert

 A friend was recently the target of an online fraud scheme which began with a popup message alleging that her computer had been infected by a virus, and she found that her control over her browser was compromised.  She was unable to close the popup window and mouse clicks did not do anything.  The online popup message advised her to not turn off her computer and to contact by phone an online help service offered by Microsoft.  She did as directed and then spent the next six hours on the phone attempting to repair the alleged damage.  I believe the ultimate outcome was that our friend lost a considerable sum of money.

When our friend finally reported her experience to us I advised her that the initial online popup was the first step of a fraud scheme and that the people she spoke with on the phone were misrepresenting themselves as representatives of Microsoft and government agencies.  I said she should turn off her computer and immediately cancel her current credit card and to get a replacement card which would only take a couple days.  I also told her to contact her credit union to tell them that no funds should be transferred from her account.  I said that immediate reporting might help to reduce her losses and perhaps restore some funds that may already have been appropriated by the fraudsters.

For some additional background on the type of attack which our friend experienced I submitted a question to Google's BARD AI chatbot:

(Me)  Describe the techniques used in the online fraud scheme which begins with a message on your computer which says your computer has been infected with a virus, and then says to not turn off your computer and to call a helpline.`Also, describe the proper response to such an attack to avoid becoming a victim of the scheme.

------------------------------------------------------

(BARD) The online fraud scheme that begins with a message on your computer which says your computer has been infected with a virus, and then says to not turn off your computer and to call a helpline, is known as a tech support scam.

Techniques used in tech support scams

Scammers use a variety of techniques to trick people into falling for tech support scams, including:

Fear and urgency: Scammers often try to scare people into thinking that their computer is infected with a serious virus or that their personal information is at risk. They may also tell people that they need to act quickly to avoid further damage.

Social engineering: Scammers may use social engineering techniques to gain people's trust. For example, they may pose as employees of a well-known tech company or use fake caller ID information to make it look like they are calling from a legitimate business.

Technical jargon: Scammers may use technical jargon to confuse people and make them think that they are dealing with a legitimate tech support representative.

Remote access: Scammers may ask people to give them remote access to their computers. This allows them to install malware on the person's computer or steal their personal information.

How to avoid becoming a victim of a tech support scam

There are a number of things you can do to avoid becoming a victim of a tech support scam:

Never call a phone number that is displayed in a pop-up message on your computer. Scammers often use pop-up messages to trick people into calling fake tech support numbers.

Be wary of unsolicited phone calls or emails from people claiming to be from a tech support company. Legitimate tech support companies will not contact you unless you have called them first.

Do not give remote access to your computer to anyone you do not know and trust.

Do not enter your personal information or credit card number into any website or form that is sent to you by email or pop-up message.

Keep your computer's security software up to date and run regular virus scans.

What to do if you think you are a victim of a tech support scam

If you think you may have been a victim of a tech support scam, there are a few things you should do:

Disconnect your computer from the internet. This will prevent the scammers from accessing your computer or stealing your personal information.

Change your passwords for all of your online accounts. This includes your email account, bank accounts, social media accounts, and any other accounts that you use regularly.

Run a virus scan on your computer. This will help you to identify and remove any malware that the scammers may have installed on your computer.

Report the scam to the Federal Trade Commission (FTC). You can do this online at ReportFraud.ftc.gov: https://reportfraud.ftc.gov.

You can also contact your local law enforcement agency to report the scam.

Bard may display inaccurate info, including about people, so double-check its responses. Your privacy & Bard

No comments: