Avoid Scams

A Few Scam Techniques

Phishing: A term coined by hackers who use the internet and email to try to get you to divulge personal information. You may receive an email that appears urgent and legitimate for that matter, from your bank, credit card company, cell phone provider, or other companies asking you to call them or click on an embedded link to verify your account and/or provide personal identifying information.

Vishing: Automated voice mail messages that request you call your bank, cell provider, or credit card company at the number they provide. Once dialed you are asked to enter your account number, PIN or other personal information. Your caller id may even appear as though it's from the legitimate company, and sometimes these calls go straight to voice mail.

Smishing: This is phishing done by using text "sms' messaging on your cell phone. It often encourages you to visit another site, dial a provided phone number or click on embedded links that can then steal your personal information or download malicious spyware.

Skimming: Criminals use attach card readers to ATM machines and often place small hidden cameras near the machine designed to steal your credit/debit card information and PIN's. Often small hand held skimmers are used by rogue store clerks, cashiers and restaurant employees and others who you hand your credit card to.

Pretexting: When someone contacts you through telephone or email pretending to be affiliated with someone you would trust to provide personal information. Someone who is a pretexter may claim to work with a survey company, credit bureau, credit card company or even a customer, client or employer simply trying to gain information.

Pharming: Hackers who redirect a legitimate website's traffic to an imposter website, where they trick the consumer into thinking they are on the legitimate site and try to get you to either purchase their product or divulge your personal information.

Spyware: Software that is often downloaded in free software or unknowingly downloaded by opening attachments that can contain malicious code. Once installed, the spyware monitors your activity on the Internet and transmits that information to someone else. Spyware can also collect email addresses, passwords, credit card numbers and bank account information. Keylogger spyware watches every keystroke you make on the keyboard.

Click Jacking: A new method that constitutes an attack by inserting code in the middle of a website wherein the attacker (which you never see), is able to select the links on the page that they want you to be directed to.  Imagine that they have embedded a new link on a web site with less than adequate security, and now they are redirecting you to a hostile site that can then subject your computer to downloading malicious software.  This redirection of clicks is called Click jacking

Spoofing: a term used to refer to the practice of causing an email or phone call to display text that makes the receiver of the call or email believe it originated from someone they know. Spoofing can cause your telephone network to display a number on your caller ID display which is not that of the actual entity or place the call is originating from.
 
A variety of tips to avoid getting hooked by a phishing scam;

• Download free software from reputable sites only. Tell you kids to beware of downloading freeware that can cause a virus or malicious code to be installed unknowingly on your computer.
• If you get an email or pop-up message that asks for personal or financial information, do not reply. And don't click on the link in the message, either. Legitimate companies don't ask for this information via email. If you are concerned about your account, contact the organization mentioned in the email using a telephone number you know to be genuine, or open a new Internet browser session and type in the company's correct Web address yourself. In any case, don't cut and paste the link from the message into your Internet browser--phishers can make links look like they go to one place, but that actually send you to a different site.
• Use anti-virus and anti-spyware software, as well as a firewall, and update them all regularly.
  
• Don't email personal or financial information. Email is not a secure method of transmitting personal information. If you initiate a transaction and want to provide your personal or financial information through an organization's website, look for indicators that the site is secure, like a lock icon on the browser's status bar or a URL for a website that begins "https:" (the "s" stands for "secure"). Unfortunately, no indicator is foolproof; some phishers have forged security icons too.
• Be cautious about opening any attachment or downloading any files, regardless of who sent them to you. These files can contain viruses or other software that can weaken your computer's security.
• Keep your operating system, and any available patches designed to fix known vulnerabilities, up to-date.
• Don't use a single password for all of your online accounts. Doing so can place you in danger if a thief cracks your password.
• Put some thought into creating strong passwords. Thieves can easily crack passwords if you use the same personal information that you, or your friends post on the internet in personal profiles or websites. Passwords such as a combination of spouse's names, birth dates, favorite sports teams, addresses, are all data thieves try when trying to hack into your accounts.
  
• Never click on pop-ups or embedded links.
  
• Never open attachments unless you know it is from a trusted sender.

Social Networking sites
Don't post anything you wouldn't want the entire world to know about you! This includes your phone number, email addresses, cell phone, birth date, home or work address, IM screen name, pet names, favorite bands or where you like to hang out.

Avoid posting anything that would make it easy for a stranger to find you whether it be at work, school, home or your favorite hangouts. People are not always who they say they are. If they are looking for mischief they can easily use the information you post to identify you or gain your trust. They can then also deceive you or those close to you, by pretending they know you to get additional personal information.

Criminals scavenge social network sites specifically prowling for information that can be turned into-ready money. A small bit of information is often all that is needed to decipher passwords. Hackers recently have broken into personal networking sites and created fake popup windows that ask users to provide a name and password before they can access videos or profiles on the site. The hacker then uses that information to hack into your computer and steal your online information.

Remember, what you post online today can impact your life in the future. Employers regularly scour networking sites or Google a potential employee before hiring them. If you are passed over for a job--it could be due to what they found on the Internet whether posted by you, or someone else, about you! If you receive any suspicious communications or observe suspicious conduct on a social network site, you should immediately report it to the website administrators.

"Students and Social Networking sites: Favorite targets...for thieves!"

Your laptop is your identity. Stolen laptops are a perfect vehicle to obtain personal information about an individual. In recent months, one out of four data breaches have happened in colleges and universities via laptops stolen from the registrar's office. Make sure your laptop is password protected at all times.

Sharing can be dangerous. Be careful when using shared computers. Always delete any personal information and passwords you may have entered into a shared computer. You never know who is going to be using it next or if a virus or spyware has already contaminated the computer. As an added precaution, clear your browser history, clear your cache, and close the browser when your computer session is finished.

For more info on the latest scams see: Scams & Hoaxes & Known Scams

Think Fraud! If not now, when?