You have probably heard the term ‘phishing’ before. Unfortunately, phishing – the practice of illegally posing as a trustworthy institution in order to obtain sensitive data such as credit card details – isn’t new and has affected hundreds of thousands of companies and individuals.
In 2016, in the UK alone, there has been over 8,000 phishing attacks occurring a month. Sadly, that number is probably a lot less than the true amount because of the number of attacks that aren’t reported.
For example, the IRS has reported that phishing attacks related to taxes are up 400% this season.
Phishing usually happens through electronic channels such as email or bogus websites. But recently, a new kind of scamming called ‘voice phishing’ or ‘vishing’ surfaced. It has many forms, but the bottom line is that the scammers try to get a hold of your personal information such as name, address and credit card info. How do they do it? In many ways, which is why it’s necessary to remain vigilant and never give people such information on the telephone. Some pretend to be the IRS or other public institutions. Scammers often alter caller ID to make it look like the IRS or another agency is calling. The callers use IRS titles and fake badge numbers to appear legitimate. They may use the victim’s name, address and other personal information to make the call sound official. Recently, a scam gaining popularity is the ISP scam. It means the scammers pretend to be your internet service provider and you may see an ‘error’ or a fake pop-up on your screen telling you to call technical support. They simply give you their number and off you go! You call them, they pretend to fix the problem and ask for a credit card payment of as much as many hundreds of dollars. The callers are often from foreign countries - mostly in India, but sometimes even difficult to determine the real origin of attack source and they operate from huge call centers, set up specifically for these purposes. Even a person partially comfortable with the everyday use of the Internet and computers can easily fall for this. Never to mention the elderly who may not be tech savvy at all.
A new scam, in which fraudsters pose as legitimate internet service providers to offer bogus tech support, either via the phone or on the net, is on the rise, the BBC has found.
It is a twist on an old trick which involved cold-calling a victim - often claiming to represent Microsoft - and charging for fake tech support.
The new variants have been spotted in the UK and US. BT said that it was investigating the issue.
The online version of the scam involves a realistic pop-up that interrupts a victim's normal browsing session with a message that appears to be legitimate and seems to come from the victim's real provider.
The pop-up contains a message saying that the ISP has ‘detected malware’, and urging victims to call a number ‘for immediate assistance’. They then ask you to allow them access to your computer, proceed to ‘help’ and finally take your credit card details to steal money.
Microsoft has tracked many of the call centres, from which the scams are run, back to India and is now working with Indian law enforcement to crack down on them. Raids on such call centres are starting to shed light on the operation behind the scam.
They are striving to determine whether the scammers are aware of the scam or just reading from a script. The pop-up scam seems to affect mostly: Verizon, AT&T and TimeWarner, BT, PlusNet, Sky and TalkTalk.
According to Symantec, there has been a 200% rise in tech support scams this year - with 100 million malware exploits related to them.
There are a few things you can do to protect yourself and your computer. First of all, always have up-to-date anti-malware software. Secondly, don’t enter untrusted websites or click pop-ups. Be vigilant and don’t give anyone any information until you verify that they are legit. How can you do this? If someone calls or messages you claiming to be from a certain company or organization, tell them you’ll call them back. Then, find the official number on their site or better still, a bill or official letter. Use the genuine number and consult the company in question. There are a number of YouTubers and bloggers who took it upon themselves to show how the scams work all the way though. They use virtual machines and fake credit cards to get proof on video that the scammers charge people hundreds of dollars for fake 'support'. It can be useful to familiarize and educate yourself or your kids/parents and grandparents what to look out for.