There are an abundance of security risks on the internet and via the phones. Scammers are known to impersonate organizations such as Revenue Canada, Microsoft or even your bank may tell you scary stories. The process of convincing someone of facts that are not true is a type of social engineering.What is social engineering? Social engineering is defined as the manipulation of people in order to get them to divulge personal and confidential information from them, for the purpose of malicious activity. This can result in fraud. Most of this fraud is of the financial type.
If you do know any of these people, share this article with them for awareness.
Let's go through a few examples of the popular encounters:
FAKE MICROSOFT / WINDOWS SUPPORT WEBSITES
These websites can popup if you spell the website incorrectly like 'yooutube.com', 'gooogle.com' or 'outlooook.com'. Microsoft or Apple will never ask you to call them. All that is needed is to just shut the device off and turn it back on to get rid of the message.
When you call them, they may ask you for access so they can remote into your computer and connect you to their "secure server". They may lie to you to make your computer look damaged when it really isn't. When they remote into your computer if they show you a screen with a bunch of red X's and yellow exclamation marks, these are all normal.
If they showed you a black screen with white writing and then showed hackers or viruses at the bottom, they did a CTRL - V and faked it. This is a DOS command prompt and virus detection is not possible in this window.
If they showed you a screen that says stopped services, that is normal. They should be stopped until Windows needs those services.
If you already contacted the scam artists and they convinced you to remote into your device, then uninstall all software that was used in the process of remoting them in. If they asked you to install TeamViewer, it is possible that they will still be able to remote back into your computer without your knowing at a later time. If you're not able to determine what was done, then pull the device off of the internet and shut it down. Report the issue to your IT person or trusted Geek Squad or Staples tech department. If you paid any money with your credit card, call your credit card company and alert them to reverse the charges. It would probably be best for the credit card company to send you a new credit card number.
Apple devices can have fake messages as well. If you are provided with a number to call, they will tell you that there was some unauthorized people trying to access your Apple ID and that they got the notifications from the hackers. You may also get an email or a phone call scaring you into thinking they are Apple Support when they really aren't.
We try to make sure that searching for us is not difficult. But in the rare instance when you do a web search for 'Sage', a fake sight may show up. See our other Sage City blog for tips on ensuring you are calling the legit Sage.
Some fake Sage hotlines have been known to ask for account ID information. If you feel that you have spoken to a 'fake Sage' call 866-996-7243 to report the issue and address any of your account security issues.
Tax season is around the corner. One can easily get tricked into thinking the CRA or IRS is really out to get you when they really aren't. They leave a message and when you call them back, they will introduce themselves with a 'fake badge ID number'. They tell you "the police are coming to arrest you and put you behind the bars". If you want to settle it out of the court they end up asking you to go to the local store and get a gift card - iTunes, Google Play or Walmart are the popular ones they ask for. If you get one of these phone calls, don't just hang up the phone. Report the incident by calling 1-888-495-8501 or visit this site regardless if you got scammed or not. They may be able to pull down the number before anyone else gets scammed. If you want more information on how to differentiate between the real or fake CRA, see https://globalnews.ca/news/4907961/cra-phone-scams/
Examples of CRA messages:
Your bank will never send you a text message that your bank account is deactivated. When you open the link, it will take you to a website that looks like your bank website but all it does is capture your username and password so that they can login later. Try not to click on the link. Report the issue to your bank so they can take the appropriate action to secure your account. Delete the message after speaking with your bank.
You may one day get a call that you paid for computer services and that the 'fake computer support company' is going out of business and they need you to login to your bank account to refund the money. They ask to remote into your computer and bank account. They end up playing with the html code on the page to make it look like they are transferring more money to your account than they should be transferring. They tell you to go to the local store and buy some iTunes or Google Play cards to fulfill the fake refund. The video below tells the story of their operation:
The first step in protecting yourself is awareness. The second step is addressing the vulnerabilities by closing the open doors. While global law enforcement is not able to prevent every scam from happening, and it doesn't seem that they may go around posting warning lawn signs anytime soon. If you are looking at this article, it is very important that you share this article with those in need of an eye opening. Happy suppressions!
Credits:Global News: https://globalnews.ca/news/4640420/cra-scams/CBC: https://www.cbc.ca/news/technology/marketplace-social-engineering-sim-swap-hack-1.5009279CNet: https://www.cnet.com/how-to/how-to-avoid-tech-support-scams/Forbes: https://www.forbes.com/search/?q=security+compliance#3a868835279fMalwarebytes: https://blog.malwarebytes.com/tech-support-scams/Canadian Anti-Fraud Centre: http://www.antifraudcentre-centreantifraude.ca/fraud-escroquerie/index-eng.htmJim Browning: https://www.youtube.com/channel/UCBNG0osIBAprVcZZ3ic84vw
Lisez ce blog en français
Évitez de devenir une naïve victime de fraude financière
Thanks for reading!
For more resources visit: Sage Product Support Resources for help with products in North America