Beware of cyber scams: How hackers tried to scam me – CyberTalk

Lari Luoma has over 20 years of experience working in the fields of security and networking. For the last 13 years, he has worked with Check Point Professional Services as a security consultant, helping customers worldwide implement the best-in-class cyber security. He is a subject matter expert in hyper-scalable security solutions.

EXECUTIVE SUMMARY:

Cyber crime is on the rise. People encounter scams in their everyday lives without really understanding they are being scammed. These vexing and vicious scams can arrive in various forms; phishing emails, fraudulent phone calls or text messages. All of them aim to exploit unsuspecting victims for financial gain. Recently, I found myself on the receiving end of one such scam. This led me to reflect on how important it is to actively anticipate the latest cyber threats and to maintain vigilance.

It began with an email notification purporting to be from PayPal. The notification claimed that my account had been charged $600 for McAfee Antivirus software. I was urged to take immediate action. The email instructed me to contact a provided customer service number to resolve the supposed issue.  As I scrutinized the email further, alarm bells rang in my mind. The sender’s address raised suspicion— the address was connected to a generic Gmail account, a far cry from the official communication channels one would expect from PayPal.

Despite my skepticism, I decided to call the provided number to investigate. What ensued was a conversation with an individual who claimed to be a customer service representative. However, the person’s demeanor was far from professional. The individual immediately inquired about my location and whether or not I was on my laptop. When I requested a reason and asked why we couldn’t handle the issue over the phone, the person replied that it was because a laptop has a bigger screen, and it would be easier to fill out the form that he was going to send.

Sensing something amiss, I stated that I wasn’t home and didn’t have my laptop with me, to which the caller abruptly hung up. It was a clear indication of foul play; a phishing attempt to obtain sensitive information or compromise my device’s security.

Reflecting on this encounter, I realized just how easily people can be fooled if they think that they are going to lose money. These scammers were very unprofessional and didn’t sound authentic on the phone. Also, using a Gmail address was a big mistake for them. If they had executed on their activities with a bit more sophistication and polish, I might have fallen victim to the scam.

Here are crucial tips to help you and yours avoid falling victim to similar scams. Consider sharing these tips with employees:

1. Verify sender information: Always scrutinize the email sender’s address. Look for any red flags, such as suspicious domain names or generic email providers (like Gmail or Yahoo), especially if they’re being used for “official” communications from reputable organizations.

2. Exercise caution with unsolicited requests: Be wary of unsolicited emails or messages requesting urgent action, especially if the emails or messages involve financial transactions or account verification. Legitimate companies typically don’t request sensitive information via email.

3. Double-check website URLs: Before clicking on any links in emails, hover over them to preview the URL. Verify that they lead to legitimate websites. Make sure that they aren’t phony links to phishing sites that were designed to steal login credentials or personal data.

4. Use two-factor authentication (2FA): Enable 2FA wherever possible, especially for sensitive accounts, like bank accounts or email accounts. This adds an extra layer of security by requiring a secondary verification method, such as a code sent to your phone.

5. Stay informed and educated: Keep abreast of the latest cyber security threats and techniques used by scammers. Organizations like the Federal Trade Commission (FTC) and cyber security blogs, like CyberTalk.org, provide valuable resources and tips for protecting yourself online.

6. Report suspicious activity: If you encounter a potential scam or phishing attempt, report it to the appropriate authorities or the impersonated business. This helps raise awareness and can compel a business to act, thereby preventing others from falling victim to similar schemes.

7. Don’t engage in discussion with scammers: If the email includes a phone number, you shouldn’t call to resolve the alleged issue.

Maintain vigilance regarding any unsolicited messages that you receive. Don’t click on any links and don’t call numbers provided. If an email informs you that a large sum has been debited from your account, consider whether or not the story seems authentic. Check your credit card bills and contact the real customer support numbers for the company that the scammers are purportedly from.

For instance, in the case that I outlined above, I should have researched the real customer support number for McAfee or Paypal and called there, rather than calling the number that was included in the message. Stay savvy and secure.

For more insights from cyber security expert Lari Luoma, click here. To receive clear cyber insights, groundbreaking research and emerging threat analyses each week, subscribe to the CyberTalk.org newsletter.