Welcome to Simcom.ca - Simcoe Computes! Home on the Internet

Protect yourself from online scams and attacks

This article was received from Microsoft September 12, 2023 and I believe it worth distributing.  It's a long article but I believe is well worth giving it a full read.  It talks about some of the most common attacks and scams that we see and provides information on things you can do to protect yourself.

 Gone phishing

One of the most common attacks we see are what we call “phishing” attacks (pronounced like fishing). This is when an attacker contacts you pretending to be somebody you know or an organization you trust and tries to get you to give them personal information or open a malicious website or file.

Most phishing attempts arrive via email, but they can also come via text messages, direct messages on social media, or even phone calls (what we call "Vishing"). What they all have in common are:

A trusted sender

The message or call will appear to come from a person or organization you trust. Could be your bank, the government, a service like Netflix or Spotify, a tech company like Microsoft, Amazon, or Apple, or some other service you recognize. The truly daring scammers may try to impersonate your boss or a family member.

An urgent request

The messages usually have a sense of urgency to them. Something is going to be canceled, you’re going to have to pay some kind of penalty, or you’re going to miss out on some kind of special deal, and you have to act NOW.
The urgency is to get you to take the message seriously and also to get you to act on the message without thinking about it too much, consulting a trusted advisor, or looking into whether the message might be a fake.

A link or attachment

The message will include something you need to click on – a link to a website, or an attached file most commonly. The website will likely be a fake version of a legitimate website, designed to fool you into entering your username and password, or other personal information, so they can steal that information to use themselves. Any attached file is almost certainly malware.

What can you do about phishing?

1.    Look carefully at any messages you get that want you to take urgent action. Pay particular attention to the email address of the sender. If the message claims to be from your bank but the sender’s address is not your bank’s domain name that should be a loud warning.

2. Never open any links or attachments you weren’t expecting; even if they appear to come from somebody you trust.
If you get a link that appears to be from your bank or other trusted organization, open a new tab in your web browser and go directly to the organization’s website from your own saved favorite, from a web search, or by typing in the organization’s domain name yourself. A link from a phishing email will take you to a site that looks very genuine but is designed to trick you into entering your personal information.    If you get an attachment you weren't expecting, don't open it.  Instead reach out to the sender, preferably via a different method like text message or phone call and confirm that the attachment is genuine before you open it.

Malware

Malware is malicious software and is sometimes referred to as a "virus". It can be designed to do many different things including stealing your personal data, identity theft, using your device to quietly attack other machines, using your computer’s resources to mine cryptocurrency, or any number of other malicious tasks. 

There are a few ways your machine can get infected with malware, but the most common ways are by opening a malicious file attachment or downloading and opening a file from an unsafe website.

You can also get infected with malware by opening a file or installing an app that appears to be useful but is actually malicious. That sort of attack is referred to as a “Trojan Horse”. One version of this that attackers are using is to disguise the malware as a browser update. If you get an unusual notice that your browser needs to be updated, close the suspicious update message, and go to the settings menu for your browser. Look for a Help About page; on all major browsers going to that page will cause the browser to check for legitimate updates.

One type of malware that is common today is called “Ransomware.” This is a particular kind of malware that encrypts your files then demands you pay the attackers to unlock the files so that you can access them. Increasingly ransomware also tries to steal your data so that the attackers can also threaten to release your files publicly if you don’t pay them the ransom. 

If you get infected with ransomware, the FBI recommends that you do not pay the ransom. There's no guarantee that even if you pay the ransom that you'll get your data back, and by paying the ransom you may make yourself a target for additional ransomware attacks in the future.

What can you do about malware?

1.    Be careful. Don’t open attachments or links you weren’t expecting. Be extremely thoughtful about what apps you choose to install and only install reputable apps from reputable providers. Be especially careful about downloading files or applications from torrent or file sharing sites.

2.    Be current. Make sure that your operating system and applications are updated with the latest patches and fixes. On PCs, Windows Update can help.

3.    Be defended. Have an active, current, antimalware program running on your computer. Windows 10 includes Microsoft Defender Antivirus and it’s turned on by default. There are also a number of 3rd party antivirus applications you can choose from.

Tech support scams

Another attack that we see often is the technical support scam. In this attack the scammer contacts you and tries to convince you that there is something wrong with your computer and that you should let them “fix” it for you.

The two most common ways they contact you are via fake error messages on your computer, or by calling you on the phone.

The fake error messages are usually generated by a malicious or compromised website. You’re just using your web browser, perhaps you click on a link in a web search or on social media, and suddenly your screen fills with scary looking messages telling you that your machine has a problem or a virus and that you need to call the provided phone number right away. These pop-ups may appear to block access to your machine so that you can’t close them and may even use alarming sounds or recorded voices to make them seem even scarier.

Tip: Sound familiar? Urgent messages, threatening bad things, if you don’t act right now? This is a recurring theme with attacks and scams.

The phone calls usually take the form of a “tech support agent” calling you and pretending to be from a trusted company like Microsoft or Amazon. These scammers are professionals and will often sound quite convincing.

Regardless of whether you call them from a pop-up or other error message, or they call you posing as a tech support agent, the story is always the same. They tell you that they’ve spotted something wrong with your machine or your account and they want you to let them fix it.

There are a few things that typically happen at that point:

  They’ll want you to let them access your computer remotely so they can "fix" it. While they pretend to fix your computer, they’ll actually be stealing your information or installing malware.

  They may ask you for personal information so they can help “fix” your account. This information will probably include things like your name, address, username, passwords, social security number, birthday, and just about any other kind of personal or financial data they think they can trick you into revealing.

They will often try to charge you a small fee for their services to “fix” the non-existent problem. If you give them your credit card information, they may pretend the card didn’t go through and ask if you have a different card. They do that to see if they can get you to give them multiple credit cards.

What can you do about tech support scams?

Warning signs of tech scams

Exclamation point reflecting an inactive student Urgent pop-ups warning you that your computer has a serious problem, telling you not to turn it off, and giving a phone number to call. Real Microsoft error messages do not include phone numbers to call for support.

DO Restart your device immediately. DON’T Call the number or click any links.

Exclamation point reflecting an inactive student Unsolicited phone calls or messages warning you they’ve spotted a critical problem with your computer or account that they need to fix.

DO Delete the suspicious messages. If it’s a call, ask for their full name and hang up. If you’re going to call back, use the phone number on their official website, on the back of your membership card, or on a recent statement.

DON’T Click any links or call any numbers in the message. DON’T Give the caller remote access to your computer or any personal information like passwords or account numbers.