To search for a specific scam, try entering key words into the search field located in the upper right corner of our main page. You can also click on our Scam Collection and scroll through the categories to locate specific types of scams, such as emails disguised to look like bank or credit card notifications.
Computer security experts will tell you that security should be layered and cannot only rely on software and your tech staff. Protecting your company computers, users and data is best accomplished by educating your employees too. The majority of scams that can cost your company loss of data, malware infections, or the hijacking of your computer and network resources depend on manipulating your employee’s behavior. This is called social engineering and the scammers are experts at it!
We can help! Become a company member of The Daily Scam and let us teach your employees through the premium content of our newsletters, videos, how-to’s and Super-Sleuth series. We make learning and exposing scams fun! We offer a bit of swag so you can reward employees who begin exposing scams that target your company and save you money, time and lost resources! Educated employees are your first line of defense against the scammers. Become a member today.
Imagine a business where none of the employees (including the boss) use the Internet to access their personal social media accounts like Facebook and Instagram, or use the Internet to surf the web or shop online, or access their personal email while at work. Can you imagine such a business? …yah, neither could we.
All of these activities put your computers, network and data at risk. For example, Osterman Research found that 36% of Corporate Employees are using Facebook at work, up from 28% the year before. Both Twitter and LinkedIn use are on the rise as well. And social networking sites such as these are a minefield of scams and malware tricks. Even YouTube is littered with links that try to trick viewers into downloading malware onto computers. Want to learn more about the threats presented by social media? Read this article from the folks at Webtitan.
Email and shopping online only increase your risks. Scams and malware threats pour into employees in-boxes disguised as a hundred different communications, all designed to engineer the employee to click a link or download a file that will result in a computer infection or breach of security. Scams have been disguised as:
- UPS, FedEx and DHL delivery notices
- Airline tickets
- Complaints from the Better Business Bureau
- Notifications from banks and money transfer agencies
- Software updates for Adobe Flash & Reader, and Norton & Symantec Antivirus
- ADP Payroll transaction reports and Intuit Quickbooks notices
- Buy.com, Amazon.com, Apple.com and other well known sites
View our Tips & Advice section to see many more links about the risks to businesses. However, preventing your employees from using the Internet at all is an unrealistic expectation for most of us. And for many, disconnecting from the Internet would interfere with their business entirely! Let us help your business. Become a corporate subscriber of our newsletter and get a company membership.
Both attachments and links can be extremely risky to click! Attachments can contain computer code resulting in an immediate computer infection. Usually, the code is small and simply initiates the download of additional malware (bad software). Clicking a link in an email can take the victim to a malicious website that causes a “drive-by download” of malware. The moment you arrive on the site, your computer is infected. Some type of infections take advantage of security flaws in our computer software and we don’t stand a chance. Even Apple computers are at risk and most Mac owners don’t realize this. There are more than 3000 known pieces of malware that infect the Mac computer (Source: Sophos.com) and the number is increasing every week. To get an idea of this new reality read this CNet article about the Flashback infection of about 600,000 Mac users in the Spring of 2012. Unfortunately, there are literally millions of known malware that infect Windows-based computers.
Other types of infections require the victim to approve an installation by entering his or her administrative password. A little “social engineering” makes this easy. For example, the victim might be told that he or she needs an update for Adobe Reader in order to view the eFax or UPS missed delivery notice. Tricking victims into installing software with a password is easy-peasy for the scammers!
First of all, we encourage you to visit our Tips & Advice to find many good resources. If you become a member, you’ll have access to many more valuable resources on videos, discounts to webinars and more. However, to answer the question, here’s the short list simply stated:
1. Learn how to “mouse-over” all links and look to see where they lead to before clicking. (Read more.)
2. Never click on attachments unless you are expecting the attachment from a friend or business. When you have the least bit of doubt, contact the sender and verify the file.
3. Not all links and attachments are the same. Learn how to tell the difference and which file types carry the greatest risks! Clicking on photo.jpg is a lot different than clicking on photo.jpg.exe. Clicking delivery-notification.zip or delivery-notification.dmg tells you nothing about what is inside the zip or dmg file. (TDS Members can learn more by reading our Member’s article File Names Will Set You Free.) Never click on shortened URLs unless you can “resolve” their origin. Don’t know what this means? Read more.
4. Learn the most common tricks that spammers and scammers use to get your attention. Read our article Why Is It So Hard to Resist the Urge to Click?
5. Keep a healthy dose of skepticism about everything that comes across the Internet. We aren’t saying we want you to be paranoid. However, it is simply much too easy to hide or spoof who is contacting you and his or her intentions. “Spoofing” means that a communication such as an email or Facebook post looks like it comes from one person, when in fact, it comes from someone else. The scammers are masters of these tricks!
This answer depends on whether or not you are a home user or business user and how much you value your computer and network resources.
BOTH HOME & BUSINESS USERS:
a) Every computer in your home or business, including Apple computers, should have a well-known anti-virus/anti-malware (AV) software installed.
b) The subscription service that keeps the anti-virus/anti-malware software up-to-date should be current and working. (Some successful malware infections immediately disable the AV software!)
c) Every computer should have its built-in firewall software turned on to a reasonably high level of security. (A firewall is a barrier that is intended to stop the spread of malware, hack, or computer infection.)
d) Administrative computer access should not be given to children or most employees. This level of access gives the user permission to install software and change critical settings such as limit or turn off firewalls. Limit administrative access to parents or key people in a business who are assigned the task to take care of the computers. A technique used by the most serious users to protect themselves, is to have two accounts on your computer for your use. One is the Administrative account that you only use for the installation of software. The other is your “every day” account and it does not have administrative privileges. Just be sure to have different passwords to access these two accounts!
e) Make sure to keep your computer’s software up-to-date. That includes your web browser, plug-ins used with your web browser, Microsoft and Adobe products.
f) It’s time for strong secure passwords! And it’s time that you used a different password for your accounts! Truth be told, most people have awful passwords or use the same password for multiple sensitive accounts. Learn more about password security. It isn’t as hard as you think!
g) HOME USERS:
- Install a content filter on all of your home computers. Not only will this software better protect your children from Internet content that is not developmentally healthy or appropriate for them and give you better monitoring & control over what your kids do on the Internet, but content filters block access to a lot of very scammy websites – websites with malicious intent and also legitimate websites that are infected with malware. While AV software identifies most infections that get onto your computer, the content filter, along with the firewall keep it from getting to you.
- Educate yourself and your family about the basic skills to use the Internet safely! That’s why you’re here, right? It’s certainly why we’re here!
h) BUSINESS USERS:
- Install a quality hardware filewall solution and have someone in your company learn how to administer it or hire an outside company to do this for you.
- Assign someone in your business to be in charge of computer, data and network security. Help them get the training they need and provide them with the resources and support they will need.
- Educate your employees! Believe it or not, your employees are your first, and best, line of defense! The reason is simple. Human behavior is one of the greatest risks to a company’s computer and network resources. Don’t believe us? Read these sample articles and then become a member of The Daily Scam.
Yes, please! We love teaching people how to identify scams meant to cheat us, steal our resources, and harm our computers, friends and family. It is much more fun for us to give a workshop in person than posting articles on the Internet! (Not that we don’t like that too.) If you are interested in having us conduct a workshop, be a speaker at your event, or simply be a resource on site at your business for a day, email us. Send your email to [email protected]. Be sure to give us as much detail as possible so we can best respond. Specifically, we would like to know:
- Date & time (if known)
- Location (You’ll have to cover our travel expenses from Boston, MA)
- Did you have a specific topic or issue in mind that you wanted us to address?
- Describe your expected audience and approximate number. (e.g. is your event a high school assembly, local meeting of the BBB, annual AARP convention, or employee workshop for 200 employees?)
- Length of time we have to work with (We can do a presentation in 45 minutes but prefer 90 minutes so we can cover lots of important skills and leave time for Q&A.)
Our Fees vary depending on how far we have to travel and who’s inviting us, meaning that we try to offer a discount to schools, small businesses and non-profits. Sorry big corporations but you’ll have to pay the full price.
Educate and incentivise! Let us help you educate your employees and motivate them to recognize and expose the scams and tricks that put your business at risk. That’s what we do best. Let’s make it fun, perhaps even competitive. How many scams can folks reveal each week or month? Use our swag to reward your in-house cyber-police. And let’s do it all with a sense of humor. Find out how.
Does a bear… OK, you get the idea. Yes, Facebook is one of the scammiest sites on the planet because the scammers are attracted to the tremendous number of people using it and how remarkably connected everyone is on the site. Facebook itself isn’t bad, but it does attract bad people who prey on other Facebook users. If a scammer can hack into one account with 830 friends for example, the potential gain is huge! The scammer has many methods for making money and the simplest one is to send out a wall post from the hacked account to all of his or her friends with a malicious link. Pow! Hundreds of folks accounts or computers become infected. Here’s a simple example of scam wall post from a hacked account:
More details about this particular scam can be found at Facecrooks.com.
Given how little privacy there is for anyone using the Internet, and this includes our email addresses, removing all instances of spam is exceptionally difficult to do. However, there are several very good common sense things we can do to reduce the spam, and by association, the scams we receive.
First, let’s understand that what we often think of as “free” on the Internet is anything but. We often “pay” for the privilege to use a website or web service by providing personal information such as an email address because it is valuable to others for marketing and other purposes. Second, there are software “bots” that crawl the web searching for email addresses for the purpose of selling them, marketing to them, soliciting to them, spamming and scamming them. So whether you’ve given up your email address to the New York Times in order to leave a letter to the editor, joined an online gaming community, posted on a blog or forum, or signed up to use Pinterest, Facebook, or Instagram, you can be certain that your email address will be used in unexpected ways or in a manner explained deep in the multi-page terms and services documents provided by the website. And then there are the outright unscrupulous website owners who may say they don’t use our email addresses for anything but contacting us about the use of their website, but then sell our email to the highest bidder! And lets not forget the long list of companies and websites that have been hacked, exposing our email addresses, and much more, for misuse by the hackers. And is anyone naive enough to think that they won’t get spam when they provide their email to a brick-and-mortar store? Enough said. So, some tips…
a) Many folks make it a practice to keep two email accounts. One very personal account that is closely guarded and given out to close family and friends only. The other is an account they use to sign up for websites and services, give to stores and use for posting in public places online, or when making online purchases such as tickets and software.
b) Use an email service that offers good anti-spam services or filters. And if they do, become familiar with using these services and filters.
c) Stop giving out your email address to every Moe, Larry and Curly who asks for it. We’re amazed how many times in a week we are asked for our email address. From stores at the mall, promotions on websites, and/or websites that require it in order to make a purchase by credit card.
d) You won’t like this next one… Change your email address to something less obvious than [email protected] The spammers also have programs that will send spam to all the major email services such as Yahoo, Hotmail, Gmail and AOL using generic names like johnsmith1, johnsmith2, jsmith1, jsmith2… etc, because they know that someone has that email address. The more commonly shared your name may be, the more likely it is that you will get randomly generated spam. Try changing it to something like [email protected] or [email protected]
e) Stop openly posting your very personal email on your personal accounts on the Internet. That means no posting your email address on your public profiles in Facebook, LinkedIn or Twitter accounts, for example. Bots will scrape it off those sites faster than you can say egg-on-my-face!
Ghacks.net posted an interesting article titled “Which Email Provider Offers The Best Spam Protection? Study Suggests Hotmail Is.” Yahoo users had the highest incidence of spam in their accounts based on the study. While this will always be a moving target, our anecdotal experience is that we see more spam originating from Yahoo email addresses than other services. Hotmail and AOL are runners-up. The least amount of spam, in our opinion, seems to come from Gmail accounts.
Kulwinder Singh published an article on The Tech Shell.com called “Best Sites to Create Disposable Email Addresses.” that is worth a look!
First of all, we’re very sorry to hear that. We know it feels awful. (Read some of the real stories posted by other people who have also been abused.)
The answer to this question varies, depending on the type of scam and manner in which it was perpetrated. There are several important things that you will need to do immediately, and other decisions that you will need to consider.
a) If you have any suspicion at all that someone accessed any of your personal accounts, you should immediately do the following:
i) change your password (Read our article about creating strong passwords)
ii) change your password on any other account that uses the same password as the abused account
iii) verify that you have anti-virus/anti-spyware software installed AND that it is up-to-date and working on EACH computer you have used to access the account
iv) log into your account and review ALL of the account settings and preferences. You want to be sure that no one set up a secondary account or back-door to access it. If it is an email account, be certain that the hacker didn’t set up auto-forwarding to his email account.
b) If your email account was hacked and misused, send an email to every person in your address book to inform them. Warn them about any “odd” emails they may have received from you. Choose a subject line that will get their attention and clearly identify you as the sender.
c) If any of your financial or credit card accounts were misused, contact the institution immediately. Then contact any one of the three major credit agencies (Equifax, Experian, or Transunion) to report the misuse AND put a credit credit freeze or fraud alert on your name. Here are a few articles that can help:
Lost or Stolen ATM, Debit and Credit Cards
Difference Between a Credit Freeze and Fraud Alert
How and Why to Freeze Your Credit
How to Deal With a Stolen Credit Card [from FTC.gov]
Identity Protection from the IRS
d) Contact the police; if you can demonstrate that the scam was perpetrated from another country you might also want to contact the authorities in that country but that is a difficult process.
Additional tips can be found at the Australian website called ScamWatch.
We’ll bet most folks haven’t even heard of spim or cram and understanding them all is purely academic. But for those who find this kind of thing interesting (like us), we offer the following distinctions:
- Spam: unwanted, unsolicited email.
- Spim: Spam that targets users via instant messaging (IM) systems; chat services, or even Facebook and Skype chat, can loosely be called spim.
- Cram: Cramming is the fraudulent adding of unauthorized charges to a person’s phone bill. However, cramming is often the result of fraudulent ads sent to a person’s smartphone. Even clicking “cancel” can sometimes lead to charges on your phone bill. Sometimes the language to opt out is so convoluted that the recipient is tricked into signing up and thus incurring charges. This type of ad delivered to a smartphone, and resulting in fraudulent charges, is called cram.
These types of scams are called “advance fee” scams because they usually require the winner to pay some type of up-front fee. If they don’t, the scammers may require banking information so they can transfer the funds into a bank account. The victim doesn’t realize that they have given out enough information to allow the scammers to withdraw money from the account! Or sometimes, this scam is used to extract personal information about a person.
Remember that old proverb If it seems to good to be true, it probably is.