Avoid hackers (non-technical)

How do we avoid giving up information to would be thieves of our personal information both on and off the internet?

Check out the Australian Government ScamWatch website as well.

Computer scams

The attack

  • Download our virus, trojan checker
  • Win a million dollars
  • Win an iPad
  • You are the 1,000,000 visitor to our site, click here

Solution

  • It is likely they are actually asking you to download a virus distributor or trojan instead of helping you
  • Last time I checked (including the last 12 years or so), no major company is offering that kind of money for anything apart from those who wish to prove they can reach low-earth orbit in a homemade space vehicle, and documented you did it twice at least
  • iPad’s are cheap, just buy one if you really want it, or get it out of your system a go down to your local electronics store and have a play. Don’t trust it unless a major company is offering and you can view their competition rules blurb
  • I hate this one, probably because alot of programmers/hackers seem to let it on their website for some reason. Stay away, don’t click, you will go around and around slowly being gleaned of your email(s), personal details etc Don’t click on anything in any website until you have verified you know where you are and you came there deliberately and you understand what this click might mean.

Email scams

The attack

  • “I am a beneficiary of trillions of dollars that was left to me by…”, some bank, gun runner, daughter of the king of Egypt, etc
  • “We have detected a virus on your computer, please click here to fix”, or similar
  • “Make $3059 in 5 minutes and 22 seconds”
  • “I found work for you”
  • GMail and Russian (.ru) domain email scams

Solution

  • Yeah right, generally if someone comes into that much money they will normally hire a lawyer and banks will come running to give assistance. No one is going to be allowed to ship that much money across borders until approval is given by certain governments, it’s just how things operate today.
  • If someone has detected a virus on your computer, they have either already gained access to your computer or they are trying to fish for someone who will subsequently download a piece of virus software that will allow them to do it.
  • Only rock stars, owners of top corporations and world politicians make this kind of money that quickly, otherwise I can guarantee it is probably illegal.
  • Ask yourself, were you looking for work in the first place, do you know this person? Have you been to the website they insist the search details came from? Why not open a browser seperately and login at the recruitment website you should already be a member of?
  • Gmail - Be wary of email(s) with the @gmail.com domain, if you don’t know this person or have not communicated with this person before that you recognised and they are offering something, it is guaranteed to be bad news. Why? Anybody can sign up to a Gmail account with any personal details they like.
  • Russian (.ru) domain name email extensions should generally be avoided from even opening them. I do discriminate unfortuneately because most of the smart email bombs come from this extension. Just delete them! Unless of course you know the person and trust the entire email address.
  • Ask yourself, do I know this person, do I know this email address? Does it sound too good to be true? Know that no one gives away money, resources or privilages unless you yourself exist as a charity or similar.

##Phone scams##

The attack

  • Sweet voice and very friendly, they generally know something about you already or they are good guessers
  • Ask or tell you about a problem concerning your computer use
  • Say they can help you
  • Ask for username and password (may ask for make of computer, operating system (windows or apple, etc), internet connection)
  • May ask you to go to a certain website to download a piece of software
  • May ask you for bank details if they say they are from a bank
  • May get aggresive if you say you need to check with the bank, refuse to pay something or you ask other questions
  • May just hang up if they perceive you are getting suspicious

Solution

  • First, ask yourself, do I know this person? How do they know this stuff?
  • If they ask you, they are guessing. If they tell you, they are already in your computer or they are hedging you have a generic problem that is commonly known among computer technicians and professionals.
  • Everyone likes to be helped, especially the elderly when they don’t understand something in the modern age, this is especially true in computer usage. Protect yourself and ask a relative to help or someone you have know for a couple of years that might be able to help out with some advice.
  • Important point! No one from a legitimate company, bank or other will ask you for your username and password over the phone or through email. Also avoid typing your banking details, physical addresses, usernames and passwords into social media sites when actively communicating with others over the internet (filling out web forms may be okay, double check the address bar to make sure you are where you intend to be). If you feel this is a legitimate caller, or even if you called them, and they ask for your username and password, say it isn’t good enough and they need to find a different method of validating you.
  • Don’t download software off the internet unless you know what you are doing and you initiated the need to do so.
  • Important point! Don’t give bank details over the phone, unless you initiated the call to your bank and they are validating who you are. The bank will not just call you up and ask you for personal details or your membership number(s).
  • If they get aggresive with you because you refuse to hand out information, then ask for their supervisor, their name and say you will call the company directly to verify what they say is correct.

Don’t be intimidated by folks who call you that seem nice and helpful at first but may actually be fishing (phishing) for a way to get your information. You wouldn’t let someone talk nicely to you in the street while they subsequently but slowly put their hand in your pocket or hand-bag and remove your wallet, would you?

##Social scams##

Social media and seemingly personal attacks from social tools like Twitter, Facebook and others has gained momentum over the last few months. The general focus of these elegant attacks are carried out by professional crooks on professional people, the main target being those who have good connections within governmental organisations and large companies.

The attack

  • “Joe Bloe said something horrible about you on Twitter”
  • There are many other diverse methods

Solution

  • I personally received this one recently and it targets peoples inner ability to care about what others think of them. In the professional arena’s of influence reputation is important especially when running a business or if you are a manager. This particular tweet also contains a hyperlink to a website that had a login form and the styling of the website has a look and feel of twitter itself. I knew it was a scam to capture twitter usernames and passwords when I saw the address bar. It is a very clever fishing (phishing) scam, because once you have entered your details, it then posts the same orginal message to your followers on your behalf. You can’t block them, because you would be blocking yourself or some other valid follower. The answer is to not log into any website that you have clicked from a twitter message unless you have typed it into the address bar yourself e.g. http://twitter.com
  • There are a number of other methods that bad hackers and social deviants use to trick you out of information and/or money, just don’t be easily led to believe everyone is telling the truth about their product.

##Conclusion##

The above solution principals to avoid being hacked, tricked, cajouled and bullied out of our hard earned money are some suggestions that you might use to help keep clear of giving up information that is yours and no one elses. Remember your information, personal or otherwise, is yours to guard, there is no one else to do it for you.

Remember

  • Do I know this person?
  • Are they really from the business they say they are from?
  • Did I invite them? Did I start this whole process?
  • This person should never ask me for my username and password over the phone or by email!
  • How did they get my phone number, email, name?
  • Asking them questions will help me define who this person is.
  • If on the phone, get their name and their supervisors name, then tell them you are going to call them back (good for checking bank validity if you are suspicious)

If you didn’t invite them, they are likely snooping around for an easy target. Don’t be the easy target, it happens to the best of us when they are good at what they do, but hopefully you can now avoid some of the pitfalls of living in the information age.

Some theives are very smart, don’t panic, just say no and walk away!