Category Archives: Technology Updates

No-Talk Phone Scams

Dialing deceivers don’t need you to say anything to rip you off

Scam Alert: No Talk Phone Scams

Most telephone scammers rely on talk, getting you to pick up the phone so they can give their impersonations of IRS agents, noble fundraisers, tech-support saviors or grandkids in need. But with a new breed of telephone fraudsters, sometimes you don’t even need to say “Hello” to get ripped off. Here’s how some of these crooks may target you.

Call Center Fraud

There are scam artists who spend hours calling the customer service centers of banks, insurance companies and other institutions, posing as people like you, to try to access accounts. These crimes have more than doubled in the past year. “That’s because reps only ask a couple of simple authentication questions — maybe your mother’s maiden name or your Social Security number — before you can transfer money or do whatever,” explains Ken Shuman of Pindrop, a company that provides antifraud services to call centers.

Scammers start by assembling information on you, stolen in data breaches, purchased on the “dark web” or gleaned with a simple Google search. Then, working from boiler rooms (often overseas), they spend all day phoning different call centers to determine if you have accounts with those companies. With your data in hand, they can often answer the authentication questions that call centers ask.

ATM PINs are especially prized — and vulnerable, adds Shuman. He notes that there are only 10,000 possible combinations for a four-digit PIN. Unless a bank’s system blocks calls after several tries — and some don’t — there are scammers who call back 150 times a day, trying different PINs until they get it right. Then they immediately log in as you, change your PIN and take over your account.

Smartphone Swindles

An ever-growing segment of the 20 billion text messages sent each day are attempts at defrauding people through “smishing” (a word that combines the SMS technology that sends text messages and phishing, a ploy to coax confidential information out of you). Typically, a scam texter will fake a problem with one of your financial accounts and ask you for data. Or they might pitch low-cost mortgages or credit cards, or promise free gift cards. If you respond by texting back confidential personal information, your identity may be stolen. Millions of these smishing texts can be launched simultaneously.

Your best defense is to be stingy with your phone number. Scam texts may result if you provide it to contests, say, or businesses. Mobile apps can also be to blame. When you install them, the fine print in the user agreement may grant permission to the app’s developer to use or sell your phone number and sometimes even the numbers of your contacts. In one recently popular scheme, scammers get your contacts from mobile apps, then text you posing as people you know to seek money or ID-theft-worthy information, says Jonathan Sasse, marketing executive at First Orion, a digital security firm that provides the mobile app PrivacyStar.

One more important tip: Never follow a text’s instructions to push a designated key to opt out of future messages. Instead, forward the questionable text to short code 7726, so cellphone carrierscan block that sender. You can further bolster defenses against mobile scams — which have quadrupled in the past two years — with call-blocking apps such as Hiya, Truecaller, NoMoRobo and PrivacyStar.

Curiosity Cons

Knowing that you are likely to ignore unrecognized or private numbers on caller ID, today’s crooks use software that allows them to display fake numbers that are hard to resist. Here are some variations.

  • The neighbor ploy Your area code and prefix are displayed, so the call appears to be from a neighbor or nearby business. “Fewer people are comfortable blocking local numbers, increasing scammers’ success rates,” notes Jonathan Nelson of Hiya. And the fake number makes it hard for law enforcement to track.
  • The “Hey, there’s a call from my own phone number” scam It’s hard to resist answering a call from your own number, which scammers can simulate. And they are able to get around any call blocking that you’ve set up.
  • The one-ring rip-off Criminals sometimes program auto-dialers to make repeated calls to you, each disconnecting after just one ring. They know this might spur you into calling back the displayed number to complain. There’s double trouble if you call area codes such as 268, 664 and 876. These are for Caribbean countries and other places that have high per-minute phone charges. One scam involves getting you to call one of those numbers, then getting you to hold through transfers that rack up your bill until a scammer gets on the line and starts a fraudulent pitch.

Time to Tape Over the Camera on Your Laptop

AVG Security
by Mark Yates on September 26, 2016

The founder of Facebook does it. So does the head of the FB — who thinks you should do it too. The first runs maybe the world’s best-known company. The second is in the business of knowing other people’s business. Given they both likely have state-of-the-art fortresses built around their PCs, maybe they know something.

What they know is that laptops and tablet cameras can be hacked without users’ knowing it. This is usually done with a remote administration tool (RAT), which by some estimates accounts for upwards of 70% of Trojans, a piece of software that hides on PCs to track activity and sometimes take control. RATs are relatively easy to build and deploy and allow online thugs to capture video without your knowing it.

What’s the danger?

Perhaps the best-known RAT intrusion happened a few years ago in California. Teenage hacker Jared James managed to slip a Trojan onto the reigning Miss Teen USA’s computer and snap images while she changed clothes. He then threatened to ruin her future pageant possibilities by making the images public if she didn’t give him more.

And that was just the tip of the iceberg. After surrendering to the FBI, James confessed to hacking the cameras of as many as 150 women. Other such cyber criminals live-broadcast bedrooms on the internet or even actively mess with the women they “slave” – freezing screens, bullying via IMs and emails, and displaying shocking images.

The great majority of these criminals perpetrate against women, but men have also been targets. And while many webcam hackers use images and video to satisfy voyeuristic needs and to humiliate victims, others are just in for the money. One Australian man literally caught with his pants down was told to pay $10,000 or be exposed online. He refused, but noted that double standards often mean women feel compelled to comply.

So how widespread is webcam hacking?

Despite dozens of news stories, official statistics are hard to come by. And as with ransomware attacks, many victims never report the crime.

One Australian man literally caught with his pants down was told to pay $10,000 or be exposed online.
But with cameras, hacking is relatively easy. One disturbing service called Shodan provides access to unprotected webcams around the world—as well as smart TVs, lighting systems, and other online devices. The primary problem is that cameras (and connected devices more generally) have weak security protocols. (For the geeks out there: Shodan crawls the web looking for Real Time Steaming Protocols [RTSP port 554], which don’t generally use basic password protection.)

For cameras embedded in PCs, criminals need access to the PC, as well. This is often done by posing as friend, through a phishing attack, or with some other form of social engineering to trick victims.

Okay, I’m sold. But is a piece of tape or sticky note enough?

For covering the camera, yes. But this issue highlights the importance of cultivating a security mindset when online. This should include a range of activity such as keeping applications up to date, using strong passwords, deploying email security best practices, maintaining general vigilance when online, and installing proper internet security, like that available from AVG.

So while taping over your webcam is smart — and easily reversible if you use a sticky note or a purpose-specific device — this quick fix should really just be the beginning of the measures you take.

Bonus tip: Going all the way

If tape’s not permanent enough for you, you can also disable your camera altogether. (Keep in mind, though, that you’ll need to reverse the process every time you want to make a video call or capture video.) For Windows 8, just use the Start Menu Search and type in “Device Manager” and open it up. Then select Imaging Devices and click “Integrated Webcam”. If it’s not there, try looking under Sound, video, and game controllers.

device-manager-620x403
Windows Device Manager

In the pop-up box that opens, select the Driver tab and the Disable button. Note that the name of the camera may be different on your PC than in the screenshots. Also, if you do not have administrator rights, you will not be able to disable the camera.
webcam-properties-ui-415x461
Webcam Properties in Windows

While you’re there, be sure to update your driver as well.