Everyone has heard about various internet scams – like getting $1m from some Nigerian if only you hand over your bank account numbers – but increasingly, the scammers are getting smarter, and looking more ‘authentic’, and getting well-educated professionals to fall for their scams. Before you say, “Sandy, I wouldn’t be that stupid…”, make sure you’re aware of the current ploys that they are using.
I probably would have ignored this article (http://tinyurl.com/29tpjsg) a week ago, but two separate people – people that I respect – got ‘snagged’ by scams such as this. I’ll give you the examples…
In the first, a good friend and colleague of mine (a CPA) and I were chatting on the phone about an issue a mutual client was having. In the middle of the conversation, she says ‘Oh shoot (feel free to insert stronger language should you think it appropriate), my computer has a virus!’ When I asked her if her anti-virus software was up-to-date, she responded, ‘Yes, but this is a message from Windows telling me that there is a breach. I just clicked on the button, and it’s fixing it now’. ‘STOP’, I yelled into the phone, but I was too late. The virus (which had been ‘packaged’ to look like it was a Windows message) was already wreaking havoc on her system. Off it had to go to the computer hospital for emergency surgery.
In the second instance, my brother called me (thank goodness) before clicking on a link in an email that appeared to be from his internet provider. The first clue that it was a fake was that it was addressed to ‘Dear Subscriber’, rather than his name. There was no information contained in the e-mail that actually proved that they knew who he was – or which he could use to verify that the e-mail was legit. No account number, no subscriber name. He was insistent that it was legitimate because it LOOKED like the link went to www.aol.com/whatever. I had to explain to him that the link can actually go to www.themostharmfulsiteever.com and be masked to appear as if it were going to AOL. He wanted to click to prove it, and it took all my persuasive power to convince him that if he clicked to prove me right/wrong, then it was too late because he could have unleashed the virus/malware simply by clicking. Ultimately, I got him to stop from clicking by saying ‘If you were so sure that the e-mail was legitimate, why did you pick up the phone and call me?’. That one stumped him, and he decided to believe me.
Anyway, this is a long way around of saying – you KNOW how your operating system (be it Windows, MacIntosh or Linux) delivers its patches, as well as your Anti-Virus/Anti-Malware (be it Norton, McAfee, AVG, or any of a host of others). If it doesn’t look like the ‘typical’ delivery, then DON’T CLICK ON IT!!! Instead, take a minute, take a deep breath, and go to the website (via your browser, not by clicking on a link in an e-mail) of the software supposedly offering the update. Perform your system update via your account on the website, rather than by clicking a link or pop-up. If the update is legitimate, it will get downloaded that way. If you take this additional minute to navigate to the appropriate website yourself, and log in to your account, you will get all the legitimate updates.
That said, McAfee just had a MAJOR meltdown this week. It distributed a legitimate anti-virus update that had a bug in it and wiped out many a computer. McAfee promises to ‘do right’ by its customers and offer them some compensation (I have no idea what, and if you lost a couple of days dealing with the issue, then I’m sure you’re not impressed by the gesture), but it just goes to show that even ‘real’ updates can go awry. Don’t make it worse by accepting illicit update offers.