Community Challenge 3: Security Challenge


#1

This Halloween season - help us unmask some common online and phone Trick-or-Treaters! In your own words (no copy and paste) explain an online or phone scam you’re familiar with. To be eligible for a prize, your entry must be posted as a reply in this topic by 11:59:59 p.m. PT October 31, 2018 and include the following:

  1. A description of the scam (optionally, include a link to a credible source about the scam)
  2. Three clues it’s a scam
  3. What you should do if you’re a victim

Eligibility

Eligible entries must:

  • Consist of your own original content
  • Contain at least 200 words.
  • Describe a scam no one has described in a prior entry
  • Be posted in reply here by 11:59:59 p.m. PT October 31, 2018.

One entry per person!

Prizes

We’ll have a random drawing of all eligible entries on November 1. Five lucky winners will receive a prize package that includes:

  1. A Republic Wireless T-shirt
  2. A Republic Wireless stainless-steel water bottle
  3. A $10 Google Play Store gift card
  4. 8 GB Kingston Micro SD card

#4

I’ll go first, even though I can’t win. This will be an example post so others can see how easy it is to enter, and to raise awareness about a scam our Help Team has become aware of recently.

A description of the scam
When trying to port a number away from Republic Wireless to a new carrier, members seek the assistance of an employee with the new carrier. That employee either sets up a three-way call with “Republic Wireless Support” or gives the member a phone number to call “Republic Wireless Support.” The technician at this call-in support center then badgers his way into the member’s computer and offers to reset the member’s Republic Wireless PIN for a fee. (The descriptions of this experience have mentioned that the technician is rude and insistent.) The member now has given remote access to their computer to a complete stranger, and may have even provided payment information to have the PIN reset… payment information that the criminal may share or use for other things.

Three clues it’s a scam

  1. Resetting a Republic Wireless account PIN is done in the Account Portal and there’s no fee for doing so.
  2. Our technicians might, in the course of working a support ticket you’ve opened, ask you to allow them access to remote into your phone. You will always be able to see everything they are doing on the phone. They will not ask for access into your computer.
  3. Our technicians do not take payment information by phone.

What you should do if you’re a victim

  • Disconnect your computer from the internet and run a reputable malware scan.
  • Change passwords on your computer and all online accounts. (E-mail, cloud storage, social media, etc).
  • Contact your bank to let them know you have been the victim of a scam and your payment information has been compromised.

#6

A Description of the scam

No legitimate company is going to call you to tell you your computer or phone is infected with a virus. Microsoft won’t call you. Neither will HP, Dell or any other legitimate company. Since a significant number of US households have computers made by HP or Dell and run Microsoft Windows, some people do fall for this.

Any company that calls you is going to try to get you to grant them access to your computer or phone so they can do things that are not in your best interest. If you’re “lucky” all they’ll do is “find” the virus and then offer to “clean” your computer using their premium service. You will give them your credit card number to pay for this.

At worst, they’ll install software on your computer that captures your personal information and passwords. They’ll also reuse your credit card number and invade your privacy by hijacking your camera and microphone.

This kind of attack is called “Social Engineering”. As computers and phones have gotten better at protecting themselves, some of the bad guys have decided it’s easier to attack the people that use the computers and trick them into making the computer install things it wouldn’t otherwise.

Clues that it’s a scam

  • They are trying to panic you into making a poor decision right now. This keeps you from thinking about what’s really going on.
  • It may sound like they are calling from a call center - you’ll hear other voices in the background
  • Many times these callers are in another country and are non-native English speakers so you’ll hear an accent.

What to do it you are a victim

  • If you get a call, hang up immediately
  • If you do give them access to your computer, disconnect it from the Internet.
  • If you have a local go-to computer person have them come take a look. They may need to turn off remote access to your computer.
  • Run a malware scan.

#7

A Description of the Scam

Phone number stolen or cloned. Receiving calls from an assortment of creditors or vendors claiming you owe money for goods purchased.

Clues that it’s a Scam

  • You or your family members never did business with these people

  • You have clean credit

  • They keep asking for the same person and it’s not you or a family member

What to do if you’re a victim

  • Not answering the phone will NOT make the calls go away.

  • Listen to the voice message, if they’re looking for the same person to collect a debt. Wait for them to call again.

  • Tell them your number was stolen or cloned. You’re on the DoNotCall list, and you’ve never done business with them. Stop calling!

  • DO NOT GIVE THEM ANY PERSONAL INFORMATION!

  • If you don’t want to work through it or it’s too distressing, ask to have your number changed.

  • What I did: Got information from the vendor about the person that scammed them. After I got the information I forwarded this with a description of what was going on to the GBI (Georgia Bureau of Investigation). You can contact local authorities or FBI anonymously.

Results

  • Calls stopped!

As a side note the individual that did this to me, was looking for a teaching job apparently. When a prospective school called me (why anyone one would be trying to get a job and give out someone else’s number is beyond me!). I told them I didn’t know the person and the person was using my number without my permission. The school declined their application.


#8

This one happened to my grandfather:
You receive a call claiming to be from the US embassy in a foreign country. The person tells you a loved one has been arrested and put in jail. They tell you that the police will release the family member to the embassy if bail is paid. They tell you to immediately go out and send money by Western Union to the embassy.
3 clues it’s a scam:

  1. The call comes from a 1-800 number. Thanks to our representatives in the government it is perfectly legal to use disguised phone numbers.

  2. You are told to use Western Union to send money to the embassy. Seriously? They have signs at Western Union offices now warning of scams.

  3. Like many scams, the scammer has a thick foreign accent. In our case the caller spoke perfect English but had a heavy Canadian accent. It sounds Midwestern, like from the movie Fargo.

    *US embassies around the world are powerless to do anything like bailing US citizens from local jails. They also don’t use 1-800 or other toll free numbers. They have their own phone numbers and you can actually call the embassy in any country. It takes some work finding the number but you can. It is, however, a waste of time 'cuz here’s the 3 things you can do:
    *Try to contact the loved one or someone very close to them immediately. Get them on the phone and tell them what’s up but not to get involved. Scammers get the info from the internet and will make connections to you and loved ones through social media and basic internet searches.
    *Set all your social media accounts to private and keep checking them to make sure they remain private. Consider limiting your social media presence and be very careful about private info you put out there for people to find. It is possible to pay to have your private info scrubbed from the internet but it’s not always perfect.
    *Never send money by Western Union to anyone you don’t know. No office of the US government will ever ask you to send money by Western Union.


#9

A Description of the Scam

A caller (real person) asks to speak to someone (using first name only), and it is not you. If you tell them that they’ve reached a wrong number, they proceed to say “That’s ok, maybe you can help me out - I’m calling on behalf of (insert cancer, homeless, veterans, police, etc. “charity” of your choice here) to raise money to help…”

Clues that it’s a Scam

  • It may not always be a scam - it may be a legitimate charity, but if they haven’t bothered to know who you are, they are simply trolling/fishing to raise money. If they cared about you and developing a charitable giving relationship with you, the least they could do is figure out your name before they call.
  • If they say “Thanks for supporting us last year, can we count on you again this year?”, and you don’t recall giving to them before, it’s likely a scam
  • There are thousands of charitable organizations out there - many use calling services that take an exorbitant cut of the gift in “fees”, leaving little to benefit the effort you wanted to support.
  • Do you really know the organization they are raising money for?
  • If you do know the charity that is being represented, how do you know that the person you are talking to really represents the organization?

What to do if you’re a victim (and how to prevent being one)

  • Hopefully if you gave over the phone, you used a credit card (NOT debit). This is the easiest form of payment to reverse, if fraudulent. Contact your cardholder, reverse the charge, cancel your card number and have them issue you a new card number (a hassle, but safest route).
  • Don’t take a call from a number you don’t recognize - if it is important enough to contact you, they will leave a message. After listening to the message, you have the option of blocking the number with Republic.
  • If you do take the call, don’t let them start tugging your heartstrings by all the children, vets, homeless, etc. that you will feel like you’ve personally kicked to the gutter if you don’t support the cause. Immediately hang up if they don’t get your name right on the first try.
  • Ask them to give you the address of their website, or ask them to send you information through snail mail. Do your research before giving. Make sure your money goes towards helping a cause, not to fees for fundraising calling agencies.
  • Have a family meeting to collectively decide what types of causes are important to your family, and how much of your budget you’re willing to commit to supporting those causes. Then figure out which organizations do the best job of addressing the needs/causes you wish to support. Contact them directly, and set up an automatic, reoccurring donation to them in a secure manner. You can’t support every cause, but if you’re intentional about the ones you do support, you will have an easier time, and a clearer conscience saying “no thank you” to the rest.
  • Re-evaluate your decisions with your family on an annual basis (you may discover a new one that you would like to support). Challenge yourself to increase the amount you give to make the world a better place - even if it is only a small annual increase.

Results

Although the calls may never stop coming (they seem to always find a way), you will find yourself answering fewer calls, and you will have an easier time, and a clearer conscience telling fundraisers “thanks, but no thanks.”


#10

Just last week I received a phone call from a number with a nearby area code. I unwittingly answered the call and was greeted by a man with a foreign accent claiming that I had been selected as the winner of a giveaway based on my phone number. After hearing this I immediately knew that something sketchy was going on. He claimed that his company had created a community giveaway initiative in which all local phone numbers had been entered into. This man told me that him and his team were going to contact the media, drive to my city, then personally deliver an over-sized check. I thought that this sounded ridiculous, yet harmless so I told him to come meet me at my local Walmart. Then came the catch… all I had to do was purchase a prepaid debit card worth $300 and send them the card info to redeem my prize. After I was asked to purchase the debit card I informed the scam artist that I was no longer interested and that I knew what he was up to. Although I was able to easily spot the scam, someone must have fallen for it at some point or they wouldn’t have tried it on me.
The first clue that I was being scammed was the fact that I had been selected as a winner in a contest that I never entered. Although I would love the extra money, this is a classic case of too good to be true. If you are ever contacted about winning a contest that you have no recollection of entering, it’s a good sign that you are either being scammed or are suffering from short term memory loss; Either way, you shouldn’t be sending anybody money over the phone.
Another, subtler sign that this was a scam was the urgency that the scammer established. He claimed that I needed to claim my prize “today” or else I would have to pay additional fees. Even if you become the unlikely winner of a cash giveaway, the organization sponsoring the giveaway will not insist that you collect your prize immediately.
One final indication that I was being scammed is the fact that the scammer had little to no information about me other than my phone number. He only told me what city he was in after I revealed my city. Similarly, he didn’t even know my name until I told him. You would think that a corporation would at least know your name before offering you thousands of dollars.
If you have been unfortunate enough to be a victim of this scam, I recommend contacting your local police department, long with the Federal Trade Commission. The Federal Trade Commission has multiple online resources for scam reporting, information, and resources. I wish all readers the best of luck in avoiding the many scams out there.


#11

A description of the scam
you receive an email or text message that has your userid and password in the subject or at the top of the email or message. The message tells you that the person has installed malware on your computer or phone, hacked your computer or your phone and now have all your contacts, and using a key logger has everything you typed since the malware was installed.
They also have video of you watching porn at a porn site and if you do not send bitcoins to a bitcoin address listed in the email / text they well send the video to all your contacts…
and giving you one day to make payment… that they know that your reading the email / text and if you don’t pay the video goes out, but if you make payment then they will destroy the video…
and if you need proof reply yes back to this email and text and they will send it to some of your contacts…

Three clues it’s a scam

  1. spelling, misspelled words
  2. the password is an old password and you have changed it a number of times, and it is no longer in use
  3. asking for bitcoins

What you should do if you’re a victim

  1. it is a scam just delete it, they don’t have a video or your contacts
  2. make sure you change your passwords on a regular bases, you should be doing this anyway,
    there are programs out there to help you keep track of and create strong passwords
  3. don’t reply to it
  4. report it.
  5. if you did send bitcoins then the money is gone…

#12

DESCRIPTION OF THE SCAM:
I received calls from unfamiliar numbers. I normally ignore calls from unfamiliar numbers, so I didn’t answer. They left voicemails, however.

They both claimed to be from the IRS. One was a male voice with a foreign accent. He said I was under investigation by the IRS, that I owed tax money, and I had to call, or have my attorney call as soon as possible. The other was a female voice threatening that if I did not respond to the call, I would be taken into custody by the local cops. The “local cops”… that was too funny.

The IRS is aware of this scam. More information is available at https://www.irs.gov/newsroom/irs-repeats-warning-about-phone-scams.

CLUES IT’S A SCAM:
From the IRS webpage https://www.irs.gov/newsroom/scam-phone-calls-continue-irs-identifies-five-easy-ways-to-spot-suspicious-calls:
"The IRS will never:

  1. Call to demand immediate payment, nor will we call about taxes owed without first having mailed you a bill…

  2. Demand that you pay taxes without giving you the opportunity to question or appeal the amount they say you owe.

  3. Require you to use a specific payment method for your taxes, such as a prepaid debit card.

  4. Ask for credit or debit card numbers over the phone.

  5. Threaten to bring in local police or other law-enforcement groups to have you arrested for not paying.

WHAT TO DO IF YOU ARE A VICTIM:

  • If you know you owe taxes or think you might owe, call the IRS at 1-800 - 829-1040. The IRS workers can help you with a payment issue.

  • If you know you don’t owe taxes or have no reason to believe that you do, report the incident to the Treasury Inspector General for Tax Administration (TIGTA) at 1-800 - 366-4484 or at www.tigta.gov.

  • You can file a complaint using the FTC Complaint Assistant; choose “Other” and then “Impostor Scams.” If the complaint involves someone impersonating the IRS, include the words “IRS Telephone Scam” in the notes. [See update at top of page.]


#13

A description of the scam
A caller from a local number says they are calling from “Card Services” and they can save you a lot of money on your credit card interest rates. They say they just need your credit card information, and they can lower your rates significantly over the phone for whatever credit cards you have in just a few minutes. “Do you want to save money? I can save you money! What is your first card number?” They tell you that you don’t need to pay anything for the service because the bank is paying them to lower your rate for them. They take your card numbers, “verify” them on their end, and then tell you that your interest rates are now all at 1.9%, and hang up abruptly. The scammer can now charge your card, steal your money, and/or sell your information to other scammers.

Three clues it’s a scam

  1. The caller doesn’t call you by name when they call, and they ask you to give them all of your own information. This is backwards. A legitimate financial institution asks for you by name, and will need to verify you are the card holder before they help you. The scammer won’t do this, because they are stealing your information using false pretenses.
  2. The caller is very pushy, rude, and may even threaten to put a bad mark on your credit if you don’t comply.
  3. The caller refuses to identify what company they work for. Instead, they say that they work on behalf of all banks.

What you should do if you’re a victim

  1. If you receive a call, and they do not identify you by your first and last name, simply hang up.
  2. If you receive a call, and even if they do use your first and last name, be skeptical. Ask them for their extension number so you can call them back using the financial institution’s main phone number. Look the number up yourself, do not call any number they give to you (you’d just be calling the scammer back).
  3. Do not give the scammer any information of any kind. If you did give them financial information, immediately call your affected financial institutions and let them know that you’ve been scammed, and which cards and information you gave out.
  4. File a complaint with the FTC. Call the FTC’s Consumer Response Center at 1-877-FTC-HELP

#14

I’ve received a cold call that my car’s manufacturer’s warranty is about to (or already has) expired and that I am eligible to get an extended warranty over the phone (a similar scam has been done through snail mail as well). The caller will offer to extend your warranty if you act now and pay a figure in the hundreds or thousands of dollars. They will ask to take your credit card number over the phone so you can activate the warranty. If you start to ask questions about the service, they won’t have much information to offer you, and they will often become impatient. Moreover, they tell you they can’t mail you information and that you can only take advantage of the offer right now on the phone.

Three clues it’s a scam:

  • My warranty either hasn’t expired, or has been expired for quite a while now.
  • It’s a cold call and they ask for your credit card number over the phone.
  • They aren’t willing or able to mail/email you any information to review prior to purchasing the extended warranty.

If you’re a victim:

  • Freeze your credit card so the scammers can’t use the number to make further purchases. Many credit cards allow you to do this on their website.
  • Call your credit card company immediately to report the fraud.

#15

This happened to me. I changed my number.


#16

I received this email in my Apple ID email. It is really tricky as my first impulse was to reply because it is an invalid charge to my credit card account AND I once tried the FREE version of Spotify. Thus Spotify has my email address, etc. But second thought: “Never click on a link in a questionable email” and this was definitely well-done but very questionable. I moved it to my Junk folder and had Apple Email client delete from Junk folder. Now a few days later I see all the services have articles about this scam; but those articles were not out on the zero-day that I received this scam email.


#17

Good thinking !!
Here is link to the Spotify Help article on the subject


#18

A description of the scam
When using Venmo or another type of personal money transfer application, there is a scam where money can be sent to you from an invalid account that appears real, but doesn’t actually exist. There are a couple ways this scam can be used, but here is one common approach:

Three clues it’s a scam

  1. The payment is not expected.
  2. You don’t know who the sender is.
  3. The sender requests the return payment quickly before the money fully transfers

What you should do if you’re a victim

  • Don’t send money until the payments have fully transferred
  • Contact your bank and Venmo to report the sam

#19

**Student Loan Scam:**

I’ve received this phone call many times! The kicker is I don’t have any student loans, so luckily it’s easy for me to spot.

Description: Caller says they are from either a student loan company or, in one case, the Federal Student Loan Office. They ask for your Federal Student Loan ID and/or FASFA id and usually password. They may promise immediate forgiveness or to get your loans reduced for a fee. They have promised to wipe out all my student loan debt for a fee of 10% of the outstanding loan balance.

What they may actually do: Change your info on your loans so you stop receiving any notice about them. Then, they won’t pay them, but you think they are being paid or taken care of by the scammer.
The result: You are in major default on student loans and may not find out until you get wages garnished, court summons, or apply for credit and find out your credit is shot.

Clue#1:
Do you have student loans? If not, it’s definitely a scam.
Clue #2:
No one will call and ask for your Federal Student id. They may ask if you call them, but then they definitely won’t ask for your password.
Clue #3:
While there are student loan forgiveness programs, it’s not immediate cancellation. The public loan service forgiveness program has a lot of hoops, and 10 years of payments. You do not have to pay for this service.

If you are a victim: Contact your lender/loan servicer right away. Change your password, and you should be able to change your username as well. If you set up payments to the scam company for their assistance, cancel the payments. Check to make sure all paperwork will still come to your address and is not being redirected.


#20

Thanks to everyone who has participated. We have 10 eligible entries.

We’ll have the drawing later tonight!


#21

I can help, but it will need to be after 8:45. In fact, I could write a quick program to choose the winners :slight_smile: .


#22

When see you planning this? I might be available.


#23

My program is up and running…! Which entries are not eligible? I counted 12…