A few days ago, while bowling with the kids, my phone rang. It was my father calling to check something out with me. He told me that "Windows" was calling him saying that he "had errors on his computer" and was walking him through steps to fix it. My reaction was immediate and severe. "It’s a scam. Hang up the phone."
My father wasn’t too sure. I told him that Microsoft doesn’t go around calling people to help them fix errors on their computers. Still, my father said, they had guided him through running some commands and sure enough it brought up a screen showing lots of errors. "That’s the error log," I replied. "Every Windows computer has it. All the errors are listed there and EVERY one will have errors in it. Guaranteed."
My father seemed mostly convinced. He told me that the guy had told him to load a website, which he did, and then told him to download some software. The guy said the software would let him remote in to fix the errors. The words "remote in" had raised enough red flags in my dad’s mind to have him call me. I told him that it might already be too late. Merely loading a website can be enough to infect a PC. Though it was certainly good that he didn’t download or run whatever program the caller wanted him to, we’re still going to treat the PC as if it were infected. (Perhaps if the caller had framed the program as "an anti-virus tool to clean your PC", the scam might have been completely successful.)
While I was strict with my father, even the best of us have times when our red flags fail to raise. Times when we give out too much information or fall for what should be obvious setups. In my father’s case, he was thrown because he had, just a few minutes before, encountered an error in Microsoft Office. The timing of the call threw him off just enough for the caller to take advantage.
We need to remember to be on our guard. When we think of scams, we usually think of those poor Nigerian princes that always seem to be dying and their heirs who will (out of the blue) share fortunes with us if only we’ll e-mail them our bank account numbers. It’s easy to laugh at those since they are so obvious, but some scammers are slicker and not all scammers use e-mail.
Scammers have been known to call people claiming to be banks or credit card companies. In a new twist, some scammers might already have most of your information. They’ll call up claiming to be from your credit card company alerting you to fraud. They’ll give you your address and credit card number, confirm that a charge "on your card" was not made by you and then ask for the security code on the back of your card. Once you give that, the scammers will confirm that the "charge" was removed. Of course, at that point, fraudulent charges will actually begin to appear.
Scammers can strike via many avenues and even the best of us can fall for them. The best defense is to keep alert. All it takes is one moment with your guard down for the scammers to succeed.
NOTE: The "burglar" image above is by tzunghaor and is available from OpenClipArt.org.