The IT Guy Stumbles, Too

Those of us in the IT field are subject to the same pressures as everyone else, and we can stumble just as easily as anyone when we’re rushing to leave on vacation – or a business trip. Here’s the story of how I almost blew it – and I’m stickin’ to it. Let it serve as a lesson for you.

It was the Friday before we were leaving for our latest (hopefully not last) family vacation (Charlie will be college-age next summer), and I was in a rush to close all our business and personal affairs before leaving the next morning. I got a call on our home landline purporting to be the bank for our main credit card wanting to question charges from Walmart and Malaysian Airlines. With one foot out the door, I wasn’t thinking straight. They said I could have a new card in three or four days, but I said I needed one tomorrow morning because we were leaving for vacation. When the caller said they’d need a supervisor to call me back, I started to think maybe the call wasn’t legit.

This was a prime example of how we get caught. Credit card fraud is a major problem that’s hit just about everyone in the world. A call like that is no surprise. When I took a deep breath, I hung up the phone, went online to my bank, and looked at my account. There were no pending charges from either place. Had I stayed on the phone call, well, I don’t want to think about it.

One problem with phone calls today is that even if you see a symbol, such as a checkmark (√) or a V in parentheses (V), it may be a spoof. It’s easy to spoof any phone number, so don’t believe it is legitimate because you see a symbol. We don’t pay attention to possible pitfalls when we’re rushing to get things done before a vacation or a business trip. We need to take a deep breath and step back before we act. Otherwise, we could come back to empty bank accounts.

One of our clients almost made a similar mistake when they got a text message about an ambulance bill. The client had gone to an urgent care, and doctors there determined they should be taken by ambulance to the emergency room. The text said their insurance carrier had declined the claim, and there was a link they could use to pay the bill. After staring at the text – after almost clicking the link to see what was going on, they looked on their carrier’s website and found no mention of the ambulance ride. The really scary part is how someone knew our client had an ambulance ride from a specific company on a particular date.

If you do make a mistake, you should call your credit company’s or bank’s fraud line and report it immediately. If you can’t get through, go online through your browser and file a report. You can usually block action on your credit card with the click of a button.

If you fear a breach, you can call us – 973-433-6676 – or email us for help. We can start to put the pieces of your puzzle together to see where your system may have been breached through your computer or mobile device and help you rebuild your security system.

Robocalls: The 50-Ton Elephant

If you’ve reached the breaking point in robocalls, you’re not alone. We tracked ours for the last three months just to see how bad a problem it’s become. Since Jan. 29, tracking only our landline at home, we received 583 robocalls – an average of 6.5 calls per day, 24/7/365. And that’s with Nomorobo installed on our landline. Thirty of those calls were identified by a single phone number.

While you can debate the effectiveness of Nomorobo and a host of other apps that try to block telephone scammers, they’ve likely done as good a job as they can. The apps use databases of known robocallers or scammer call centers to identify a scam call and disconnect “known” scam calls. Another entry into the field, Jolly Roger Telephone, claims it can carry out our revenge fantasies by engaging scammers and tying up their valuable time.

Unfortunately, the databases also lead to a growing number of false positives. They rely on customer feedback to some extent, and that can have negative side effects. There’s no way to know how many legitimate phone numbers get into a database for any number of reasons. A legitimate call center, including an outgoing “800” number from a bank, airline or insurance company, may get blocked, delaying vital communication between a business and a customer.

Some of us have turned to apps from our phone carriers – mobile and landline – to block calls, but we face the same problem of false positives in their databases. We can unblock specific numbers, which we had to do to take care of many of non-profit clients. We only find out about the block after a client tells us we couldn’t be reached.

Scammers have adapted to protect their income sources, and it’s a no-holds-barred world. Would it surprise you if they’ve compromised the databases? They’ve also become better at spoofing local phone numbers so that you think someone in your community is calling. Sure, it’s possible to trace a phone call back to its origin in many cases, but it’s time-consuming just to get the process started. In the meantime, the scammers don’t need a large volume of victims to make money.

But most of us increasingly don’t answer the phone unless we know the number. We put up with the incessant ringing and hope that a legitimate caller will leave a voice mail, or we wind up blocking legitimate callers.

Unfortunately, there are no prospects for a quick resolution to the problem. In the absence of any kind of international laws with enforcement teeth, it will be up to private industry to find a solution. They’ll need financial incentives to develop and maintain centralized databases and technology that can detect and block scam calls faster and more effectively.

There’s even no incentive for us to get rid of landlines. Almost every bundle from a cable or satellite provider is a “triple play” of TV, internet and telephone.

We can help you set up Nomorobo. Their service is $1.99 per month for mobile phones and devices and free for landlines. Call us – 973-433-6676 – or email us if you have any questions about how call blocking works and how to set up an app to meet your needs.

In the meantime, if you pick up the phone and it seems suspicious, don’t give any vital information. Hang up immediately. You can always get additional information by going online to research appropriate contact info and initiating communication.

Tax Season: The Next Scam Season

I don’t know whether more money changes hands during the holiday shopping season or during tax season, but a lot is at stake between now and April 17 as people prepare tax returns. It’s a busy time of year for scammers, most of whom want to use fraudulent information to get your tax return money.

Probably one of the most common scams is someone calling from the IRS to say you owe back taxes. This happens every year and all year long, too. But there’s just one thing we want to remind you about, even if you know it: The IRS does not contact you by phone. Nor does the IRS contact you by email, a form of communications a scammer will use in a phishing expedition. The IRS sends you a letter.

The other scams you are likely to encounter are calls or emails from people or companies offering to prepare your tax returns and even provide you with an advance on your refund. The email scams are more insidious because if you click on a link, it could automatically trigger a breach of your computer that reveals sensitive information. If you follow through on a phone call or link, the scammer is going to request your Social Security number and other info that goes on a tax return. If the scammer is offering to advance you money from an expected refund, they’ll want your banking info, too. Once a scammer has this and other personal information, it’s easy to get credit cards and loans and commit crimes in your name.

From a computing point of view, we again remind you not to open emails from people you don’t know who offer help during the tax season. Delete them immediately. Do the same with an email from someone you know that seems out of context because it’s so easy to spoof an email address. For example, would you really expect Norman Rosenthal or Sterling Rose to prepare your taxes?

You can protect business and home networks and computers by making sure you have new, strong passwords for all networks and accounts. Strong passwords are long and contain a combination of upper- and lower-case letters, numerals and special characters. With the breach at Equifax, the risk of fraud is higher, and one of the problems it can lead to is that someone will file your tax return before you do.

With protection in place, you can use the internet for all of your tax-related activity, starting with IRS’s official website https://www.irs.gov/. In addition to being able to get tax forms and answers to questions, you’ll find links to help you find and verify information about tax preparers, including 10 tips for choosing one.

If you are preparing your own taxes, we recommend you use one of the established software providers to reduce your risk of a security breach, especially when you file online.

While we don’t prepare taxes, we can help you keep your networks and computers secure. Call us – 973-433-6676 – if you think your system may have been compromised. Call us or email us if you have any questions about system security or security settings for any software you use for tax preparation and filing.

Seniors and Scammers

People 60 years and older seem to be victimized more than any other group by scammers, whether they operate online or over the phone. While it’s always easy to let your guard down at any age, older people seem inclined to be more trusting when they get a phone call.

The rules for seniors apply to people of all ages. It starts with being an active listener and observer for three alarms.

The first alarm is visual as well as audible. Voice Over Internet Protocol (VOIP) telephone systems are totally Internet based, and that allows any system owner to program a caller ID to appear as any phone number. It can be your local area code or an area code from anywhere in the US or the rest of the world. Scammers match a phone number to a name in a database, so it can even display a name that looks very normal with an unrelated phone number that looks normal. Sometimes, you’ll just see a string of random numbers. Be careful, and if something doesn’t sound right, disconnect the call. None of those phone numbers can be traced.

We live in a diverse society, so don’t take this second alarm the wrong way, but listen for an accent. A lot of scammers call from other countries because they can avoid a lot of laws in the US. If you hear an accent and something doesn’t sound right, don’t give the caller access to your computer or any other information and disconnect the call.

A third alarm is any caller who claims to be from Microsoft, some other large technology company or the IRS. Microsoft and the IRS, for example, will NEVER call you on the telephone to tell you there’s a problem with your computer or a tax return. Microsoft does all of its updates online through Microsoft update, and the IRS sends you a letter – by snail mail.

When it comes to the telephone, screen your calls. If the caller doesn’t leave a message, it’s just as well you didn’t talk them. If you get a call from someone who is NOT your IT consultant and who says he’s discovered a problem on your computer, hang up.

Also be careful of pop-up messages while you are surfing the web. Scammers can break through weak security measures on some websites or a hole in your security and insert a pop-up message. When you click a link on that message, they’ll make the screen look like your computer is infected. Then, they can offer you a repair or a service subscription while they gain access to your computer – allowing them to infect your computer or hold your data hostage.

Cybercrime is a fast-moving target. If you suspect something wrong, it might be best to shut down your computer and call us at 973-433-6676. We can discuss the best plan of action, which could a remote check of your system or an on-site visit. For non-emergencies, you can email us, too.