Some people think they’re immune to cybercriminals. “I’m not even on their radar,” they think. “What are the chances that I’ll get targeted? It’s not like I’m famous or have zillions of dollars.”
Well, let me tell you a cautionary tale: A gentleman named Bob recently called my national radio and television show. He owns a Homeland Security consulting company, so he’s about as knowledgeable about online precautions as a person can be. For work, Bob was using a Yahoo Small Business account, and he needed to upgrade his service.
His instincts were correct. There had been a well-documented Yahoo breach, so Bob was doing his due diligence and updating his software. Tap or click to learn about the Yahoo data breach.
He had a few questions, did a Google search for Yahoo’s small business helpline and called. Little did he know the listed number wasn’t for Yahoo tech support at all.
Scammers found a way to push their fake number to the top of his Google search, and Bob was tricked into calling a convincing-sounding technician. When the person on the other end asked for his login information, including password and home address, he didn’t question the request. After all, Bob called them.
The person on the helpline informed Bob that his account was being hacked “as we speak.” But when they offered to fix the problem by selling a $645 firewall package – which could only be purchased through Google Play Bucks – Bob hung up and shut everything down, including his Wi-Fi.
When he rebooted, Bob discovered ransomware on his hard drive, which prevented him from accessing anything on his computer. He took the machine to some experts, who broke through and eliminated the ransomware. The whole charade cost $210, plus a bruised ego.
Yahoo isn’t the only one to fall prey to this scam. Facebook recently had to contend with a fake hotline that duped many of its social media users. Tap or click to read about the Facebook fake hotline story.
In short: cybercriminals have become so sophisticated that they can even fool professionals. While I’m sorry that Bob had to experience this firsthand, he was kind enough to share his story, and there are several great lessons to be learned.
1. Know how to get help the right way
I know, the world’s most powerful search engine should be able to weed out potential cons, but that’s not how it works. Hackers are brilliant at gaming the system, and they’re just waiting for someone to find that fake number and call.
In a way, Bob was lucky. Tap or click to read the story of a woman who lost her entire bank account because she trusted the number she called.
The truth is, tech support for a company like Yahoo doesn’t usually have a simple 800 number. They would have to field thousands, or even millions, of calls every day. Instead, they typically correspond by email or through a live chat.
So if you find a number at all, be suspicious. At the very least, reverse search any phone number you find through Google or any search engine and look for reported scams. Better yet, use a tool made for the job. Tap or click for 5 tools to find a phone number online.
2. Check and double-check
Bob’s adversaries used a common scare tactic: They insisted that his computer had been hacked, and he should act quickly before any more damage was done. Desperate to fix the problem, Bob was only skeptical when they asked for an unusual form of payment, Google Play Bucks.
Bob’s computer had been hacked because he had readily given the criminals his login information. For many online services, similar information is regularly given in order to confirm the identity of the customer.
Bob learned his lesson: He should make sure the person on the other end is real. This can be challenging if the criminals are persuasive actors who seem to know what they’re talking about.
3. Also, be wary when so-called tech support calls you
The same way that tech companies don’t often provide a hotline; they never call you. Unless you have scheduled an appointment or asked for help on a specific problem, tech companies are far too busy to give you a courtesy call.
Many people don’t realize this, and they have fallen for a scam. A prime example is a rash of calls that purportedly came from Microsoft, but were actually phishing operations.
4. If you get ransomware, don’t panic
Bob doesn’t know how much damage the hackers caused, and the experience made him feel violated. But remember: Cybercrime is a full-time job, and the rewards can be great, so professional hackers are aggressive and manipulative. Some of the biggest companies in the world – Equifax, Yahoo – have been exploited.
Bob didn’t fork over any money. Ransomware is scary, but he took his computer to experts and resolved the problem. Panic will only make the problem worse. So learn from this experience: Stay calm and carry on.
What digital lifestyle questions do you have? Call Kim’s national radio show and tap or click here to find it on your local radio station. You can listen to or watch the Kim Komando Show on your phone, tablet, television or computer.