Scammers don’t take a break for holidays. In fact, it seems like they increase their efforts this time of year. People are shopping online more, spending more, and using their PCs and mobile devices online more. Many are also getting ready for a lightly less fun annual event—tax season. The combination is more than scammers can resist, so they are upping their efforts, with phone calls, e-mails and website malware designed to part you from your money. One recent trend has seen Canadians receiving calls from someone posing as a Geek Squad agent, claiming they owe hundreds of dollars. Needless to say, these are criminals taking advantage of the public’s recognition of Geek Squad in an attempt to shake them down for money. Neither Best Buy nor Geek Squad will call customers demanding money.
Here’s how to avoid falling victim to internet and phone scams.
Tactics are getting more aggressive
Scammers are calling peoples’ home phone and smart phones (even using text messages) and they are getting increasingly aggressive.
Among the common ruses are claims of being with the Canadian Revenue Agency (CRA). Callers request personal information such as a social insurance number or credit card number in order to process a refund. A disturbing trend has been callers who use threats and stern language, claiming that their victim owes money to the government and must pay immediately or they will be arrested. Recently, there have also been reports of callers posing as Geek Squad agents and demanding payments of hundreds of dollars for computer-related issues.
In some cases the scammers are even able to spoof phone numbers so it appears as though they are calling from a legitimate number. Be skeptical!
The CRA doesn’t call and demand Canadians withdraw money immediately to pay off tax assessments (the agency suggests contacting them directly if you receive a call of this nature), and Geek Squad certainly doesn’t make calls like this either.
Real companies and government agencies don’t demand payment in gift cards
Scammers can run into issues where banks and credit card companies stop payments on their extortion attempts if the victim catches on quickly enough. So some have turned to demanding payment via gift cards or crypto currency instead. That in itself is a huge warning sign that you are dealing with a scammer: no retailer, support company, or government agency is going to call you up and ask you to pay a fee using gift cards or Bitcoin.
Tech support won’t call you out of the blue
If you get a call from a someone claiming to be from technical support—Apple, Microsoft, Geek Squad, your cellular provider, or whatever—this is almost undoubtedly a scammer. Unless you previously placed a call looking for help and followup was promised, you are not going to get a call out of the blue from any tech support staff. These companies do not randomly need remote access to your computer to scan it for viruses, and they do not need to check to see if it needs a system upgrade, so don’t give them access. Admittedly, the scammers can be convincing, often leading with questions that ring of truth. For example, they might ask if you’ve noticed a recent slowdown in your internet performance—don’t fall for it.
If you think for some reason that the call might be legitimate, hang up, then call the company back at its official phone number listed on their website and ask if there is an open ticket for your name. Odds are high they’ll have no idea what you are talking about because the call you received was from a scammer trying to gain access to your computer—and your personal info.
Another recent tactic used by scammers is a con that takes advantage of several trends: celebrity smartphone hacking and a general distrust of smart or connected devices. The ruse usually goes along the lines of the scammer claiming to have hacked a computer webcam to record compromising video of the victim. Perhaps instead, they claim to have access to records showing visits to questionable websites. The victim is told to make a payment (often in Bitcoin) immediately or the embarrassing info will be released to the public, or to their family.
In the vast majority of cases, the claims are false. Without compromising a computer via malware, gaining access to its webcam or browsing history is rare. If you are concerned, make sure your devices are protected with security software, and consider a webcam cover that physically blocks the lens when not in use.
Beware of phishing
I’ve often mused that if cyber criminals ever got to the point of investing in a copy writer for their phishing e-mails, we’d be in a lot of trouble. Probably 95% of the fake e-mails I receive are immediately recognizable for what they are because they are riddled with typos and spelling mistakes. Apple is not going to send me an e-mail like the one below. This one is free of glaring spelling mistakes, but let’s have a quick look at the signs that this is fake.
- It was in my SPAM folder. Your e-mail client’s SPAM filtering capabilities are far from perfect, but they are a first line of defense. Finding this seemingly important e-mail in my SPAM folder is an immediate red flag to use caution.
- The subject is “important message” which is pushing the fear button. A legitimate e-mail from Apple Support will have an actual, specific issue in that subject, such as “Your Apple ID was used to sign into iCloud via a new computer.”
- The e-mail is addressed to “Recipients” instead of to the e-mail address registered to my Apple account. This is a big clue that this is a mass mailing, not something sent specifically to me.
- The sender is identified as “Apple Support” but look at their e-mail address. This is probably the single biggest giveaway. Do you suppose Apple is sending official e-mails using the account firstname.lastname@example.org?
- The greeting starts with “Dear Customer” instead of my name. Apple includes customer names to add a personal touch, but also to show it’s not a phishing e-mail.
- The text has no spelling errors, but the e-mail is rambling, lacks punctuation and repeatedly uses the word “Apple” in an attempt to sound more official.
- The final big giveaway—and the point of this entire phishing e-mail—is the instruction to click on a link to “restore the account.” Blindly click that link and the trouble begins. Apple will sometimes send legitimate e-mails with instructions to go to a website; however, Apple will spell the link out so you can see exactly where you’re being directed. The last such e-mail I received from them directed me to go to https://appleid.apple.com, a destination that is clearly going to Apple’s domain.
This example of a phishing e-mail is disguised to look as though it came from Apple, but there are many variations on the theme. You’ll likely receive similar e-mails allegedly sent by other companies, your ISP, your bank, and government agencies. Use extreme caution to avoid being scammed.
How you can protect yourself
The common factor in almost all of these scams is fear. Fear of consequences, fear of losing money, fear of embarrassment, and—rather ironically—fear of being the victim of a scam. To the point where the victim is so worried that they will either give someone remote access to their computer in order to “secure” it, or pay them money outright for fear they are going to be investigated, audited or even arrested.
You should be cautious whenever an agency reaches out to you for personal information or a payment of any kind. If you’re suspicious of a phone call, ordinary mail, or e-mail, take some time to think it through. You can find the customer service contact information of any agency or business using the internet. Also, you can check with the Canadian Anti-Fraud Centre, an excellent resource from the government of Canada. If you’re worried your computer may have been hacked or infected, scan it with anti-virus software, or bring it to Geek Squad (at Best Buy locations across Canada) for an examination.
Above all, stay informed, be wary, protect your devices, and don’t panic. When you act calmly and without panic, the scammers almost always lose—and you stay safe!