Never Call a Phone Number to Fix a Computer Virus

If you use a desktop or laptop computer, you absolutely need to have antivirus software installed. There are a lot of options, and most of the major ones—Norton, McAfee, Bitdefender, Trend Micro—do a good job if you keep them updated and active. In just about every case, that means paying an annual fee, which usually falls between $20 and $40 per year for a personal computer. Compared to the time and expense of fixing a compromised machine, however, it’s a pretty good deal.

However, it is also important to know how antivirus software actually behaves once installed. You’ve heard of Tech Support phone scams in which a caller claiming to represent Microsoft tries to convince the victim to follow instructions that lead to fraudulent credit card charges, a hacked computer, or both, but there are also websites that will display popup windows in an attempt to accomplish the same objective.

When you have real, paid-for antivirus software installed, for the most part it runs quietly in the background. It may give you a message when you start your computer or a weekly report of the threats it detected and removed (if any), but other than that, you will generally only hear from it if you try to download or install an infected file, or if your subscription is about to run out.

What will NOT happen is a popup window telling you “your PC is infected!” or “your PC is ____% damaged” or “WARNING! YOUR COMPUTER MAY BE INFECTED” with instructions to enter a credit card number or call a phone number, or to click a “Repair Now” or “Free Virus Scan” button. Those are all coming from a compromised website you’re visiting.

If you are already paying for antivirus software, that’s where the payments stop. You do not pay extra to have viruses removed—detecting and removing malware is what you’re paying for in the first place. You also will never speak to a live person on the phone. If your antivirus software detects a problem, it will deal with that problem. There is no need for some remote “tech support” person to access your computer.

If you get one of these popups, all you have to do is close your browser window, don’t click anything on the popup window itself, and consider avoiding whatever website you were visiting that generated the popup in the first place.

Money Flipping Scams and Mobile Payment Apps

Mobile payment apps such as Venmo, Cash App and Zelle are extremely popular, but have become an easy avenue for scammers looking to make a quick profit.

Many of these scams start on Instagram, with photos appearing to indicate a glamorous lifestyle and claims of a “secret” stock market strategy that can turn an investment of a few hundred dollars into thousands, almost instantly.

Once a victim contacts this scammer, they will be instructed to send money—around $500 is a common amount—using one a mobile payment app. Sometimes the scammer will respond with an attempt to get another payment, to cover “taxes” or “fees,” but in every case, the victim never gets one cent back from their “investment.”

There are a few things to remember. First, you should never invest with any unlicensed, unknown person or company. Investment always carries the risk of losing money, so anyone selling “guaranteed” results (or “secrets,” “miracles” or “tricks”) is lying.

Second, mobile payment apps are meant for transferring money when you know the person you’re paying. It’s the same as wiring money in this way: send it to a stranger and it’s gone forever, with no way to get it back.

Finally, it is incredibly easy to create an Instagram presence filled with young, glamorous-looking people standing in front of expensive cars or large houses. These photos can be purchased from stock photography websites and altered to suit their needs, or sometimes the scammer will simply trespass on private property to get pictures of himself in these scenarios. Never trust anyone you don’t know online, and never send money to a stranger in any situation.

You Can’t Buy a Miracle

A new year is fast approaching, and let’s face it—we’re all hoping for a drastic reduction in weirdness for 2021 compared to…whatever that was.

One thing that remains familiar, though, is people making plans for the things they want to accomplish in the new year. It’s a timeless urge, and while plenty of big plans for 2020 were scuppered by the pandemic, that really won’t stop us resolution-making types from doing it again, however cautiously (once bitten, amiright?).

Therefore, I want to remind you that you can’t buy a miracle.

What I mean by that is, the word “miracle” has been turning up in advertising for centuries now, and it has always been a major red flag that the product or process being advertised is nothing but snake oil. Literal snake oil at one point, but figurative snake oil these days.

You want to lose weight this year? Pandemic led to panpizza a few too many times? The minute you see the word “miracle” in a weight loss product, diet plan or exercise device, run the other way immediately (and be sure to slap on your wearable fitness tracker while you’re running; might as well get credit for those steps). There is no such thing as a miracle weight loss product that you can give another person money for. There might be miracles that happen with your own motivation or discipline or mindset, but those are all free, and they all happen inside you.

You want to better your financial situation in the new year? Real investments are sold by people with licenses, are never guaranteed, and always carry risk. They work (or fail) though often-unpredictable but identifiable market forces, and are not miraculous. Anybody urging you to invest in some new miracle investment instrument is lying to you, even if they claim to be a member of some group you belong to (a scheme known as affinity fraud). Don’t lose your life savings to an unlicensed charlatan selling miracle investments. Go to a licensed broker and discuss your best options.

Even with the good news about vaccines, it’s going to be a while before the pandemic is fully in the rearview, so anxiety about this potentially-deadly virus is going to be around for a while. This means that there are going to be websites, emails, social media ads and even text messages hawking COVID-19 “miracle cures” for a long time. None of them will be legitimate, the same as every “miracle cure” for every other disease known to man throughout history. These are and will always be scams, plain and simple. Save your money.

Do Not Fall for the One Ring Scam

For the record, I am trying very hard to not put any Lord of the Rings references in this article, but I can tell you the temptation is unbelievable, given the name of this scam.

Here’s how it works: your phone rings one time. Curious, you use caller ID to call them back. A charge for an international call and/or an extra charge for some kind of “service” gets added to your phone bill. Most of that money ends up going to the scammer.

That’s pretty much the whole scheme.

In the wave of one-ring fraudulent calls that hit in 2019, the calls came from the “222” country (not area) code, which is the West African nation Mauritania. Since most people don’t memorize things like country or area codes, on first glance the number might just look like a regular domestic phone call. The FCC has detailed information available for download here.

I have written several times about not going through your caller ID list and calling every number back. In the case of the “spoofed local number” robocalls, it was because the caller ID was NOT showing the actual number from which you were being contacted. Calling back would only end up with you harassing an innocent person.

But in this case, the caller ID is not being spoofed, or at least, it is displaying a number the scammers want you to reach because that’s all it takes to skim some money from you. Some scams go for big hauls from a small pool of victims; this one is aiming for small gains from many.

A one ring scam to rule them all, if you will.

(I almost made it.)

Telephone Scam Targets NIPSCO Customers

True to the company name, the Northern Indiana Public Service Company, commonly known as NIPSCO, provides electric and gas service to a sizeable chunk of northern Indiana, and for much of the Northwest Indiana region, is pretty much the only game in town when it comes to these utilities.

This means there are plenty of scams in which someone pretends to represent the company. Most of the time, you hear about distraction schemes in which someone knocks on the door, claims to be a NIPSCO employee, and asks to be let into the home or to show the resident something outside. While the homeowner is distracted, an accomplice enters the house and steals anything valuable they can get their hands on.

But another type of scam has been making the rounds in the form of phone calls or text messages claiming that the recipient is late making a payment, and that their power is going to be turned off immediately unless they pay right away, usually by purchasing a prepaid debit card and relaying the card data back to the alleged NIPSCO employee. At a time when a lot of people’s financial situations are still reeling from the ongoing coronavirus pandemic, it’s sort of the perfect scam for the season. Dial or text any 219 area code phone number, and you’re likely to get a NIPSCO customer, and more likely than usual to find someone who is a little behind on payments.

There are a few points to remember. First, if you are behind on utility payments, it will be reflected on your most recent bill. Contact the company directly and talk to someone—believe it or not, most utility companies would generally rather work with you on a plan than cut off your power. Also, whether you are behind or not, NIPSCO won’t ask you to meet an individual somewhere to pay cash, ask you to buy prepaid debit cards, or request a wire transfer. This is one reason I always encourage people to sign up for (and use) online payment options. That way, if you get a call or a text message about an unpaid bill or other issue, you can login and check for yourself. It also allows you to make a payment with a checking or savings account, credit or debit card. However, even if you still prefer offline billing and payments, never trust a caller (or texter) who is trying to alarm you, then asks for money. Hang up, do not respond, and call the utility directly to see if there is any truth to their claim. Chances are, there is not.

How to Avoid Delivery Confirmation Scams

The coronavirus pandemic brought out a lot of things in people, both admirable and not-quite-as-such, but it really brought out the online shopper in a lot of us. More packages than ever are being left on more doorsteps than ever (which was already happening anyway, the virus just accelerated things), and that means a lot of delivery confirmations and notifications arriving in email inboxes and text messages. Usually, these contain a link to the seller or carrier’s website, where you can track the status of a delivery.

Never ones to leave a potentially-lucrative situation unexploited, scammers are leveraging this deluge of notices to launch phishing attacks disguised as alerts regarding the shipment or delivery of online purchases. The messages contain a link that leads to a website created solely to harvest personal information, install malicious software onto your computer or device, or both.

Some phishing messages attempt to impersonate the seller (Amazon or Walmart, for example), while others appear to come from the company shipping the item (USPS, UPS, FedEx, etc.). Some target college students who found themselves sent home abruptly in March, and refer to deliveries that have supposedly been waiting for them to pick up for six or seven months.

The first step you can take in avoid this type of phishing is to be as organized as possible, and make sure you know what you have ordered, whom you ordered from, and when. If you’re only waiting on one package from Amazon, and one other being shipped via USPS, you will be instantly suspicious of a notification from Walmart or UPS.

You can also decline to click or tap links in emails or text messages. If you want to check on a shipment, use the information originally provided by the seller and visit the correct website directly (which will be simple if you’re already doing that “be organized” thing I just mentioned). As always, notifications and confirmations from real companies, while brief, will almost always have correct spelling (and grammar when/if present). Misspelled words, dropped plurals, incorrect verb tense—these are all signs that something is a little “off” about a shipping confirmation.

Prevent Scams by Imagining an In-Person Approach

Imagine yourself walking down the sidewalk. A stranger approaches you. He is wearing business attire and a nametag from a large, multinational bank or credit card provider. He says this: “Excuse me, Customer? Your card has been deactivated due to suspicious activity. Would you please tell me your name, account number, Social Security information, online banking password, and PIN?”

Would you give this person anything he asked for?

Of course you would not. However, this scenario is exactly what happens in the classic phishing scheme: a message informs you that your card has been deactivated, and gives you a link to a website designed to harvest personal financial information and hand it over to someone you don’t know. The message and the website may be dressed up in logos and slogans that mimic some large financial provider, but that does not make them real. The only real difference is that the communication is happening through email instead of in-person.

If you picture unexpected emails, text messages or phone calls from people you don’t know (and whose identity you therefore cannot verify) as in-person approaches, the suspicious intent becomes incredibly clear.

Would you listen to a person running up to you on the street and saying that because you did not pay your taxes (or failed to report for jury duty) you are going to be arrested in one hour unless you buy a prepaid debit card and tell them the numbers?

If someone tapped you on the shoulder and said, “Greetings. You have won the Microsoft Email Lottery. Two-point-five million United States Dollars. But you have to give me five thousand to cover taxes and fees first,” would you run straight for your bank to withdraw the cash? How would you react to a stranger telling you they wanted to immediately hire you for a work-at-home job processing payments, and all you have to do is open an account at a certain bank and tell them the account and routing numbers? Would it strike you as a legitimate offer?

How to Freeze Your Credit

New account fraud, in which someone uses your personal information without permission to open new credit accounts in your name, is probably one of the first things that springs to mind when you hear the words “identity theft.” It is still one of the more common ways thieves use stolen information. A security freeze is your most effective tool in preventing this type of identity crime.

A freeze prevents new credit accounts from being opened using your personal information unless you lift the freeze in advance of applying for new credit. This is accomplished using a PIN that is created when you place the freeze. A freeze can stop an identity thief from creating new lines of credit, even if they have all your information.

There are three major credit bureaus, and each has a specific method for applying and lifting a security freeze. While you can still request a security freeze by postal mail, going online is by far the easiest and quickest method. Make sure to visit all three bureaus to place your freeze, and simply follow the instructions to place your freeze and get a PIN.

TransUnion: https://www.transunion.com/credit-freeze

Experian: https://www.experian.com/freeze/center.html

Equifax: https://www.equifax.com/personal/credit-report-services/credit-freeze/

Make sure to bookmark each website so you can lift the freeze later if the need for a new account arises, and keep your login/password information safe if a site requires you to create an account. One trick is that if you are applying for new credit, if you know which credit bureau the lender uses, you can lift the freeze temporarily for only that particular credit bureau, instead of all three.

Finally, make sure you keep your PIN somewhere safe, where it will not get lost. A lost security freeze PIN can be handled, but it takes a while and is a much bigger hassle than simply keeping track of your PIN.

Keep in mind that a freeze helps prevent one type of identity theft, but does not prevent existing accounts from being accessed with stolen credentials, fraudulent credit or debit card transactions, employment or medical identity theft, or the filing of fraudulent tax returns. In other words, even after you place a security freeze, you must remain aware of the risks of identity theft and protect your personal information.

Three Tips for Keeping Your Information Safe

So you have a crosscut shredder and you know to hang up on that “you owe back taxes” phone call, but personal information can be compromised in many ways. Here are a few personal data security tips that you might not have considered.

Never email your Social Security Number

No matter who someone claims to be, there is never a reason to send someone your Social Security Number via email. Even if you are initiating contact with someone you believe works for the IRS. This happened to a writer at Lifehacker—she wrote an article about the 2020 Economic Impact Payments, and a number of readers somehow got it into their heads that she was from the IRS and began emailing questions that included a lot of personal information. Don’t ever do it. Even if you somehow are in contact with the IRS or other government entity via email (which is exceedingly rare), they already have your SSN and other information. If someone you don’t know is asking for your number via email, they’re up to no good. If it is someone you do know, with a legitimate reason to need your SSN, there are safer ways to relay this information.

(The entire above paragraph also applies to text messages. Don’t text your Social Security number, either.)

Never email an account number or PIN

On a similar note, it is a bad idea to email financial account numbers. If you get the wrong address, you could accidentally send your information to someone else. In the same way the federal government already has your Social, any business you have an account with already has your account number. They can look it up. You also never know what the email security protocols are like on the other end. Even if the security system itself is robust, how do you know your email isn’t sitting out in full view on an unlocked computer, while the recipient walks away (or leaves for the night)?

Never give additional information

If you successfully opened an account or membership with a company, you have already provided them with all the information they need. For example, if you sign up for Netflix, all they need is your name, email address, phone number, and payment information. However, phishing emails that appear to come from Netflix appear in inboxes every day, and many of these contain links to fake websites designed to harvest further information, such as banking passwords/PINs, Social Security numbers, and other personal details. Don’t do it. If they needed a piece of information, they would have asked for it before opening the account.

Employment Scams are Still Going Strong

The Better Business Bureau has released a report on employment scams that is well worth a read (it’s only about six pages long, not counting the title page and what would be the back cover if the report were printed). https://bbbfoundation.images.worldnow.com/library/d8707e47-c886-48ec-b143-7b3db2806658.pdf

There are some interesting findings in the report.

In 53% of cases where someone responded to a job offer that turned out to be fraudulent, the primary thing that attracted the victim was the promise of being able to work from home. This is nothing very new—I was writing about the scammy nature of online work-from-home offers ten years ago—but I have a feeling that fake job listings will increasingly promise working remotely as the pandemic continues in the U.S. Stay home full-time and get paid? I would want to take that action without a pandemic simply because I don’t like commuting. If I was looking, and if any of those jobs weren’t scams.

The age group most targeted by, and most likely to fall for, a fraudulent job posting is the 25-34 range. People in that age bracket are often looking for their first career-type job, and those with established careers still tend to change employers often. Additionally, a lot of them don’t (or barely) remember a time when the internet wasn’t just an everyday fact of life, the way the television was just there if you grew up in the ‘60s, ‘70s or ‘80s. They may not have developed an innate slight distrust of online offers yet, which is such a helpful scam-avoidance tool.

While younger people are more likely to be victims, the greatest monetary losses to these scams are incurred by people aged 45-54 and 65+. Women are more likely to encounter a fraudulent job listing online, but men are slightly more susceptible to becoming a victim. Unemployed persons account for over half of the encounters with job scams, which makes sense because they are more likely to be looking in the first place.

If you’re looking for work, there are a few things to keep in mind. First, you must research every single company that puts an advertisement up. Make sure it’s a real employer offering a real job that pays real money. Never pay someone else in order to secure a position, and assume any listing with the words “work from home” is very, very likely fraudulent. There are exceptions, but they are few.

Finally, some online job postings involve processing payments from home—receiving large sums into your account, then transferring or wiring it to overseas accounts, or processing shipments—receiving electronic goods which are then “reshipped” to someone else. These jobs will compensate you, but they are actually part of an organized money laundering scheme, leaving you as one of the only verifiable, domestic, and easy-to-locate links in the chain. Victims of these scams can find themselves in legal trouble if law enforcement decides they “should have known” something was not right.