Education ∪ Math ∪ Technology

Tag: phishing (page 1 of 1)

They have call centres now

While I was at my mother’s house the phone rang so I picked it up.

"Hello?"

"Hello Sir," said a female voice on the other end of the line, with a slight accent, "We are calling you from an independent computer security company. We want to let you know that we have received numerous reports that your computer has downloaded viruses and malware, and we would like to help you fix your computer." In the background, I could hear the unmistakable background noise of a busy call centre.

"You know that’s impossible, right?" I responded.

"What’s impossible?" she responded.

"You can’t possibly, especialy as an independent computer company, know the phone number associated with a specific computer, even if you were somehow able to scan my mother’s computer remotely without her permission. You are trying to scam her. It won’t work this time. I teach people how to use their computers. I’ve taught my mother about you. You cannot scam my mother. I will record the phone call the next time you call, and forward it to Interpol. Leave my mother alone!" I said firmly. (I doubt Interpol would be able to do much about this scam, but hey, empty threats sometimes work.)

Click.

Warn your parents, your relatives, and anyone you care about who may be taken in by this scam. My mother got caught the first time, but with some help from me, we recovered her money, and I have hopefully helped immunize her from the scammers.

Profile of a phishing attempt

Phishing attempt

(Click the photo to view it larger.)

 

Last night, I got another one of the many direct messages I receive each day via Twitter telling me that someone has written something horrible about me. Since I was using my older computer, and I have Ubuntu installed on it, I decided to click on the link provided in the direct message, deciding that the risk of accidentally downloading a virus was minimal.

The page took a while to load, almost 3 or 4 seconds, and then this page showed up. I was a bit surprised for a second, and thought, hrmm why am I back at Twitter, and why am I not logged in? I reached for the keyboard and was about to type in my password, when I stopped myself and thought, "I should check the URL first." I’m glad I did.

If you look closely, you’ll notice that the URL for this site is not quite right. The word Twitter has an extra i and v in it that shouldn’t be there.

I realized that this was a very clever phishing attempt, and that I had almost fallen for it, even though I knew in advance that the link was very likely to lead to trouble.

My recommendation is to be very suspicious of links you receive via social media and email. If the link seems out of context, or you aren’t expecting someone to be sending you a link, don’t click on it. If you do click on it, DO NOT enter your password or other information on the site. Instead, navigate by yourself to the appropriate website, and enter your login information there.

Please share this information with others so that we can curb the link baiting and phishing going on now through Twitter, email, and other similar services.

More examples:

Another phishing attempt

 

Facebook app phishing

 

Update: If you happen to get caught by one of these phishing attacks, don’t panic. You just need to change your Twitter password. If you cannot access your Twitter account, you should still be able to request a new password be sent to your email here.