Scammer Versus the Ordinary Guy

The Scammer and the Tech

A scammer doesn’t begin their communications with, “Hi, I’m a scammer. Give me all your money.” No, they’re much subtler than that.

“Hello, I have a donation for you. Please contact me.”

 “Hi, I’m your dearest friend Alan. I’ve been kidnapped by dissidents in Africa and they’re holding me hostage until you pay the ransom.”

 “I’m a solicitor and I have a bequest for you…”

“Your Westpac account has been hacked.”

 “Your ASB account has been hacked.”

“I’m a partially sighted, vertically challenged female (yeah, could be me) from abroad somewhere and I’m spamming you because my randomly selected email finder said you’re a nice lady and I need a million dollars for a brain transplant.”

Yeah, mostly I delete the ones my email provider doesn’t slide into the ‘spam’ folder. The spelling’s horrendous and some of the scenarios are hilarious and definitely good for a snort and share moment. I’m not a grammar nazi but some of the ‘give me all your money’ emails look like they were written by a five-year –old with a crayon and painstakingly copied into an email by a younger sibling. But every now and then I get something a bit different.

I got an email from someone at a well-known NZ company that sells vouchers legitimately. Because it was a real vendor, instantly I assumed it was genuine; everyone’s heard of them. The person emailing sent me a voucher in an attachment and mentioned the ‘meeting’ we had arranged. The email address definitely seemed to come from the company and the smiling picture which Chrome kindly sent as a profile looked like it could have been kosher. It came to my work email and I get random emails all the time from perfect strangers so, knowing I had no meeting booked with anyone of that name and figuring an employee sent an expensive voucher to the wrong person, I emailed back.

It was a nice email, saying I thought he’d made a mistake and we didn’t have a meeting.

Techie husband went…mental.

“Now you just told a scammer he’s found a real email address. These guys are chancers. Please tell me you didn’t open it?”

Actually…

I hadn’t opened it.

I didn’t open it because what’s the point of seeing a free thing when I can’t have the free thing because it wasn’t for me? I’m a great believer of, ‘What the eyes don’t see, the heart can’t grieve over.’ Thanks Mum for that wonderful piece of advice; see how important it turned out to be?

Husband went for a lie down in a darkened room after telling me to block, double block and triple block that email address, run a virus scan on my laptop and notify my employer on the grounds that one hit at that company would lead to many more seeing as we all have the same email format.

Not everyone’s mum gave them good advice and it would only have taken one tiny peek at that voucher to have unleashed something nasty onto my employer’s network. It could lead to a virus for us all, or it might have led to ransom ware, demanding payment before releasing our records, accounts and anything else my employer needed to continue its daily business.

It’s a nasty game for sure and this kind of thing as I experienced, is more likely to catch me out at work than it will at home where I’m more careful, more guarded and virus checked up to the eyeballs because I have the privilege of being married to the best tech on the planet.

At work I’m busy, often buried under paperwork of varying states and Joe Public wants my help and comes in all shapes and sizes with the strangest email addresses which they probably think are funny.

Yeahhhhh….

It only takes one of you to open that email to bring down a conglomerate, a small business or an unspecified number of people relying on their pay cheque each week to survive. It’s easily done but who’s gonna see it that way when your manager’s wearing egg on his face from days of lost production or the ransom for releasing company files back into their possession. And…they’ll know who opened that email.

So, as I was nearly caught sneaky peeking at something I couldn’t have, I remembered Techie Husband’s advice. I heard it in my ear holes like a recurring mantra and alongside my mother’s wisdom; it protected me from my own stupidity.

So here are the top tips for protecting yourself from scammers, spammers, and all of those; as told to me by my wonderful chap. Told to me…over and over and over…

1. Scammers are good at what they do; otherwise they’d need a proper job. This is their job. You are their next job. Do not open emails from unknown sources unless you have to as part of your role. NEVER open attachments within those emails. Also beware embedded links which email filtering can’t detect. DON’T CLICK THEM! Yes, that’s Husband shouting those instructions.
2. Use an email filtering service for critical email accounts. It might cost as much as NZ$7 per month but if hacking would cost you big time; consider it.
3. A lot of the emails look legitimate. They won’t be obvious. Parcels needing collection, bank stuff, often with some kind of veiled threat, sending it back, freezing your account etc if you don’t respond. They’re very sophisticated and becoming harder to spot.
4. Hover over email addresses and links with your mouse. That will show you where it really came from and often the link will have been extended beyond that of your bank. DELETE IT.
5. There’s no such thing as a free lunch. No way, no how, never.
6. Scammers play on our desire to give everyone a fair chance. If you’re not sure about someone’s identity or it can’t be verified; BLOCK THEM. Don’t take the risk.
7. If someone was genuine and you accidentally mistook them for a scammer, they’d ring your office, email via your website and behave like a proper person. If they do that, you can call their company and verify their details on the pretense of having lost their number/email address etc.
8. People don’t die if you block them. They don’t fall off the earth or get decommissioned. There is no sad, dimly lit waiting room for those blocked on Facebook, Gmail or any other form of media. They aren’t sitting around discussing your cruelty or planning their revenge once they get out of there. Often they don’t know; unless they’re a weirdo-stalker type and then they’ll know immediately. That’s a fantastic reason for blocking them anyway.
9. They’re after your money, your hard earned cash and if they can’t get you to give it to them, they’ll steal enough of your identity to take it anyway. The more information you give to a stranger, the easier you’re making it for them. My work phone number is part of my email signature. I wish it wasn’t but it’s company policy. It also gives my office hours because I’m part-time and the company website so they know exactly where I am. Hence Husband’s horror. Fortunately I think they just wanted me to infect my place of work and didn’t want to engage with me personally otherwise I’d be really scared. It’s a massive company and I’ll be fine. Really, no, I’ll be ok.
10. I know of companies and institutions halted by malware which was innocently introduced by an employee clicking on an attachment. There’s a reason why techs say, ‘Never open attachments from unknown sources.’ Listen to the techs; they know stuff. It’s not an empty threat.
11. Get great virus protection. No, not the free stuff, the average stuff or the ok stuff. Pay proper money and get great virus protection. Update your virus protection regularly.
12. If you do end up with a virus or malware of some sort, don’t email dodgy documents to other people to show them and don’t stick a hard drive or USB stick into your computer to ‘back up’ your stuff. It’s too late and now you’ve infected that too and anything else you plug it into.
13. Routinely back up all your clean data onto a hard drive. I’m awful at this and my tech gets very fed up with me. He has a system going between numerous hard drives and I’m meant to log it in a little book. I’m hopeless but thank goodness he’s not.
14. If the worst happens it will cost you. It will be financially painful. You will either need computer scientists to forensically recover your data or someone will be digging deep to pay a ransom in bit-coins. It will be a very unusual employer who pats you on the head and tells you not to worry; he completely understands how much you needed that voucher for a spa treatment and how about he’ll shout you one himself for this weekend…yeah, probably not.
15. Use extra protection for email and social media accounts. Most offer systems whereby logging into your account on an unfamiliar browser generates  a text message to your phone. That means if a scammer tries to hack your account, you get a text but they can’t access it without the code now sitting on your phone. Yes it’s not infallible but it is better than nothing. It’s annoying at first but you get used to it and might have cause to be grateful.

It’s a nasty business but we can protect ourselves with the tools available. Be careful out there and remember, there’s no such thing as a free spa voucher. Damn it!