August 20, 2020 Road Warrior

Limiting Your Exposure to Scams

by Jeffrey Allen
The better the
information you
have, the safer
you are.

The better the information you have, the safer you are.

Christian Horz / iStock / Getty Images Plus

The art of the scam has grown rapidly, assisted by advances in technology. I have often posited technology as a double-edged sword. On the one hand, it can help us immensely, making our lives easier and better. On the other, it can create personal and professional problems for us, some of a very serious nature. In this article I will explore some of the more common scams that make use of technology as well as some of the things you can do to limit your exposure to the problems they can cause.

To give you some perspective about the scope of the problem, statistics published by the Consumer Sentinel Network, maintained by the Federal Trade Commission (FTC), reported that in 2019 the United States had 1,679,934 consumer fraud claims and an additional 650,572 identity theft claims (https://tinyurl.com/ybrmrtsj). Many of these claims related to the use of a variety of technologies ranging from the telephone (landline and cellular) to the use of e-mail and other computer issues. Every time an opportunity to create a scam arises, a bad guy takes advantage of it somewhere. If no opportunities readily present themselves, the bad guys create them.

Hard as it may seem to believe, even the COVID-19 pandemic has given rise to a whole series of scams from phony testing to the sale of masks and other protective devices that either do not work or are not delivered. Not surprisingly, scammers have made efforts to spirit away the federal $1,200 payments as well as state and federal pandemic unemployment benefits. There are even scammers holding themselves out as representatives of the Internal Revenue Service (IRS) seeking to collect delinquent tax payments and threatening people with incarceration.

The FTC has devoted a number of articles to this subject on its website (https://tinyurl.com/y42vsycb). You can also find discussions of many scams on the USA.gov website (https://tinyurl.com/hkn3ek6).

You have many tools that you can use to limit your exposure to scams. Not surprisingly, the first and foremost rule is to use common sense, and the second is to learn some basic facts about the way that the government works. The government sites listed above will give you some of that information. While I do not have the space available to examine everything about government collection activities, I will point out that no federal agency and no state agency that I know of will ever ask you to pay with gift cards.

The better the information you have, the safer you make yourself. Many agencies provide guidance and information about current scamming schemes. You can start by following these links to get more information about current scams and protective measures:

As many scams and scammers depend on getting access to your information and/or your devices, some of the best protection available beyond the use of common sense comes from standard cybersecurity measures that you have hopefully heard many times before and already have in place. Just in case you missed some of the most basic ones, I have listed them below.

Stranger Things

(No, this is not a paid ad for the television series, but the series is worth watching.) This first piece of advice comes under the heading of common sense: Be suspicious of peculiar requests, no matter how the contact comes to you—for example, a call or an e-mail purportedly from the IRS or your utility company (or any other institution for that matter) telling you that you owe money, threatening action against you, and asking you to provide payment in the form of gift cards.

A number of scams involve people posing as friends or relatives using e-mail or text messages or sometimes even phone calls claiming that they are locked in jail, often in a foreign country, and need you to send them money to pay a fine or post bail so they can get out. A related scam has the bad guys posing as a friend or relative saying they were robbed while traveling and they need you to send them money as they are stranded.

A great many people have moved to online organizations to try to find a partner, mate, functional equivalent, or just a few dates. Not everyone you meet in that milieu has the same motive as you do. If you meet someone online and they start suggesting that you should send them money for whatever reason, don’t. No matter how simpatico the person may seem to you, odds favor that the requester joined the site to solicit money and for no other reason. Some of the reasons regularly given to justify such requests include paying bills, paying for medical care, or purchasing a plane ticket to come visit you.

Another scam relates to winning a lottery—often one you did not even enter. The odds against your winning any lottery are astronomical. The odds against your winning one you did not enter are even higher. If someone contacts you and claims you won a lottery that you never entered, expect that they will want information that would enable them to steal your identity or a payment by you, supposedly to cover transfer expenses or taxes or some such thing as a prelude for you to recover your winnings. Don’t give them what they want. If you really think you might have won a lottery, contact the responsible authorities independently and see what’s going on. If you really won, these expenses can be deducted from your winnings without your having to front the money for them.

Keep Your Software Current

The bad guys like to get access to your devices by taking advantage of security lapses in software residing on those devices. Holes or weaknesses in programs and operating systems allow the bad guys to break into your devices and access the information they contain. Sometimes they use that technique to transfer malware to your device, which transmits information to them, allowing them to steal your identity and, perhaps, your assets and/or include malware allowing them to take over your device and/or download data from it.

Legitimate software developers regularly issue updates to close discovered security gaps. You will want to install these updates on your devices for your protection (as well as your convenience, as these updates frequently contain new features, too). If you have software no longer supported by its publisher, you should stop using it immediately. For example, Microsoft stopped supporting Windows 7 in January 2020. If you have it on your computer, you should update to a version of Windows 10 as quickly as you can. If you have a version of Windows earlier than Windows 7, you should also update immediately.

Add Virus and Malware Protection

You can get functional virus and malware protection software for Windows and macOS computers as well as iOS and Android mobile devices. Although far from perfect, available virus and malware protection software can locate and isolate or remove most malware from your devices. Here is a link to an article that compares some of the best-known virus protection software offerings: https://tinyurl.com/ybc5zbv8. For those of you who use macOS-based computers (Apple), I will share with you that Apple’s technical support people have recommended Malwarebytes (https://www.malwarebytes.com). As most of you know, I prefer macOS and use Apple computers for almost all my work. I have Malwarebytes on each of my Macs.

I generally have at least two antivirus/anti-malware programs on each of my devices. I am at higher exposure due to all the software and apps that I add to my devices for testing, so it becomes even more critical that I pay attention to such risks. Even though you do not necessarily do software testing, I suggest that you consider getting two different programs for safety. While you should have only one program active at any time, as they can interfere with each other and with other programs, having the extra program can come in handy. Not all programs succeed with the same malware. Sometimes one program picks up something another program misses. As a result, I find it comforting if not useful to run a scan with the second program from time to time as insurance. I recommend that you follow a similar procedure under the theory of better safe than sorry!

Beware of E-Mail Scammers

Many scam artists approach their victims through e-mail. That makes sense as they can send out many e-mails in the time it would take to make one phone call. Additionally, e-mail can make things very easy for the bad guys if you fail to exercise adequate caution. Another advantage for the bad guys in using e-mail relates to the ability to make e-mail look legitimate when it is not.

The bad guys can go to a website to duplicate the company’s or government agency’s logo and insert it into their e-mail. We see that all the time. You may get e-mail with logos or seals from financial institutions, retailers, or government agencies that look quite official.

In preparation for a program I recently did, I spent about 20 minutes wandering around the Internet and managed to collect a wide variety of logos and seals from the federal government, various state governments, certain other countries’ agencies, and a number of non-governmental organizations including financial institutions, retail outlets, etc. Once in possession of such things, it does not take much effort to add them to emails, letters, etc. Here’s where some common sense comes into play: You may not have the ability to differentiate between a phony e-mail generated by a scammer and the real deal. Accordingly, you should treat as suspicious all e-mail telling you that you have a problem with one of your accounts, or that you owe money, or that you need to verify certain information, or any related subject. When you receive a suspicious e-mail, you should not respond to it directly. Rather, you need to verify whether it has a legitimate source. Here is an example of a suspicious e-mail that I received:

Fraudulent e-mail containing the Wells
Fargo logo

Fraudulent e-mail containing the Wells Fargo logo

Note that this particular example, while it contains a Wells Fargo logo, was not done particularly professionally. Presumably anyone e-mailing from Wells Fargo would have a Wells Fargo e-mail address. The sender here, however, does not. The e-mail came from angelina.rasper@comcast.net. In the original e-mail as sent, what appears is only the name “Wells Fargo.” If I click on that name as the sender, it reveals the sender’s e-mail address. If I were to click on the “Validate Your Account” link, it would either download malware to my computer or take me to a phony website that would ask me to provide personal information or both.

How do you verify suspicious e-mail? If you cannot tell from the sender’s identity that it is a scam, call the company or agency or go to their true website. If it is a financial institution, you can get the correct telephone number or the URL for the website from the back of your credit card, debit card, or monthly statement. If it is a governmental agency, you can look it up online by going directly to its website. Do not use the number provided in the suspicious e-mail. Do not click the link or use the URL provided in the suspicious e-mail. Scammers can answer the phony telephone number they provided you by saying they are the IRS, the Bank of America, or whatever. Moreover, scammers have been known to create phony alternative websites that make you think you have reached the correct website for the agency or company. The link might well take you to such a phony website. Alternatively, it may take you nowhere or even to the legitimate website for the company but during the journey transfer malware to your computer.

Protect Your Hardware

Keep your hardware secure. Don’t walk off and leave it while you go to the restroom at an airport or to get another drink at the local Starbucks (assuming we can one day again go inside a Starbucks). I am not telling you not to allow a trusted friend or spouse to watch your devices for a few minutes. I don’t, however, recommend that you leave them in the custody of the person sitting at the next table whom you never saw before. I have seen many, many unattended devices in airports, coffee shops, bars, libraries, and restaurants. I know that you sometimes need to power up your device. The best recommendation I can give you for that is to carry a power bank with you to enable you to keep the device on your person while it charges or to plug it in where you can sit by it and guard it.

Most systems have remote-wipe software available that lets you erase your data remotely if the hardware is lost or stolen. Some of these programs will even do it automatically for you if someone enters a wrong access code a given number of times. If your operating system has it built in, turn it on right now. If it does not, download it right now, install it, and then start it running. These programs do not offer complete protection, but if you send the command and the device later connects to the Internet, it should erase your data.

Most mobile devices have “Find My Device” technology available. You want that on as well. If you turn that on, you may recover a misplaced or sometimes even a stolen device. I have personal knowledge that it works as I have had two occasions to use it, one more serious than the other. In the first, my phone came out of my pocket while I went through airport security, and some helpful person put it in the wrong place. The Find My iPhone software allowed me to locate it quickly. In the more serious occasion, I was traveling in Eastern Europe, riding on a mobility device. My iPhone fell off the seat as I rode across a somewhat bumpy road. I did not notice that the phone was gone for some time. As it turns out, I had traveled about a half mile before discovering the loss. I opened the Find My iPhone app on another iOS device, and it led me back to where my phone had fallen facedown in the middle of a street. Fortunately, despite the fact that a car had driven over it, the phone suffered no damage. The case I had it in protected it. I know with certainty that a vehicle drove over it as I found a tire print on the back of the case.

Protect Your Access to Devices and Accounts

Use unique, complex passwords or biometric measures to access your devices and your accounts. Passwords—or, better yet, pass phrases—should have at least eight characters. The longer the better.

The ideal password consists of random characters. Unfortunately, most people find it difficult to remember random character passwords. Passwords do no good if you cannot remember them and access your own devices and accounts. You may find it easier to remember a pass phrase. A pass phrase using upper- and lower-case letters, numbers, and symbols will make it difficult for people to crack. An example: “#bewarE tHe jabberWOK 1934932@”. The problem with pass phrases is that they take a while to type into your device. Also, they can prove challenging to remember. The best solution for most people is to get password generating and storing software, such as 1Password (https://1password.com). It will generate random character passwords for you and store them to enable you to access them when necessary. It will also store passwords you create and select yourself. The good news: You have only one password to remember to access all your passwords and phrases (which probably has a lot to do with the program’s name).

It works very well to shift to a biometric access procedure, such as a fingerprint scan or facial recognition. Many telephones, tablets, and computers now have that technology available. Others will follow.

If the bad guys get into your device, they potentially have access to all your online accounts. Accordingly, you will want to secure your computers, tablets, and phones at least as well as you do your bank accounts. Don’t use the same passwords for numerous accounts. Yes, reusing passwords will make them easier to remember, but then the bad guys can access numerous accounts if they get the password to only one. Treat your passwords securely. Don’t write them down on a piece of paper and stick it in your pocket or post it on a sticky note on your computer display. If you make it easy to get access to your devices and accounts, you increase your vulnerability as a target.

Protect Your Identity

This one also comes under the heading of common sense. Do not give your personal information out to strangers. If someone calls you and asks for it, hang up on them. If it is potentially a legitimate request, initiate your own call to the company or agency at a reliable and safe number (such as one on your bill, statement, or credit card) and verify whether the call had a legitimate purpose. If so, you can provide the information to the representative at the reliable phone number on the call you initiated.

Use a Virtual Private Network

I used to regularly recommend that you stay off public WiFi. I still think that you should do that; but the siren song of free WiFi has seduced many of you. The safest thing to do is carry your own secure cellular WiFi hotspot and use that instead of the public WiFi. While staying off public WiFi remains the gold standard, if you cannot resist using it, install a virtual private network (VPN) that provides protection to you while on the public network. By the way, public WiFi includes, among many others, the WiFi at your hotel, the airport, or the restaurant or coffee shop. The easiest way to get a VPN is to use one of the available providers (although it is not that hard to set up your own). I like to use VPNs pretty much all the time, even for my own cellular hotspots and my home and office networks. Here are links to comparative reviews of some of the better-known VPNs:

I know of no reason not to use any of the VPNs discussed in these reviews. I also know that other VPNs not mentioned there can work just fine. I have found that sometimes a VPN has a problem connecting in some locations, so I have two that I keep on my devices. Usually, if one cannot connect in a particular location, the other can. I am not going to recommend one over another, but I will share that I use Nord as my primary VPN, and VPN Unlimited as my backup. You will find Nord listed in the articles referenced above, but not VPN Unlimited. If you want it, you can get it at Apple’s App Stores for computers and for iOS devices. You can also get it for Windows and Android devices.

Encrypt Important Information

If you encrypt your data, you make it much more difficult for the bad guys to do anything with the file, even if they get access and download it. Proper encryption also requires the use of a strong password. This means the bad guys have to break into the device, break into the account where you store the data, and break through the encryption file protection. Generally, the harder the bad guys have to work for it, the less likely that they will do so.

Back Up Your Information

This won’t help you with scam prevention, but if you lose a device and wipe its data remotely, you will want a backup to restore the replacement device. Ideally, you will have a local backup and one in the cloud. You should make sure to keep backups current as you will lose anything that happens after the last backup and before the loss of the device.

In the immortal words of Sgt. Phil Esterhaus (from the television show Hill Street Blues): “Let’s be careful out there!”

Download the PDF of this article

Entity:
Topic:

Want more personalized content? Tell us your interests.

Jeffrey Allen is the principal in the Graves & Allen law firm in Oakland, California. He is Editor-in-Chief Emeritus of GPSolo magazine and the GPSolo eReport and serves as an editor and the technology columnist for Experience magazine. A frequent speaker and writer on technology topics, he is coauthor (with Ashley Hallene) of Technology Tips for Lawyers and Other Business Professionals (ABA, 2016).