This morning I received an email from someone I didn’t recognize.
I didn’t know the sender, or the company name, or the dot-com address from which it came. And the supplied password in the message had me feeling uneasy.
It was especially well-timed because I had just been speaking with Paula Naka, Manager of Risk Management at Interior Savings, about frauds and scams, and I had asked about Identity Theft, Computer Scams, and Online Fraud as well. Computer inbox and pop-up scams are becoming increasingly common and, for me, it seems like almost daily events.
What should I do with this email, Paula?
Don’t open it – delete it. If you open it in error don’t click on any links or open any attachments. And don’t enter any passwords supplied within the email to get at the attached file. It’s common for fraudsters to claim the attachment is a receipt for something you know you didn’t buy, because that tempts you to open it from fear you’ve lost money. That attachment may contain malware, a program designed to worm its way through your hard drive and steal your information: account numbers, passwords, banking info, photos and contact lists. By entering the password provided, you just handed someone the key to your computer.
What if a message appears on my screen or I receive an email from Apple, Microsoft, or Windows?
Also dangerous. One of the most common scams is when you get a pop-up on your computer (a message that appears on your screen from out of the blue) or an email message saying your anti-virus program is out of date, or ‘this is Microsoft and we need access to your computer to fix a bug’. When you click through the links and submit your information, the phony company gains access to your computer and installs software that tracks what you’re doing. They may also charge your credit card for the ‘work’ done. If you store any personal information on your computer, which most of us do, hackers are then able to access all that information. Unfortunately, these pop-ups and emails look legitimate, because hackers use company logos and fake sender addresses.
I was caught off-guard, followed a series of instructions, and submitted my banking information online. Now, what do I do?
Stop using the computer you signed on with. Unplug it and take it into a certified shop to have it cleaned. Don’t sign on until it’s been cleaned. Sometimes when people think they’ve been hacked, they boot up the same computer and change all their passwords. They don’t realize that if their computer is infected, the new or updated access codes will also be compromised.
Does this mean I shouldn’t shop online?
It’s okay to shop from a reputable company that you’ve purposefully found online. In this case, you’ve initiated the shopping process – which is different than following links initiated in a pop-up or an email.
Keep in mind that legitimate companies, including Revenue Canada and your financial institution, won’t ask their customers to provide personal information or bank details via a pop-up message, email or text message, for that matter.
And when you’re shopping online, look for the padlock icon in web page addresses, like ours:
This means the page uses a security protocol to encrypt and transfer information safely.
What are hackers looking for?
Hackers are looking for some simple information to help them build a fake identity. The most common use for that identity is to open credit in your name or to open new bank and/or credit card accounts with your information that then is used as part of a bigger criminal operation.
Identity theft comes in many forms, including theft of old-fashioned mail, cheques, your wallet or purse. Your 9-digit Social Insurance Number is gold for crooks, but the truth is they don’t need much to create a new identity under your name.
How do I protect myself?
- Be cautious. Keep your operating system and security software up to date. If you’re not sure about a website or email, close it or delete it and contact the company yourself through regular channels. The more diligent you are about keeping your personal information secure, the better. Read more on preventing identity theft here.
- Don’t react instantly to anything. Take a step back, do some investigation and then determine whether this is legitimate. Most people actually have a pretty good idea when they’ve been hacked. They know something uncomfortable has just happened. We often get calls from members who had been on a call or online and as soon as they got off the phone or their computer thought “wait a minute; that did not feel right.”
- Set up security alerts on your accounts. Most financial institutions offer security alerts that notify you when your account has been accessed, new payment vendors have been added or a request has been made to reset your password/access code.
- Report it immediately. If you ever suspect you’ve fallen victim to fraud, don’t delay; call your financial institution and the local authorities to report it.
Watch this video for more tips on protecting yourself from fraud.
You can also find more resources here: Protect Seniors Online, RCMP Frauds and Scams or The Little Black Book of Scams.