We’ve seen a worrying rise in scammers ringing or emailing customers over the last year. I’d even go to say its the biggest rise in crime I’ve ever had experience of.
The modern scams are generally the same whether the contact is by mail, email or most commonly now by phone.
Old email or letter scams made famous by the Nigerian General/official/prince etc where a large sum of money needs laundering are well know. The modern version with live interaction with scammers in teams is much more convincing. Its normally from Technical support, Microsoft, Amazon, Bank fraud detection, the police, the tax office etc. It claims you’ve been hacked, we’re spotting something via our monitoring, we’ve noticed bad transactions, you owe us large sums of cash etc. Normally you have to act immediately, something disastrous is going to happen if you don’t. Ssometimes the contact warns you not to check elsewhere as scammers could be trying to attack you at this moment (so utterly truthful is that).
The credentials grabbing scammer will often have stolen data to identify themselves to you, examples are address, bank account codes, phone number, name, email address. They get these details from the internet or from lists created on the dark web. They don’t quite have enough detail to attack your bank/amazon/ebay/other trading accounts, so they ring up, email or webchat you to get this.
Another common scam is to get you to allow them to remote access your computer. Once there they can do a few different things, most recently we have seen scammer convincing customers to log in to online banking and then transfer money to “safe” accounts or similar. The scammer could become a ransomer at this point by installed encryption malware on machines locking up the data, but we’ve not seen this from a live interaction so far. Once you let someone log on to your machine, its easy for them to then convince you something’s wrong and the version of scams last year was to them get you to pay for fake support for these problems. As people usually paid on credit cards the money was often recovered (after lots of convincing the credit card company you actually were a victim not just stopping a legitimate payment), hence live transfers now seem much more popular. We’ve seen some customers who acted quickly after a call get lucky and a bank fraud team recover cash, but often its gone from the scammers account minutes after you transfer it.
All these scams make it difficult for REAL warnings to be made. However legitimate companies warning you (e.g. your bank) will direct you to mechanisms which are verifiable.
Some tips when verifying a “warning”. Contact the company warning you on a separate device or phone (don’t ring back on the same line a scammer uses as they can keep the line open and fake conversations). A warning company will be happy for you to do this, a scammer will often get very irritated. Log on to online accounts how you would before (but never with a scammer on your machines “helping you”.
If you have problems with a computer/device use a company where you can recognise peoples voices who do your support or at least have a sure-fire way they can verify themselves. Support companies DO NOT ring people up out of the blue and tell them your device has a problem, unless the support has been set up already. Amazon prime, Ebay support etc don’t ring you, they communicate via their websites; sometimes telling you via email there is a problem, but you can log in normally (not from any supplied links) to check.
Just remember scammer want your logins, they want to help you transfer money to them, they want to gain data on you to sell on, they want to sell you worthless support contracts. This is the new crime wave and depressing as it is: beware.