How to protect yourself from the Onslaught of Phishing Emails and new, dangerous callers

Phishing is attempting to acquire information (and sometimes, indirectly, money) such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication.

  • Wikipedia

This is not news.The email arrives from American Express. It warns that they are limiting access to my account, and that in order to protect it, I should log in and update my information. There is just one problem. I don’t have an American Express account. What is different here is the frequency of these phishing attempts, and, a newer tactic involving urgent-sounding phone calls.

Let’s look at two of the strategies these savvy scammers use, one at a time.

First, a more common scenario that you may already have heard about. Chase Bank contacts you via email, stating that in accordance with your alert settings, they’re just letting you know they’ve authorized a charge of $1,174 on your account, for some company you’ve never heard of.

Enter any of the major bank names into these alerts, complete with corresponding logos and formatting, and someone will will fall for it. Seniors are especially at risk. They tend to be less familiar with the online environment, feel less secure about their abilities on the computer, and tend to be more vulnerable in general.

The idea is to make the recipient panic, and immediately click on a “bank” link to update information, verify the charge, and so on. As soon as one clicks on that link, one of three things will happen.

  1. Nothing. The link is not found, or is non-functional (probably taken down by the authorities or internet service provider, because it’s fraudulent).
  2. You’re taken to a very convincing website that looks just like your bank’s, complete with images, formatting, and all the usual marketing / banking blurb. “Click here to unsubscribe” and many other innocuous links, statements and suggestions are strategically scattered on the page, just as they would be on the real website. All you have to do is enter your login information, and the criminal has the keys to your account. Within minutes he could empty it.
  3. By clicking on the link, something active is downloaded onto your computer (perhaps in the background, where you can’t see it). Once on the computer, it can act as a virus, causing all kinds of trouble for your files – or it can implant itself as malware or spyware, tracking what sites you go to, what keys you press for entering sensitive login information, and so on. This information is secretly stored, and then quietly sent to the criminal who sent you the clandestine software to begin with.


Unlike the characters depicted in movies like “Wargames”, where some kids were just out to have some fun, these callers are part of organized crime rings. They sometimes employ enterprising tech-savvy teens, doing their best to con you into allowing them into your digital life. In some instances, they’re looking for access to your financial information. In others, they hope to sell you bogus tech support for a problem your computer isn’t really having. For the latter, they usually try cold-calling a list of numbers out of online phone books, customer contact lists from stores that have been hacked, and so on.

It’s an increasingly popular practice, this tech-over-the-phone scam. It started in the UK around 2010. Now it has jumped the pond and is spreading through North America like wildfire. Just the other day, in a fluke of good timing, I was helping a client with her Mac in her home office, when she received a call from a call center in India. (There was a several second delay in the connection, and the caller stated he was in India). She was thrilled that I happened to be there to take the call. She quickly told me someone had been calling for weeks, despite her decline of their numerous offers of “help”. The man on the phone informed me that my client’s computer had been sending many warning messages to their “control center”. According to him, they monitor the internet for “suspicious, and even dangerous, fraudulent activity.” (How ironic, i thought. He monitors himself?)

He asked whether I was near the computer, as he wanted to walk me through what we “had to do to resolve this situation.” His call sounded very urgent, — it seemed our very lives depended on getting to that computer as quickly as possible, so that he could help us avert utter catastrophe, and perhaps diffuse a bomb. (Yawn)

Continuing in his urgent tone, this “tech” on the other end of the phone informed me that we didn’t have to worry, that “there is still time to take care of the problem.”

I said “Really? What operating system do we have on our computer?”

He paused a moment, then said “Windows.”

I answered “Incorrect!” and slammed down the phone.

Had we not known any better, this caller might have talked us into purchasing “tech support” from him to fix our “problem” remotely. The average asking price from these scammers starts at about $170 for the first assessment. But the greater danger is that they may talk you into allowing them access into your computer – a REALLY bad idea. Once they have your credit card information, all bets are off. More worrisome is that if they gain access to your computer, they might retain that access into the future. They would not only possibly see anything you enter on your computer from that point forward (including login information, bank passwords, etc), but also enslave your computer to act as a drone or robot of sorts, to conduct cyber-attacks on commercial websites.

For the record, Microsoft states they don’t offer any “monitoring service” for Windows machines. They will not call you to inform you that something devious is happening with your computer. It’s a scare tactic meant to, at best, pry dollars from your wallet.  The Mac, meanwhile, is generally impervious to the kind of malware/spyware that can wreak havoc on Windows machines. While technically it is feasible, and people are always claiming that Macs too are susceptible to viruses and spyware, I have yet to see anything bring down a Mac that is a true virus. We still recommend you have anti-virus protection, because that day – the day that a virus does bring down a Mac, will certainly come.

Plenty of con men are prepared to tell you anything to get you to give them your personal information, especially your credit card information, over the phone. Obviously you won’t want to allow that. (The infuriating thing is how many innocent, less tech-savvy consumers are duped by this setup).

So that you might prepare yourself for receiving such a call (they are usually generated randomly, but after first contact, they will continue calling), here are some tips:

  1. Never give credit card information out over the phone, if someone calls YOU to ask for it, or confirm it. Banks would never do that. Stores don’t do that (generally), unless you’ve recently placed an order that needs clarification, or the call is a follow-up call to one you made to the same party earlier. Banks will NEVER call you to verify card information. It’s their account! Why would they not have your info?
  2. Never buy into emergency computer help, internet help, or network help if someone calls you to take care of an “urgent matter with your computer”. They don’t know what computer you have. They’re bluffing. Since Windows machines still dominate the market, it’s more likely that they will get the operating system right if they say “Windows”. Keep in mind that these criminals are diligent and disciplined. They take notes. Our client mentioned that the same people have called her three or four times already. Each time they get another nugget of information, and they’ll use that to con you several weeks from now. For example, today the caller learned that my client doesn’t have a Windows machine. The next time he (or an associate of his) calls, he’ll try saying “Mac” is the operating system on her computer, and he’ll be right. If the caller gets the answer right, you may find him credible. Do not. Avoid giving out any information about your computer, email address or surf habits. The best course of action is to hang up.
  3. The “do not call list” means nothing to these scammers. Don’t waste your time complaining to the caller that you are on some “do not call” list. He or she is just thrilled to have you on the phone. And you don’t have to be polite. They are trying to relieve you of the contents of your wallet. There is no obligation to be polite to a scam artist. Hang up.
  4. Statistically, customers who use online banking are less likely to fall prey to identity theft, online hacking, or fraudulent charges against their accounts. That’s because tech-savvy customers have banking apps, and investment apps that they use to keep a close eye on their accounts. If you set up electronic accounts for banking, bill payment, and utilities, you’ll be able to keep a close eye on all of your accounts easily. Use passwords that are very secure, employing a combination of letters, symbols and numbers. (“Red67enchilada!” is a great password. “Password123” is not.)
  5. Do not access financial accounts online unless you are on your own computer. Never log in to a banking site on a public, internet cafe, or cruise line computer. You may forget to log out, or some undesirable may have installed a keystroke logger. That means he can return to that public machine and pull anything you’ve typed on it. If and when you’re using a computer that isn’t yours, assume your keystrokes are being recorded by strangers. Use caution.
  6. Make sure your banking passwords are completely different from any other passwords you use for anything else. DO NOT make your banking password the same as your email password, or your facebook password, or your wireless network password. That’s much to easy for a crook to figure out.
  7. Do log in to your financial sites frequently, so that you can track any suspicious transactions, or banking errors. If you find an error or something suspicious, contact your financial institution immediately. Keep in mind you will have to run the gauntlet of security verification when you speak to the bank. They are, after all, trying to protect your account.


And finally, a note about third world (or really any) call centers. The internet has developed into a fabulous resource that reaches almost every corner of the world. There was always talk of the potential of the internet ten, fifteen years ago, but who knew it would become what it is today? The world really is at our fingertips, and the availability of opportunities, especially for less developed areas, has exploded.

India, for example, has blossomed with new technologies, and enjoys great success with strong growth of many legitimate businesses. To everyone’s dismay, however, there are “bad apples” in every industry. I’ve pointed out that the scammers were calling from India because they’ve stated as much in the calls, and spoke with heavy Indian accents. But really, scammers can come from anywhere. In this case, if calling from outside of the country, they are beyond the grasp of  U.S. law enforcement.

We’ve had many successful interactions with legitimate call centers around the world, who have been very helpful, even invaluable in getting issues resolved with hardware and software warranties. Outsourcing support calls can be cheaper for manufacturers, and may be necessary to stay competitive. We get that. The issue here is with the scammers, not legitimate call centers.

It would also appear that some industries are slowly returning to North America to open call centers here. In recent years, the backlash from consumers who were having difficulty understanding the accents of outsourced personnel, made it clear that perhaps companies were saving money in the wrong place. Image is everything, and comprehension is key.

Sound the alarm to your friends and family. Scammers are working overtime to take advantage of the unsuspecting public, and are getting very good at it. The next time someone at home gets “the call” for your computer, you’ll know exactly what to do.

As for feeling a bit overwhelmed by all of the technology, all I can tell you is that con men have existed since the beginning of time. The world is not a more dangerous place today because of the technology. If anything, thanks to our ability as consumers to check our accounts from anywhere our smartphones can connect, technology has made our accounts safer, and many of us smarter. Thanks to email and social media, we can now alert each other within seconds of learning of new threats.

It really is a great time to be alive.

If this is your first visit to our site, you may also want to look for “Hacked AOL Address Books and forwarded chain emails – the latest threat to your security.” In it I describe other scams you’ll want to be aware of.