Protect Yourself From Cyber Scams – Part 2

In our last post we looked at common web and phone based scams that I have seen personally, or have been targeted at a client.  Today we will examine other scams that are popular with cyber-criminals.

Some of these are targeted at specific industries or at people in positions of leadership or ownership of an organization or business.

  • Charity scams – This is usually a fake charity claiming to be collecting funds for a worthy cause or group.  Some common options:
    •  Wounded Veterans
    • Police, Sheriff, and Fire Departments
    • Natural Disaster Relief
    • Medical Research
    • Public Schools
  • Tax Prep – Usually targeted at accountants, tax attorneys, and tax preparers, the perpetrators are usually looking for access to tax filings and other client information.  Usually this happens by sending an email attachment containing a remote access Trojan horse, which provides remote access to their computer.
  • Secretary of State Scam – An email appearing to come from U.S. Secretary of State Rex Tillerson says you are owed a payment due to an FBI investigation.  You can receive this large payment if you send some personal information, bank account and routing number and an advance fee.  The government is going to send you money?  Really?
  • Cell Phone Porting Scam – Scammers collect enough information about you either directly or from online sources to convince your cell phone provider that your phone was stolen and your need the number ported to a new phone on a different carrier.  Then they can use your phone to access other accounts and personal information.
  • Payment Declined – Often associated with Netflix accounts, you will receive a fake email from a company saying your credit card was declined, and asking you to click a link, log in to your account, and re-enter your credit card information.  The perpetrator has your password and credit card information and can use it to male purchases on other websites.
  • Medicare Card Scams – Congress has instructed the SSA to replace Medicare cards with social security numbers with new cards using a different 11 digit number.  Scammers are calling and emailing to get these new numbers.

Remember – it is always about the money, so when you feel someone tugging on your wallet or pocketbook, this is your first clue this may be a scam.  I have a few rules that I follow to protect myself.

  • Be disagreeable – Never say yes, and be as skeptical and disagreeable as you can.  Often the caller will bail on the call before you do if you just provide a little resistance.
  • Give no information – They called or emailed you, after all, and you have no way to verify if their identity is authentic.  Do not confirm your name, it’s spelling, your street address, or anything else.
  • Do not click the link – Do not click on links in emails, or log in at web pages that the link takes you to.  Same goes for attachments.
  • No credit card purchase on unsolicited phone calls – I don’t care if it is a great deal for your local newspaper, a call from a charity, a tech support company.  The rule is:  if they called you, they DO NOT get your credit card number.  If they can’t send you a bill, too bad.


About the Author:

Cybersecurity analyst, pen-tester, trainer, and speaker. Serving small business owners in the St Paul, Minneapolis, and western Wisconsin area since 2001. Cybersecurity and hacking have been a passion of mine since I entered the computer and networking business in 2000. I hold several cybersecurity certifications including Certified Information Systems Security Professional (CISSP), Certified Advanced Security Pratitioner (CASP), and Certified Ethical Hacker (CEH). Other computer industry certifications include A+, Network+ and Microsoft Certified System Engineer (MCSE). As Cybersecurity Analyst at The WyzCo Group, I help our clients experience high levels of security on their computers, networks, and websites. In addition to consulting on security products and services, we also conduct security audits, vulnerability assessments and full penetration tests. We also work with companies and organizations that need to certify compliance with regulations such as PCI-DSS (credit card processing), HIPAA/HITECH (medical records), and GLBA. We also provide Cybersecurity Awareness Training for clients and their employees. I am a frequent speakers at cybersecurity conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference, the (ISC)2 World Congress, and the ISSA International Conference, and many local community organizations, Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2008.

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.