Beware of the Lazy Hazy Crazy Days of Summer Cyberscams
Entrepreneurs spend a lot of time thinking of great ideas to build a business and eventually make money. Hackers today seem to be spending even more time thinking of larcenous ideas to build great scams and make money ASAP. Let’s check in with some of the latest scams so we can better protect ourselves.
Verification code danger
Do you use Gmail? If so, you’re probably familiar with the two-step verification process that involves sending a code to your cellphone to verify your identity and relationship to the email account. I was glad to participate in the process because I felt it adds a very secure identity checking step to the process.
However, the bad guys are using the security we sense in the process and twisting it to hack email accounts. Here’s the way it works:
- Out of the blue you get a text message from Google giving you a security code when you’re away from your computer.
- Soon thereafter you get another text message saying there has been irregular activity on your Gmail account. This message requests that you text the code you were sent earlier in order to halt the activity.
- If you follow through with this request, you’ve just given hackers access to your email account.
If a hacker has your email address and cell phone number, all he has to do is attempt to log onto your email account and say he has lost the password. Google then sends the verification code to your cellphone. The hacker then sends you a text message asking for the code. If you send the code, the bad guy can now get access to your Gmail account, comb through your information and even forward future emails to another account.
The Federal Trade Commission consumer division gives this sage advice, and it applies to more than just your Gmail account:
- If you receive an unexpected verification code, contact the source. Something’s up.
- Never send or forward a verification code via text message or email. You’re probably sending it straight to the bad guys.
Traveling this summer?
A lot of us will be booking hotels this summer for both business and pleasure. Hackers are taking advantage of this by creating fake hotel and hotel-booking webpages. This is a variation on the standard phishing technique. The websites often look like well-known brands. The crooks may even be staffing a “1-800” number with a fake customer service rep, so if you call you’ll think it’s legitimate. The idea is to capture your credit card information.
The BBB cautions consumers to examine the URL closely. It might be bookhotels.co instead of bookhotels.com, or something similar. Also, look to see if it is a secure connection; the URL will start with HTTPS with a “lock” icon. Further, when deals look too good to be true, they usually are. Do some comparison shopping before booking any “fantastic” deal.
Gift cards that are no gift
Gift card scams are taking on a life of their own. Popular right now are:
- Participate in a survey, get a gift card, and
- Facebook “like” scams promising a gift card. (An Aldi version of this promising a $100 coupon has been circulating recently).
At some point in these scams, victims are asked to participate in a survey where they have to enter some personal information. They answer typical survey questions, but at the end there is no gift card, just an anonymous hacker who now has some valuable personal information.
Again, isn’t the offer here too good to be true? Why would any business give away $100 in merchandise for a few “clicks”?
I’m sure I’ll be publishing another scam alert update in the coming months, but in the meantime, let me forward to you a good quote that used to start every episode of “Hill Street Blues”: Let’s be careful out there.