It’s discouraging to find out that one of the characters I use in online gaming has a more active social life than I do. Based on the email he gets, he’s active on Facebook, Whatsapp, Google+, Battlenet, Instagram and even has a bank account with Chase. His photos have taken first place on Picasa, although they seem to keep getting corrupted. As you might guess, most of these are phishing attempts.
I’ve mentioned before the advantage of using multiple email addresses. By using different email addresses for different functions, I can tell if I’m receiving email from friends, family and I can tell who’s selling my address.
To that end, I gave Borok his own email address several years. Making it easy for me, I use that address anytime I have to sign up for a gaming fan site. I’m still fond of him because sooner or later I create a character named Borok in almost every game I play.
His history is not really important except to say when I receive email on that account, I know immediately that it’s a scam. Unfortunately, not all of the scam emails I receive are sent to Borok.
Last month, as an experiment, I saved all the email scams I received. Twenty seven in all, almost one a day. Among these were the normal I’ve won/inherited/have a chance to scam millions of dollars. All I have to do is send my name, age, address, profession and phone number. Some of them just say contact them and they’ll give me all the details on how to collect my millions.
These have become so frequent and outrageous that I find them mildly entertaining. I sincerely hope nobody falls for those anymore but based on the number I get, somebody must be responding.
Being able to see where my responses would go is even more interesting. As expected, most of these emails are from gmail, yahoo and msn accounts but a few look like companies or universities. I wonder if some of these aren’t experiments by psychology classes to see how gullible we are.
Many of the remaining email scams are attempts to infect my computer by opening an attachment or get me to visit a site that will infect my computer. I’ve received emails telling me about court dates, missing packages and cancelled orders. Each of these felt it necessary to put all the information in the attachment. I’ve even received announcements from funeral homes telling me a close friend of mine has died, open the link to see when services will be. NEVER OPEN ATTACHMENTS unless you are expecting them.
Some of you may wonder just how bad can it go. Your system is backed up. There’s nothing on it they would want anyway. That was true until a few years ago when someone came up with the idea of ransomware. Open the wrong attachment or say yes to a pop up and all your data and files get encrypted. This happens to any drive it can find on the system including any backup drives you may have.
You’re right, your stuff is only valuable to you but how much would you pay to get it back? In this case they’ll charge you somewhere between $50 to $500 to give you a numeric key that will decrypt your system. That assumes their site is still active, governments are shutting them down daily, and that the key you get works.
I used to believe the best way to back up a system was to have a spare drive for backups. With the advent of ransomware, offline backup is now highly recommended.
A good antivirus will usually protect you against those, usually. Unfortunately an antivirus will not protect you against phishing.
Take the Chase email for example. It tells me that somebody has accessed my Chase account and I need to reconfirm within 48 hours or they will suspend my account. Fortunately this email came to Borok and I was fairly sure he doesn’t have an account. The email provides a handy link https://chaseonline.chase.com/Public/Reidentify/ReidentifyFiIterView.aspx?LOB=RBGLogon.jsp but the link will actually take you to http://itcf.org.it/wp-includes/js/chase/Login.php, where it will take you to a screen that looks exactly like a Chase login screen and let you login using your Chase account name and password. Once you use your credentials to login, they can use your name and password to transfer money out of your account.
My number two rule, NEVER FOLLOW LINKS. Chase has a strong policy of never providing links for just this reason. If your bank or any one else says they have a problem with your account, ignore any links they send you. Access their site using the address you normally use. If there’s a problem with your account, they will let you know at that point. If they don’t tell you about a problem, rest assured, you just saved all the money in your account.
The remaining few email scams are just trying to get all the details I’m willing to give, name address, age, occupation and so on. Were I to share those details with them, I’m sure the amount of spam I receive would go up tenfold.
My original plan was to post all the actual names involved in these emails but taking the time to review who sent these emails helped explain why there are so many attempts to hack my site. Many of these emails come from legitimate sites that have been hacked. The site from the Chase email, itcf.org.itemail , might have been a legitimate site until it got hacked. I don’t recommend going there to check, it might still be infected.
As a recap,
- Don’t limit yourself to one email address, they’re easy to get and make it far less likely you will open a bad email by accident.
- Never open attachments unless you are absolutely sure where they came from
- Never follow links in an email
- Keep your backups offline
- Never give out personal information unless you are willing to expose yourself to email boxes full of spam
I’ve been fortunate so far, poor Borok will probably never recover his Chase account or his Facebook account. Then again, he never had them in the first place.
© 2014 – 2019, Byron Seastrunk. All rights reserved.