Many people have the impression that most computer hacking is the result of superior technical abilities, which, despite your best efforts, let’s an attacker get control of your computer or other device electronic device.
It’s true that hacking involves technical skills, but a great deal of it involves simple people skills, knowledge of how people think and work. How many of you, for example, keep your passwords written down on paper near your PC? How many have it right on your monitor? Many people do because passwords are inconvenient to remember and use, and convenience will usually win over safety. Why, for example, do so many people who know that texting and driving is a bad idea nonetheless go ahead and do it? Convenience wins.
I recall a couple of times when I’ve been working on someone’s computer. After I’ve been working for a bit they ask me if I don’t need their password. “No,” I say. “You have it right here on your monitor. Even though they read it off the monitor regularly, they forget that anyone who sits down at their computer can get into it. Of course, I’m working with permission, but it’s still a surprise.
And thus we get to the various notification scams on computers. You see a popup when you enter a web site and it tells you that you’ve been hacked, caught with something you shouldn’t have, or compromised in some way. To solve this problem you need to call a number. There’s lots of technical language you don’t understand, and it uses the name of a known company, such as Microsoft, Google, or some other major player. They must know!
Alternatively they call you. I’ve had a number of people call me to ask me about these after they received a call. I’ve gotten called myself. The one who called me said he was from Windows Customer Support and that my computer had been hacked. I replied, “You aren’t, it hasn’t, and I’m reporting this call.” Then I hung up. Oh, and I did report the call as a scam.
Let me illustrate this with a legitimate call from my bank. I won’t identify it by name, because it could be anyone. I got a call that some transactions on my account were suspicious. They identified themselves as the bank, but wouldn’t give me any identifying information. They explained that this was because they couldn’t be sure I was Henry Neufeld, so I had to identify myself first. I, of course, explained, that I had no reason to believe they were ______ Bank, as the number they called from was not one of those I had on record for my bank. What I arranged to do was call the toll-free number I had for the bank and ask for the fraud department. When I did so, they admitted their procedure could use some improvement. A year or so later I got another call, and their procedure had, indeed, improved.
The point is that when someone calls you about anything, you need to be sure you’re talking to the person (or someone from the desired organization). Assume someone who calls you and doesn’t properly identify themselves is not on the level. You should know what anti-virus and other security software you have installed on your computer. Can you recognize the logo? Any security message that comes from an unknown source is suspect.
The bottom line is to verify everything. If you’re not sure, wait until you can talk to someone you know and trust to make sure. If you believe your computer has been hacked, shut it down until someone can get together with you to check out the issue.
If you’re one of my clients, call me, or even just text me a picture of the message. I do know what security software you have, and can tell you what’s going on. Several of my clients have received calls such as the ones I described, hung up, and called me.
Here’s a video. I saw this in Walmart. It doesn’t look like it’s about computer scams, but it’s about the basic techniques of scamming. Many, attacks on your computer use new technology, but at root they’re centuries old. Some people are accomplished liars. Some use their voice, some use pen and paper, some use computers.