If you missed it: Evidently, a bunch of folks, largely in Europe,
got tricked by an email offering free Microsoft points by going to a
fake website and disclosing their credit card information. The cost to
each person is estimated to be between $150 and $400. So, how can people
be so stupid? Actually, what you should be asking is: How can you make
sure you don’t make the same embarrassing mistake?
Phishing scams work on three principles: Greed, convincing you that
the attacker can be trusted, and our tendency to have tunnel vision when
we see something we want. Anyone can be tricked, my own Xbox live
account was compromised after someone phished the Xbox support site and
got them to reset my password so they could get access. Apparently, I
permanently lost my original gamer tag.
Red Flags
The first step in protecting yourself is to set up red flags that
trigger you to stop and think about what you are doing. The first red
flag is when someone contacts you rather than you contacting them
through email or a phone call (before there was the internet phones were
used to get this information). Immediately consider when you get an
email or call from a service, your bank, or vendor that they may not be
who they say they are.
The second red flag is if they ask for your unique ID, as they should
know it – given they are calling you. But even if they have IDs, you
should remember that this is, often, public information. it doesn’t mean
they actually are who they say they are either.
The third red flag is any unique personal information like birthdate,
mother’s maiden name, or the last 3 digits of your social. They may
need these to identify you, but at this point you should consider
taking down their number, verifying that this number actually goes to
them, and calling them back. If you don’t verify the number, anyone can
answer the phone and say they are someone else.
Any credit card information requested in its entirety should cause
you to immediately stop and reconsider the call. They should already
have your credit card information and there should be no reason for them
to ask for it again, unless this is a subscription renewal call and the
card they have is out of date. Personally, I recommend going to the
subscription web site (from your bookmarks and not clicking on a link in
an email) and putting that information in personally and never giving
it over the phone.
Finally, and the biggest red flag of all, is anyone asking for your
password. If they are who they say they are ,they don’t need to log into
your account to get anything done. They have administrator’s access and
even asking for your password should violate their own policies and
open them to liability. There is no legitimate reason for them to ask
for your password, none. Hang up the phone and then call up the vendor
and report that you may have been attacked.
Don’t Be Stupid
One final warning about all scams, they depend heavily on your own
dishonesty. Often we’ll see a deal that looks too good to be true and
we’ll go for it like a starving dog that sees a raw hamburger. The other
day I saw an ad for a motorcycle that was priced at about 25% of its
market value and I damn near had to sit on my own hands before my brain
kicked in and noticed the guy was using a generic email address and had
misrepresented what city he was in. I am positive it was a scam, but I
got “great deal blindness”.
If something sounds too good to be true, bet that it is and rather
than thinking you are taking advantage of some idiot, consider that they
are betting you are the idiot. Here is another thought: If they really
are stupid and sell something so cheap, why hasn’t someone else bought
it? Consider what they’ll do if you do, in effect, cheat them?
Sometimes the aggravation really isn’t worth taking advantage of others,
particularly when there is a good chance they are taking advantage of
you.
Anyone can be cheated; the trick is to assure you aren’t the target.
Rob Enderle in Business on November 23
No comments:
Post a Comment