Raising Tech

64. Resident Exclusive Miniseries- Sophisticated Scams

Charles Mendez-Pineda Season 3 Episode 64

Charles, a Tech@Home technician, discusses the rise and sophistication of tech scams. He covers various types, including phishing and spam emails, IRS letter scams, and the prevalent Microsoft/Windows hoax scam. Charles shares real-life experiences of victims, emphasizing the importance of vigilance and practical tips for avoiding these scams. 

Charles also highlights the dangers of remote access scams and offers advice on securing personal information, using password managers, and the critical importance of verifying information through trusted sources.


Find us online:
Website
Facebook
Instagram
LinkedIn


Hello, I'm Charles. I work for Parasol Alliance in the Tech@Home department. We're going to talk about the scams that I have seen that are more common or have become more sophisticated.

Scams are very prevalent. They've gotten more sophisticated. They range from phishing emails to spam emails. IRS letters, trying to take a little bit of control over your computer with a hoax scam saying that you've got a virus. But they've gotten more and more sophisticated, less typos, less missed information. One of the more prevalent ones and the ones that people come across is the Microsoft/Window scam, which is called a hoax scam.

You'll be searching for a support page or a random question. The link will redirect you to a page that says we've detected a virus, please contact Microsoft support. It'll pop up with a phone number and it'll ask you to contact them.

 Microsoft will never try to reach out to the consumer Themselves, and they will never try and take over your computer just to let you know there's a virus. [00:01:00] Plus with windows threat detection, they tend to pop up on the bottom right side of the screen with anything that has happened.

And if you do call the number for any apparent reason, it's best to just hang up. The way they're talking, the way they're saying stuff, they're trying to scare you, hanging up is the best option. There's no set victim for this. It's pretty much a spray and pray attack where the attackers want to get as many people as they can in this attack and they want to have as many victims without a lot of effort. It will say your computer's locked and it will do a pop up window. Have a voice where it's really loud saying you've been hacked. In this case, it's saying that your Facebook login credentials have been hacked or your credit card information on some of them. They'll provide a technical support number. It'll look legitimate just because it's a 1 800 number, and those tends to be the ones that support uses but this is not something that is a normal use case for people for Microsoft specifically.

Sadly, I had resident where she actually got [00:02:00] scammed. She got a phone call. And they said that her daughter was in trouble. And she went through the effort. I had an appointment with her that same day and she was on the phone with the scammers.

As I knocked on the door she ended up waving me off saying that it's not a good time. It's a family emergency. So I ended up saying, okay, are you sure? I asked her, she's all right. She said, yes, she's fine.

The scammer on the phone told her that I could be one of the people trying to scam her and hack her because they were saying that they were saying that no one could be trusted because they're the real people and they're the ones talking to your daughter.

 The next day she called me over and I found out she got scammed out of almost 10 grand. The worst part about it is that it's not that it was wired out or it was sent through a check. They came and knocked on her porch window and the screen door. She gave it to them in her hand and they went about their way.

It was hard find out the next day that she lost a lot of money. She was scared because they came to her door physically.

 There was [00:03:00] nothing I could do because of how much fear they put into her during the scam. That one's related to more of an AI scam where they were a vishing scam is what they call it, where it's a voice scam and that one's a little bit harder to track.

Vishing scams tend to be done mostly with AI. So AI has been used in a bunch of scams. This is the reason why they're becoming a lot harder to track and to notice the difference. Yes, there's still grammatical errors inside of either vishing or hoax scams or maybe pronunciation with vishing scams.

Because AI is growing at such a rapid pace, it's really hard to tell a difference, especially when you're in a panic that when you're worried about your loved one, it's hard to just to hang up and say, "Yeah, I'm gonna call my actual daughter's phone number and make sure she's all right."

Because you never know. Maybe it's the hospital or maybe it's a family friend that's calling from someone's number or anything like that, but it's 1 of the harder ones to deal with. Scams are becoming harder to detect, harder to deal [00:04:00] with and harder to spot, especially with AI since grammatical errors become a thing of the past when AI has learned pretty much everything in the dictionary and how to write

sentences properly. Also if the attack becomes more targeted, they'll use your actual name. If they figure it out they'll attack actual sites that you use more than ever. 

We recently dealt with a resident.

Luckily enough, he's okay. And the scam that happened was stopped because he was able to pay attention. Basically, his printer had an issue with the new ink that he ordered, so it had caused them to go look for the HP support website.

He ends up talking to a person and the person's claims to be from HP support and he tells them the issue about the printer. The technician on the phone ends up telling him that he wants to remote in to help him download drivers.

 Once he remotes in, he tells the resident that it's a Russian hack. And they're showing that it's still active. 

And luckily enough, he was like, "okay if I'm hacked get out my computer." Then he [00:05:00] cut off the remote session.

He ended up calling me and I came over. I listened to his story and the things that stood out to me that the technician said is that he got hit with a ransomware. Which means that any files or any data on the computer gets locked and it's inaccessible. And I could, I was telling him, I told the resident that I could access all his files.

It doesn't seem like he got hit by ransomware.

Remoting in, there's a couple of ways to do it. The easiest way you'll download an application. A lot of people like using AnyDesk or TeamViewer.

 It will allow the other person to look at your content on your computer. You'll give them access to the desktop to be able to type or move the mouse and they'll be able to have control over it.

The benefit is that you can get family members to help you out with issues if they're across the world. The other benefit is that it allows for technicians like us to actually help you with an issue a little bit more. But the downside is that the person that has access to your computer has complete access to [00:06:00] it.

 If they open up any files they'll be able to see it and they'll be able to take those files and look at them and be able to send anything.

So If you have your browser open with like your email signed in, they'll be able to send emails on your behalf without really having much effort or having to sign in. The reason why it's not recommended is because with that much power on your device, whether you think you have

nothing on your computer or not, you always have some information, like a name, an email, an address, maybe someone else's address, someone else's phone number. Maybe you have a picture of your credit card on your computer for some reason. Basically, you have sensitive information that you don't think that it's very prevalent, but a lot of The scammers and hackers they work off of information as little as just a phone number.

 The best use cases to just not let anyone remote in and have them physically either come over to help you if it's possible or ask someone else for help. But remoting in shouldn't be used by everyone.

 The other [00:07:00] 1 that I had, she ended up calling me the day after it happened and she was trying to deal with some banking issues. The way she explained to me was was that she was dealing with some banking issues late at night.

She ends up trying to find information through a website about how to fix the banking error and it ends up redirecting her and she gets hit with the hoax scam. She calls the number, the person on the line tells her that he's from Microsoft.

She's been hacked. She has a virus and same script. Because she was dealing with a bank issue at the time. She also informed them that she was dealing with a bank issue and she asked them if that has anything related to it. What they did was that they created a 3 way call or a conference call and they.

Looped in the "bank security". So they were saying that they got the bank on the line and this is the secure line and she ended up giving them her account number, her name and her address. And this one, they got more information than actual money.

She ended up calling her bank, freezing her accounts. She said that they took [00:08:00] out $1,500. But what they really took was more information. 

 

 One ending piece of just if it sounds to you to be true, it's too good and you should avoid it as much as possible.

You should never reach out to numbers that you don't know, or aren't 100 percent sure about. When in doubt, don't be scared to ask a family member for help. I know it might sound like you're bothering people, but it is important to reach out to people that you can trust and have a conversation with because I think we've all been scammed at 1 point.

 If you're suspected of being hacked, first step is either turning off the computer or just getting it off the internet. 

 The other thing that would help with not getting scammed and not getting hacked is don't save your passwords in the browser. A password manager is 1 of the best ways to go.

You'll be able to to also keep track of what accounts you have. Because they save the name of the website, and then every account tied to that address. Sign up for LastPass or Dashlane or Bitwarden, which is [00:09:00] free for personal use.

 

People on this episode