Sooner or later you’ll get an email telling you you’ve won the lottery, ordered something you don’t remember ordering, missed a delivery, are due a tax refund, or that you need to “verify your account”. How do you know if you can trust these emails or not?
The first thing to know is that you can’t trust who the email says it’s from. Here’s a message from my spam folder:
It says it’s from someone called “Track My PPI”, whose email address is firstname.lastname@example.org. Maybe it is, maybe it isn’t, but I can’t tell from the email address that is shown. This is no more reliable than the address written at the top of a paper letter – it’s created by the sender. If they are dishonest, it may well be a lie. Just because it’s “the computer” doesn’t make it true.Continue reading How do I know if an email is genuine?→
Sooner or later everyone gets an email saying you have to “verify your account” and warning of the dire consequences if you don’t. These are always a scam. No-one genuine will ever ask you to verify (or “re-verify”) your account. Sometimes you might have to verify your email address (by click on a link in the email) but you’d never have to verify your account. Here’s a screenshot (left) of a typical “verification” page. It says it’s from Apple, but it’s not.
There are lots of good, useful things you can download from the Internet for free. Unfortunately, there are also a lot of things that will harm your PC, pop-up fake warnings, mess with your search results, and so on.
Usually, bad things on your PC these days aren’t technically viruses, they are trojan horses, worms, adware, key loggers, search hijackers and so on. Generically we call bad things that you don’t want on your PC “malware“.
Most infected users have in fact downloaded the malware themselves, and clicked “OK” on lots of boxes in the process. They do this because the malware installer claims to be something useful (it’s lying). Often people download things that claims to be a Security Scanner, a Registry Cleaner, a Speed Maximiser, a PC Tune-up Manager, a Driver Updater, or a utility that claims to Fix Unreadable Files or Fix Download Problem (or they leave a box ticked that offers a “free download” of something apparently useful. Virtually all of these fake products are downloaded from professional-looking and convincing sites … judging a site by how professional it looks is always unwise. Malware distributors make enough money to be able to afford excellent websites! (Even if these things did what they claimed and didn’t also install malware, they would be pointless. They sound technical and important, but they’re not. For 99 percent of users, registries don’t need cleaning, drivers don’t need updating, and so on.
If your PC is slow, a few simple things you can do yourself will be much more effective that any spurious “PC Tune Up” program.
Another thing to watch out for is where you download legitimate software from. The thing you want (iTunes, VLC, Microsoft Security Essentials, Flash Player) may be legitimate and useful, but are you getting it from the right place? Getting it from the wrong place may mean you download something undesirable as well. Do your research before you download.
And finally, watch out for adverts that look like warnings, and unusual search engines that may look like Google. Don’t trust what they are telling you, especially if they want you to download something.
I’ve recently discovered a little gadget called trueCall. I started looking for something when an elderly relative began getting lots of nuisance phone calls – sometimes ten or more a day. They all seemed to be trying to get money off her in various guises, and most of them seemed downright dishonest.
I see clever trojans and other malware all the time — a considerable part of my work involves removing them from people’s PCs. The “FakeAlert” trojan is especially common: it warns you in various convincing and intrusive ways that “your PC is infected” and offers you a link to download and install a “removal program”. If you install this software it will “find” all sorts of terrifying things which it says are downloading pornography and stealing all your passwords, credit card details, and so on, and offers to remove it … once you have register the removal program for about 50 dollars via your credit card. And it doesn’t find malware which actually is there. The PC becomes increasingly unusable until the fake software is removed, which can be quite tricky (which is why people pay me to do it, of course).
Three customers whose PCs I’ve removed this malware from have subsequently had phone calls from someone who says he’s from something like the “Windows Support Group”, telling them their PC is infected and offering to remotely connect to the PC to remove the infection. All these people were called at home, on numbers they don’t reveal to people. They report that they had assumed the call was from Microsoft, but how did Microsoft know their PC was infected, and how did Microsoft get their phone number?
Presumably the trojan searched the PC for phone numbers in documents and reports it back the the bad guys, who are now calling the numbers. Brazen or what? (With permission, I searched one customer’s PC for their secret phone number and found it in an old CV.) One of the customers had the presence of mind to ask for a number so they could call back — and reported the number to me. So I called it …
“Adam” told me they had offices all round the country, and were one of the largest PC support organisations and had been going for well over ten years. He gave me a website address which I later checked — it had been set up three weeks previously. I asking him if I could drop my PC off, but he said their insurance didn’t allow it, and it wasn’t necessary because they could connect remotely if I co-operated by downloading a program. I asked him how much this service would cost, and he said he couldn’t say, even roughly, until he’s had a look at the infection. I said someone had told me that he’d called them to offer to do this, but how did he know they had an infection? He said it “was reported to us”, but couldn’t or wouldn’t explain further. I asked him where he was, he said he was in London, I asked for the address. It took him a long time to find this, and when I asked him for the nearest (or any) tube station, he didn’t know. He didn’t know what the weather was like in London, either.
The whole thing seemed highly suspicious to me, so if you get a call like this, ask questions!
I’ve had a couple of MSN messages recently which consist simply of a link. On going to the link, I see something like this:
I suspect my MSN friends fell for this scam; once they have told the site their MSN username and password, it can impersonate them and send messages to their friends — me in this case.
Anyone who has fallen for this scam should immediately change their MSN password. See instructions on the MSN website here.
This scam has been around for a long time in different guises. Sometimes it says you have won a prize (typically a free iPod or a free iPhone) and you should type in your username and password to “validate your identity” and claim your prize.
Never type your username and password into a website you don’t know!