WWW = Wild West Web

Don’t be quick to click

By Klaus Fuechsel

Hardly a day goes by without checking in a hacked computer at our shop. Many of these clients say, “I don’t know how this could have happened.” It’s easy on the Wild West Web. All it takes is one click on a malicious but perfectly professional looking email to land on a bad website. Or while browsing, you misspell a website name, and react to a threatening screen that pops up. Sadly, in such cases your Antivirus program will probably not take any action at all. After all, you clicked on it. The good news is that so far, your computer system might not be infected or invaded yet, even though the screen screams in bold caps for action: CALL THIS NUMBER FOR HELP!  It might claim they are good guys called Norton, McAfee, Microsoft, Verizon, or Comcast, but it’s really a big lie. 

What are the weapons of these bad guys? Claims designed to feed fear. They scare you into bypassing reason to get you to believe them, without considering the facts. They know how to put utmost urgency into their fraudulent claims, and all too easily, the target fills in the blanks and falls for it. Even if what they are claiming seems plausible, it is only a cleverly created website designed to scare you into calling that number. Some come with an alarm sound in the background to drive you into calling, just to get rid of the noise. Or a voice yells, “You infringed copyright laws by watching illegally downloaded videos!” Or accuses you of pornography. Others display your face as a culprit, streaming via your internal web camera to make it look more authentic. Many employ a convincing piece of personal information, such as your name or an email address, or claim that they recorded you on your device and have proof that they will send to all of your contacts unless you pay the “ransom”! You might waiver with, “I know I didn’t do anything like this, but maybe someone who also uses my computer…” What is the likelihood of the threat being real? Not very likely, I think. It’s often just scareware. But clicking on that link is the first step that opens the door. And if you call that number, BAM. 

The worst bandits on the Wild West Web encrypt your data. For the decryption key, they extort a ransom often measured not in dollars but Bitcoins. Now-a-days half a bitcoin can easily cost $10,000 and it is a hassle to get cryptocurrency. What makes Bitcoins so attractive to bad guys? You can’t ask for your money back like you can with most credit cards. Before Bitcoins, phishers turned to angling for gift cards from grocery or department stores. I recall people waiting impatiently in line at Walmart to get cards worth hundreds of dollars. Thankfully, some store clerks are wise to such schemes and ask customers what they want them for. This has saved some people from wasting their hard-earned money on a scam.

How do scammers find you? There are murky places on the Dark Web where scammers can buy and download lists of numbers, even ones designated as “Easy marks – fell for a scam before”. Some provide databases hacked from accounts from which phishers can extract phone numbers and email addresses. And at least once a month, I read news about a security hack of some mega-company or even a security company that is supposed to keep your data safe.

So, how can you survive encounters with bad guys on the Wild West Web? 

Here are some tips.

1. If a sudden popup seems suspicious, don’t click, but shut down the computer right away, if necessary, by holding the power button. 
2. If you see a strange caller ID on the phone, don’t pick it up.
3. If the supposed “Tech help desk person” asks you to pay a lot of money for their solution, mentions gift cards, or even Bitcoins, hang up and turn off the computer.  
4.   Don’t click on a link or picture or text from an email message or attachment, unless you are expecting one from a trusted source. Email addresses can be stolen or manipulated. If the email address seems misspelled or suspicious in any way, delete or move it to your spam/junk folder.
5. Do not let anyone log into your computer remotely, unless you know them personally.
6. Phone numbers you search/google for on the internet might not connect to the entity or person you want. Often help desk numbers you find at the top of a search are from “a bad cowboy” trying to lure you in. If it’s marked as an Ad, keep scrolling. And remember that big companies such as Microsoft don’t usually want to talk to you on the phone at all; they generally use some kind of chat bot to address your question or complaint.  
7. In case you let a scammer into your computer, contact an IT specialist you know for help. Your system will need a thorough checkup/cleanup. We have seen too many systems that still have malicious remote software installed, which allows scammers continued access to their system and data. 

Just remember, it’s the Wild West Web. Be cautious. Don’t be quick to click. Don’t let the scammers scare you, but shoot back by hanging up and shutting down the computer or mobile device with a firm NO.