FRAUD WATCH

Fraud Watch

Welcome to our Fraud Watch page. Here you will find information on fraud and scams, and how to spot them. We provide links to official websites that show the numerous ways online thieves are trying to steal your money and/or identity, and websites that can help you prevent fraud or coach you if you become a victim.

No matter how careful we think we are, scammers try to get the upper hand. They prey on our fears and anxieties with scare tactics that can hinder our better judgment. They try to trick us with email attachments that install malware on our computer, or send us links to fake web pages that steal our usernames and passwords.

Be wary of emails, SMS texts, letters, and phone calls from individuals and companies you don’t know, or messages that are unexpected. Be especially careful with “important” messages using scare tactics. And, don’t believe any offers for making a quick buck; if it seems too good to be true, it usually is!

Have you encountered a scam recently? Send an image or forward the email to FraudAlert@opcug.ca. If we haven’t already posted something similar, we’ll feature it on this page. In order to protect your privacy, we will remove your identifiers.

ONLINE RESOURCES

How to protect yourself online: 
Canadian Centre for Cyber Security
Get Cyber Safe
CIRA Canadian Shield 

Naked Security by Sophos
Phishing tricks that really work – and how to avoid them

DHS package delivery notification  In these COVID-19 times of abundant online shopping, SOPHOS tells us how to avoid this latest email scam.

Here are some websites that list newer and older scams in circulation: 
Canadian Anti-Fraud Centre
Canadian Anti-Fraud Centre (COVID-19 fraud)
10 most costly scams for Canadians in 2018 (with advice from the BBB)

What to do if you become a victim of fraud:
Canadian Anti-Fraud Centre Report a scam or fraud -Government of Ontario (includes a good list of scam types)

HOW SAFE ARE YOUR PASSWORDS?

If you allow Google Chrome to save your passwords, you can check them at https://passwords.google.com/ and see if any are compromised, duplicates, or weak.
See Rules for creating and safeguarding strong passwords (CNET)

If any of your passwords are on this list, you should change them. 
Top100kUsedPasswords (use Ctrl+F to search the list)

Check if your passwords have been pawned:
https://haveibeenpwned.com/Passwords

Check if your email address has been pawned:
https://haveibeenpwned.com/


SECURING YOUR COMPUTER

The Gibson Research Corporation (GRC)
Check if your computer ports are open to attack. This venerable institution has been around for decades and the service is free. 
Probe your ports: ShieldsUP!!

June 7
If you ever wondered why it’s important to be comfortable with properly managing your password, see the article  “How to hack into 5500 accounts… just using “credential stuffing  https://nakedsecurity.sophos.com/2021/06/04/how-to-hack-into-5500-accounts-just-using-credential-stuffing/amp/  as it reviews how the baddies make quick work whenever they get a hold of encrypted password data.  There’s a number of examples of why we need to be diligent with our password management, including the author’s below conclusions:

  • Don’t re-use passwords. 
  • Consider a password manager. 
  • Turn on 2FA if you can. 
  • Report payment anomalies. 

May 24:
Fraudsters employ Amazon ‘vishing’ attacks in fake order scams. Once again, use Wise Trust (even when you do have an incoming order) to make sure you’re NOT another “spray & pray” victim.  Don’t forget to discuss amongst family and friends, so that we protect the community at large.
https://www.zdnet.com/article/fraudsters-employ-amazon-vishing-attacks-in-fake-order-scams/

May 10
When a headline says it all, there isn’t much to add, other than to emphasize “NOTHING good comes without a price”.  Remember common sense / using Wise Trust (neither of which the student in question used), protects us all.
*   https://www.zdnet.com/article/ryuk-ransomware-finds-foothold-in-bio-research-institute-through-a-student-who-wouldnt-pay-for-software/

April 11

  • Beware of the delayed disconnect phone scam; this is an update to an issue I’ve alerted you about a year or so ago, with further confirmation that the telephone companies are aware but for whatever reason are not able to deal with it (I suspect it has a lot to do with very old (relatively speaking) and expensive to replace equipment that is setup in our neighbourhoods).
  • Inside an International Tech-Support Scam; if you like real-life crime stories, read this longer than normal article on how a “white-hat hacker” has identified and turned the tables on the baddies, and was sometimes able to help people before they were victimized. If you want further proof of a baddie’s intentions, just look at the below picture of several individuals mocking a helpless victim.

April 6

Bogus email gets you to call fake tech support; this scenario typically involves an innocent / simple email that states you have a free service trial (medical services is used in this example) and to call this number to avoid future charges.  The phone call results in the person asking for the subscriber ID (hint, this is the baddies checking you out further), you’re then directed to professional looking site, asking you to fill out a downloadable form, which the same person states you can ignore the warnings from opening the document, and then you’re infected.

LinkedIn – weaponized job offers; this is basically a directed job offer – personalized lure that uses information from your LinkedIn public profile to fool you into believing this is the real deal.  Within the email is an attachment (typically a zip file to get past the spam filters) which opens an application form, and then you’re infected.

Facebook 2019 hack results available to all; understanding that there’s a significant chance your user details are freely available (i.e. the importance of unique passwords), I’m encouraging you to check a long time and trusted tool “have i been pwned” which has now been updated with both the email addresses and phone numbers from this Facebook hack (some of the key identifier is only the telephone number).

Apple iPhone – iPAD users; now would be a good time to proceed with the latest update as it provides a fix for a currently active vulnerability that if you happen upon a baddie site or unintentionally click on a bad link (remember to use Wise Trust on any correspondence).  As quoted from the following site:  “For newer iPhone and iPad users, iOS 14.4.2 is now live and available for download. For older devices like the iPhone 6, iPhone 5s and several discontinued models of iPad, iOS 12.5.2 closes this vulnerability. Apple Watch users will need WatchOS 7.3.3.”.

    FEB 25

Woman loses $340K in wire transfer scam — alleges 4 banks did little to stop it https://www.cbc.ca/amp/1.5917139
Another unfortunate tale, on top of the local Romance scam that was reported last week, with the baddies using multiple means so as to avoid further scrutiny.  Please pass on the below graphic to your family / friends so that we can all use Wise trust actions in our lives.

HOW TO SPOT A SCAM

12 SCAM AVOIDANCE TIPS

by Lawrence Patterson

Social Engineering Red Flags

Reprinted with permision from KnowBe4

Scam Tracking Overview

Submitted by Lawrence Patterson

SCAMS: WHAT HAS CHANGED?

A presentation (PDF) by Lawrence Patterson

SCAMS ENCOUNTERED BY OUR MEMBERS

Another Rogers
E-mail Problem

"Upgrade or be deleted"

Smishing Scam

Imposter Install Now button installs malware on your phone

"DHL-Express" Delivery Scam

Pay for package "on hold"

"Can you do me a favour" scam

Just "catching up". Not really

"SHOPPERS DRUG MART" SCAMS

"We have a surprise"
(it's not a good one!)

E-mail scams with attachments

Malicious code in sheep's clothing

"AIR CANADA" SCAM

"Take our survey"

HOROSCOPE SCAM

"Your stunning horoscope at no charge"

NETFLIX BILLING PROBLEM

Cell phone text scam

INHERITANCE SCAM

Snail mail scam
(If it seems too good to be true, it usually is!)

ROGERS E-MAIL PROBLEM

"You will be blocked"

A COVID-19 scam

Looking for Bitcoin donations