Welcome to our Fraud Watch page. Here you will find information on fraud and scams, and how to spot them. We provide links to official websites that show the numerous ways online thieves are trying to steal your money and/or identity, and websites that can help you prevent fraud or coach you if you become a victim.
No matter how careful we think we are, scammers try to get the upper hand. They prey on our fears and anxieties with scare tactics that can hinder our better judgment. They try to trick us with email attachments that install malware on our computer, or send us links to fake web pages that steal our usernames and passwords.
Be wary of emails, SMS texts, letters, and phone calls from individuals and companies you don’t know, or messages that are unexpected. Be especially careful with “important” messages using scare tactics. And, don’t believe any offers for making a quick buck; if it seems too good to be true, it usually is!
Have you encountered a scam recently? Send an image or forward the email to FraudAlert@opcug.ca. If we haven’t already posted something similar, we’ll feature it on this page. In order to protect your privacy, we will remove your identifiers.
Naked Security by Sophos
Phishing tricks that really work – and how to avoid them
Zix 2020 Mid-Year Global Threat Report (10 MB PDF) – An excellent report on the numerous methods used by scammers and fraudsters to steal our money and identity
DHS package delivery notification In these COVID-19 times of abundant online shopping, SOPHOS tells us how to avoid this latest email scam.
Here are some websites that list newer and older scams in circulation:
Canadian Anti-Fraud Centre
Canadian Anti-Fraud Centre (COVID-19 fraud)
10 most costly scams for Canadians in 2018 (with advice from the BBB)
HOW SAFE ARE YOUR PASSWORDS?
If you allow Google Chrome to save your passwords, you can check them at https://passwords.google.com/ and see if any are compromised, duplicates, or weak.
See 9 Rules for creating and safeguarding strong passwords (CNET)
If any of your passwords are on this list, you should change them.
Top100kUsedPasswords (use Ctrl+F to search the list)
Check if your passwords have been pawned:
Check if your email address has been pawned:
SECURING YOUR COMPUTER
If you ever wondered why it’s important to be comfortable with properly managing your password, see the article “How to hack into 5500 accounts… just using “credential stuffing” https://nakedsecurity.sophos.com/2021/06/04/how-to-hack-into-5500-accounts-just-using-credential-stuffing/amp/ as it reviews how the baddies make quick work whenever they get a hold of encrypted password data. There’s a number of examples of why we need to be diligent with our password management, including the author’s below conclusions:
- Don’t re-use passwords.
- Consider a password manager.
- Turn on 2FA if you can.
- Report payment anomalies.
Fraudsters employ Amazon ‘vishing’ attacks in fake order scams. Once again, use Wise Trust (even when you do have an incoming order) to make sure you’re NOT another “spray & pray” victim. Don’t forget to discuss amongst family and friends, so that we protect the community at large.
When a headline says it all, there isn’t much to add, other than to emphasize “NOTHING good comes without a price”. Remember common sense / using Wise Trust (neither of which the student in question used), protects us all.
- Beware of the delayed disconnect phone scam; this is an update to an issue I’ve alerted you about a year or so ago, with further confirmation that the telephone companies are aware but for whatever reason are not able to deal with it (I suspect it has a lot to do with very old (relatively speaking) and expensive to replace equipment that is setup in our neighbourhoods).
- Main Advice; If you get one of those suspicious calls, hang up and wait 10 minutes or longer before using your landline, or you could use your cellphone. (I would add, don’t use the landline, but use your cellphone, or go to your neighbour / family to use their phone.)
- Inside an International Tech-Support Scam; if you like real-life crime stories, read this longer than normal article on how a “white-hat hacker” has identified and turned the tables on the baddies, and was sometimes able to help people before they were victimized. If you want further proof of a baddie’s intentions, just look at the below picture of several individuals mocking a helpless victim.
Bogus email gets you to call fake tech support; this scenario typically involves an innocent / simple email that states you have a free service trial (medical services is used in this example) and to call this number to avoid future charges. The phone call results in the person asking for the subscriber ID (hint, this is the baddies checking you out further), you’re then directed to professional looking site, asking you to fill out a downloadable form, which the same person states you can ignore the warnings from opening the document, and then you’re infected.
LinkedIn – weaponized job offers; this is basically a directed job offer – personalized lure that uses information from your LinkedIn public profile to fool you into believing this is the real deal. Within the email is an attachment (typically a zip file to get past the spam filters) which opens an application form, and then you’re infected.
Facebook 2019 hack results available to all; understanding that there’s a significant chance your user details are freely available (i.e. the importance of unique passwords), I’m encouraging you to check a long time and trusted tool “have i been pwned” which has now been updated with both the email addresses and phone numbers from this Facebook hack (some of the key identifier is only the telephone number).
Apple iPhone – iPAD users; now would be a good time to proceed with the latest update as it provides a fix for a currently active vulnerability that if you happen upon a baddie site or unintentionally click on a bad link (remember to use Wise Trust on any correspondence). As quoted from the following site: “For newer iPhone and iPad users, iOS 14.4.2 is now live and available for download. For older devices like the iPhone 6, iPhone 5s and several discontinued models of iPad, iOS 12.5.2 closes this vulnerability. Apple Watch users will need WatchOS 7.3.3.”.
Woman loses $340K in wire transfer scam — alleges 4 banks did little to stop it. https://www.cbc.ca/amp/1.5917139
Another unfortunate tale, on top of the local Romance scam that was reported last week, with the baddies using multiple means so as to avoid further scrutiny. Please pass on the below graphic to your family / friends so that we can all use Wise trust actions in our lives.