Welcome to our Fraud Watch page. Here you will find information on fraud and scams, and how to spot them. We provide links to official websites that show the numerous ways online thieves are trying to steal your money and/or identity, and websites that can help you prevent fraud or coach you if you become a victim.
No matter how careful we think we are, scammers try to get the upper hand. They prey on our fears and anxieties with scare tactics that can hinder our better judgment. They try to trick us with email attachments that install malware on our computer, or send us links to fake web pages that steal our usernames and passwords.
Be wary of emails, SMS texts, letters, and phone calls from individuals and companies you don’t know, or messages that are unexpected. Be especially careful with “important” messages using scare tactics. And, don’t believe any offers for making a quick buck; if it seems too good to be true, it usually is!
Have you encountered a scam recently? Send an image or forward the email to FraudAlert@opcug.ca. If we haven’t already posted something similar, we’ll feature it on this page. In order to protect your privacy, we will remove your personal identifiers.
DHS package delivery notification In these COVID-19 times of abundant online shopping, SOPHOS tells us how to avoid this latest email scam.
Here are some websites that list newer and older scams in circulation:
Canadian Anti-Fraud Centre
Canadian Anti-Fraud Centre (COVID-19 fraud)
10 most costly scams for Canadians in 2018 (with advice from the BBB)
How to protect yourself when banking online:
Government of Canada
HOW SAFE ARE YOUR PASSWORDS?
If you allow Google Chrome to save your passwords, you can check them at https://passwords.google.com/ and see if any are compromised, duplicates, or weak.
See 9 Rules for creating and safeguarding strong passwords (CNET)
If any of your passwords are on this list, you should change them.
Top100kUsedPasswords (use Ctrl+F to search the list)
Check if your passwords have been pawned:
Check if your email address has been pawned:
BADDIE UPDATES (by Lawrence Patterson, OPCUG)
Received a message stating the baddie knows your password?
Given the multitude of hacks on big firms (yahoo being one infamous example) it is likely that at least one of your email addresses along with a password is known to the baddie community (see https://haveibeenpwned.com/ to confirm) and such it shouldn’t be considered unusual to get a extortion message (sometimes with very personal like details) with the baddie stating they have proof your laptop is being actively monitored by showing they have a known email / password. If you or a family / friend receive one of these “Demand for Action” type message, stop, use Wise Trust, and reach out to your techy support to discuss further.
See the following link for further details, with emphasis on the following three steps:
- “Don’t Panic”, as it is most likely an automated message trying to lure you in;
- “Change that password wherever you have used it”, assuming you haven’t done so already;
- “Report It”, especially if you’re a victim (Note: Reporting it, should include passing it on to friends, family and your technical support people.)
Phishing, Pharming, Vishing, Smishing and CONSENT
Wanted to go over the various methods of either obtaining your password or gaining CONSENT as you may use Facebook / Google / Microsoft account to access other vendors:
- Phishing; using email to fraudulently obtain personal information (for example, verifying Date of Birth) or lure you to another website;
- Pharming; managing to make changes to your browser that has you redirected to other, sometimes look alike, web sites that ask for personal information;
- Vishing / Smishing; using your mobile device (voice or text) that either gains your trust or threatens you to obtain information or money;
- Note, two authority scams were perpetuated in Canada recently, causing the victims to lose $10k & $2k of their hard savings.
- CONSENT; not all scams are direct, some utilize websites or apps in which it asks you to setup a login by using a Facebook / Google / Microsoft (Parent) account and thereby gains permissions to further infiltrate that Parent account and take it over.
Though this article is a bit dated (you now check the padlock to the left of the web address) it reiterates what to look for and use Wise Trust wherever possible to protect yourself. Remember to pass the word to family and friends.
And another reason for getting the word out to as many people as possible is to warn them of scams. The following 3 sentences say it all:
“At the story’s end, she cried bitter tears, absolutely inconsolable at what she’d done — sending $10,000 to fraudsters posing as the police. It was her life savings as a cleaner in Canada and the scam left her with 33 cents in her chequing account. Within about an hour Monday, it was all gone.“
As we celebrate Canada Day, find time to discuss with Family and Friends that any Covid-19 app tracing you decide to participate in, comes from official government websites. Note it may not be easy to distinguish between a government sponsored posting versus a baddie, so please discuss / share official links and avoid any social posting that demands action or looks odd.
Pretexting – Tailgating; when talking to family and friends about their security discuss the terms Pretexting (the attacker pretending to be an authority or authorized person) & Tailgating (following someone through an opened locked door, pretending to be delivery or repair person). Either of these techniques depends on someone using “Blind Trust” to gain unauthorized access and making you the victim. See https://www.csoonline.com/article/3546299/what-is-pretexting-definition-examples-and-prevention.html for further examples (it includes an interesting corporate / legal story).
Biases in Perceptions; came across this article, and though written from an IT risk perspective, I felt Georgia Crossland PhD researcher’s lessons are shareable to us all as they cover off the following normal human thoughts:
- Optimism bias; the impression that we have this under control and not questioning our actions before they’re too late;
- Fatalistic thinking; can’t do anything about it so why bother to make the effort to protect ourselves or our family / friends.
For those of us who are parents, custodians or bearers of advice, you always wonder how many times you can repeat yourself (for parents, saying “No” seems to be a favourite pastime) and such I’m always interested in finding different ways of increasing awareness of how to avoid being scammed. Came across the following article, which in a nutshell reinforces that we all make mistakes (even the author) and such puts a new perspective on being aware. When you have a chance, check out https://www.infosecurity-magazine.com/blogs/click-here-falls-scams/. I have the following points for you to keep in mind when discussing with family and friends:
- Some scams are intentionally badly written, so that they can identify gullible people (i.e. this is part of their strategy to fully wring out all available funds from a victim);
- These are desperate times for a number of our associates and that desperation can lead to Blind Trust decisions that put them further into the hole (be there to support / guide them to use Wise Trust, regardless on how bad things might be);
- A direct quote to be aware of for all of us: “The trick (from the scammers’ perspective) is to make the scam at least as convincing (if not more so) than the legitimate actions or transactions we make every day.”.
Once again encouraging you to talk to families and friends about Wise Trust actions, be aware of Covid-19 (or whatever is the news of the day) imitation sites with the purpose of doing harm by harvesting data / pushing out malware and you need to avoid clicking on text / email links that are being spammed out to you. See https://www.zdnet.com/article/crooks-are-using-realistic-looking-webpage-templates-to-trick-you-into-handing-over-personal-data/ for further details.you
Wanted to share recent news headlines that once again emphasizes that we in the community need to do more to spread the word on Wise Trust / proper password hygiene as the baddies have proven to be inhumanly mean if you don’t:
“Over 500,000 Zoom accounts sold on hackers forums”, a recent investigation has shown that users are using the same account credentials (email / password) that have been previously been harvested, some from many years ago, and the baddies are using these same credentials to get hits on Zoom accounts and confirming they still work.
Take away; Use password phrasing or Password Manager to have unique logins for all of your accounts.
- Keep your personal details on “public” Social Media posts to a minimum as the baddies are reading those same posts and are on the lookout for victims.
The FBI’s Charlotte office released an alert describing how scammers can use personal information on social media to break into online accounts. As people are confined to their homes, many have been drawn to social media where they’re encouraged to share information about themselves, like their pets’ names, the types of cars they’ve owned, and their mothers’ maiden names.
Many of these games are innocent, but they’re also goldmines for criminals seeking answers to account security questions. Even if you haven’t used personal information for security questions, sharing excessive information about yourself can allow attackers to craft targeted social engineering attacks against you.
A couple of new baddie techniques to be aware of:
Website browsing in what you consider to be safe sites, doesn’t mean a baddie doesn’t have a trap waiting for you (similar to walking a downtown street and being pickpocket). See the following document for an example of a Fake Security Certificate, that tries to convince you to download a current certificate. Certificates are handled by the website owner, not by you. Close the browser immediately when you encounter this and avoid wherever you were browsing previously;
Baddies are using OneNote file attachments as another way of loading malware on to your computer. Regardless of the attachment, use Wise Trust to think before opening, and if not sure, delete the email.