3 More Ways Criminals use influence to steal

Criminals use six basic principles to influence and steal. In the first post we discussed:

  • Reciprocation: Do something nice for a person and they will feel obligated to return the favor.
  • Social Proof: This is the “It’s okay if everyone else does it” approach.
  • Commitment and Consistency: Get someone to verbally or in writing commit to something, and this will increase the chances they’ll follow through.

11DRobert Cialdini is a psychologist who studied influence for nearly 30 years, condensing his findings into six principles. In this post we will discuss 3 more principles of influences that tie it all together and make scammers experts at their craft.

Liking

  • If someone likes you they will more likely comply with you. Get more bees with honey as they say. We do business with those we know, like, and trust. When you see others rate a product high, you are more likely to buy it.
  • The liking could even result from noticing that you have a similar hairstyle or body mannerisms. This is why salespeople are taught to mimic the vocal patterns of their prospects.
  • A similar name, knowing the same people, finding common ground, a similar physical appearance, is all comforting.
  • Scammers do everything they can to appear as a likable trusted source. The scam email looks exactly like your bank because you must like your bank if you trust them with your money, so you click the link. This new person friends you on social and you see they are connected to 25 of your others friends and colleagues. They must be OK right? No.

Authority

  • Coming off with some authority increases one’s ability to influence people. This is why salespeople are taught to speak with downward inflections.
  • To seem more authoritative, wear dark clothing. Police officers and security guards dress in black or dark blue. So do ministers, judges and karate instructors. Attorneys in court, especially during closing arguments, usually wear dark. Imagine a cop in pink. Or SWAT in lavender.
  • But authority can also be white (doctor’s lab coat, nurse’s uniform). The bottom line is that when people perceive authority, they tend to comply.
  • This concept greatly pertains to social aggression: A man harassing a woman will usually back off if she suddenly squares up her shoulders, stares hard at him and speaks in a deep, primal voice, “Get out of my way, or else!” Dog are more effectively trained when the trainer uses a deeper voice.
  • Scammers pose as the government, law enforcement, the IRS, bill collectors, the security department from your credit card company, HR, accounting and more. Anytime an authoritive figure contacts you, be suspect.

Scarcity

  • Scarcity of an item makes it more appealing. Antique cars and rare old coins are worth more because there are few of them and a lot of people who want them.
  • This concept is used by marketers all the time. Ever hear “will soon be discontinued”? You suddenly buy a dozen of the product, even though you’ve hardly purchased it before. Ever hear “limited offer” and “but if you act now…”?
  • When there is a big storm/hurricane coming, people clear the shelves at the supermarket in fear they will not eat or drink.
  • Scammers understand scarcity is also associated with loss. They use the same principle when they tell you in a pop up if you don’t fix this, or in an email if you don’t act now, or over the phone if you don’t give up your username and password all your data/money etc will be gone, you won’t get paid next week etc. It’s limitless how they use scarcity.

I’ve said this before. Don’t be cattle. Don’t act like sheep. Most of the world functions based on the honor system. As long as everyone is honest, everything works seamlessly. The honor system is designed with the mindset that we are all sheep and there are no wolves. We know there are plenty of wolves.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Beware every time the Phone rings

Don’t assume you’ll never be targeted by phone scammers just because you don’t have a cell phone; they continue to feast on landline users, especially those over 50.

9D“This is the IRS…”

  • Drill this into your head: The IRS never calls to collect back taxes. NEVER.
  • A common ploy is to threaten that the listener will go to prison if they don’t pay up immediately.
  • If you really do owe taxes, the IRS will contact you alright—but via snail mail, not a phone call, text or e-mail.
  • Scam calls may also sound professional with no threats, and may be a pre-recorded woman’s voice.
  • Scammers can make the caller ID show “IRS.”

Charities and Fundraisers

  • A call comes from the fraudster, claiming he represents a charity and wants your donation. The con artist may even say he’s with the local police department.
  • Want to help mankind? Hang up on the caller and give to a reputable foundation or give out homemade sack lunches to the homeless.
  • Go online and search the organization in question to verify they’re legit.
  • If the call has an automated message, hang up immediately.
  • A legitimate organization will not request your Social Security number or personal financial information.

“You’ve won a prize!”

  • No, you haven’t. These are scams; hang up.

Tech support never calls you…

  • You must call them first. So if you get a call from “tech support” asking for personal information, it’s a scam. Geek squads don’t just up and call people.
  • A call about installing an update is a scam.
  • Scammers can make the caller ID show “Microsoft.”

“Hi Grandma, it’s your favorite grandson!”

  • If relatives call asking for money, hang up and call them to verify that said caller is really your relative.

Avoiding Scam Calls

  • Must you answer the phone every time it rings? It’s perfectly legal to ignore a ringing phone.
  • If your phone has caller block, input numbers from suspected scammers. Next time they call, there’ll be barely one ring, then the caller will be blocked.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

Hacking Humans: How Cybercriminals Trick Their Victims

Intel Security has compiled a list of the top ways cybercriminals play with the minds of their targeted victims. And the chief way that the cybercriminals do this is via phishing scams—that are designed to take your money.

11DThe fact that two-thirds of all the emails out there on this planet are phishy tells me that there’s a heck of a lot of people out there who are easily duped into giving over their money. I’m riled because many of these emails (we all get them) scream “SCAM!” because their subject lines are so ridiculous, not to mention the story of some befallen prince that’s in the message

I bet there’s a dozen phishing emails sitting in your junk folder right now. Unfortunately, a lot of these scam emails find their way into your inbox as well.

McAfee Labs™ has declared that there’s over 30 million URLS that may be of a malicious nature. Malicious websites are often associated with scammy emails—the email message lures you into clicking on a link to the phony website.

Clicking on the link may download a virus, or, it may take you to a phony website that’s made to look legitimate. And then on this phony site, you input sensitive information like your credit card number and password because you think the site really IS your bank’s site, or some other service that you have an account with.

6 ways hackers get inside your head:

  1. Threatening you to comply…or else. The “else” often being deactivation of their account (which the scammer has no idea you have, but he sent out so many emails with this threat that he knows that the law of numbers means he’ll snare some of you in his trap).
  2. Getting you to agree to do something because the hacker knows that in general, most people want to live up to their word. That “something,” of course, is some kind of computer task that will compromise security—totally unknown to you, of course.
  3. Pretending to be someone in authority. This could be the company CEO, the IRS or the manager of your bank.
  4. Providing you with something so that you feel obligated to return the favor.
  5. “If everyone else does it, it’s okay.” Hackers apply this concept by making a phishing email appear that it’s gone out to other people in the your circle of friends or acquaintances.
  6. Playing on your emotions to get you to like the crook. A skilled fraudster will use wit and charm, information from your social profiles, or even a phony picture he took off of a photo gallery of professional models to win your trust.

In order to preventing human hacking via phishing scams, you need to be aware of them. Aware of the scams, ruses, motivations and then simply hit delete. Whenever in doubt, pick up the phone and call the sender to confirm the email is legit.

Robert Siciliano is an Online Safety Expert to Intel Security. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! Disclosures.

Beware of Home Security Scams

Will the home security scams ever stop? The latest scam has fraudsters going door to door, posing as sales reps for “Trio Alarm.” They first make sure that the houses they visit already have a security system (e.g., security decals on windows), then tell the occupant that the company for that security system has gone belly up. (Yeah, right, ADT has gone belly up!)

1SBut there’s one born every minute, right? The scammer tries to get the resident to sign a five year contract for “Trio Alarm.”

The alleged Trio Alarm company doesn’t even have a business license in the city of Huntington, West Virginia, where these scams have been occurring. There really is a Trio Alarm company, but it’s not known if the scammers are associated with them.

At any rate, if someone shows up at your door and says your alarm company has gone under, are you really naïve enough to take their word for it and sign a five year contract on the spot, rather than simply thanking that person, taking their business card, closing (and locking) the door, and then calling your alarm company to verify what you just learned?

Contact the attorney general’s office if you feel that a sales rep at your door was a con artist. And though Trio Alarm really exists, their D-minus rating with the BBB also exists.

Preventing Home Security Scams

  • If you have a home security system, and you receive a call from someone claiming to be from that company, requesting personal information for an update or whatever…don’t give out this information; tell them you’ll call back. Then call the company to see if the call was a scam.
  • Beware of the door-to-door home security “sales rep.” If you don’t have an alarm system and tell them “no thank you,” and they leave…that might not be the end of them; they may break into your home in the future, knowing you lack a security system.
  • Never give out any private information to anyone at your door! A company that really needs this information won’t send someone out in person to ring your doorbell to get it. And really, no company needs this information.
  • You’ll be a lot safer in life if you worry more about you and your family’s safety than hurting the feelings of a stranger at the front door. If the “sales rep” is persistent, including insisting he come inside because it’s hot out, or he needs to show you some papers, etc., do not give in! SAY NO, and do it through the door, don’t even open the door. If he’s legit, he’ll forget about your “rudeness” by the time he gets to the next doorbell!

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

Most Toxic Superhero 2014

It’s a bird! It’s a plane! It’s Superman! Yes, this superhero might be the epitome of courage, justice, and strength, but he might also be the biggest threat to you online.

We’ve entered a new age of superheroes. No longer are they just pictures in a comic book. They are now accessible on computers, game console devices, and mobile devices. Superheroes like Captain America, Thor, and Spiderman star on the silver screen. The Green Arrow and The Flash have their own television shows. Videos like Batkid and the Spiderman dad went viral on YouTube (and consequently, melted our hearts).

This is great news to comic publishers like Marvel and DC Comics. Unfortunately, it’s also good news to hackers and scammers too. Cybercriminals know that search engines (like Google, Yahoo! and Bing) can also be used for criminal means. Therefore, they use popular search terms to draw victims in like celebrity gossip, holidays, viral hits, and…you guessed it…superheroes.

McAfee just released a study on the Most Toxic Superheroes that analyzed what superhero search led to the most risky websites using McAfee® SiteAdvisor® site ratings. And the Man of Steel topped the list. The study determined that searching “Superman,” “Superman and free torrent download,” “Superman and watch,” “Superman and free app,” and “Superman and online,” yields a 16.5% chance of landing on a website that has tested positive for online threats, such as spyware, adware, spam, phishing, viruses and other malware.

This year the Most Toxic Superheroes are:

superhero

Here are some things you can do to protect yourself:

  • Be suspicious: If a search turns up a link to free content or too-good-to-be-true offers, be wary
  • Double-check the web address: Look for misspellings or other clues that the site you are going to may not be safe (for more on this, read my blog on typosquatting)
  • Search safely: Use a web safety advisor, such as McAfee SiteAdvisor that displays a red, yellow, or green ratings in search results, alerting you to potential risky sites before you click on them
  • Protect yourself: Use comprehensive security software on all your devices, like McAfee LiveSafe™ service, to protect yourself against the latest threats

Want to know more? Join the discussion on Twitter using hashtag #toxicsuperhero.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

Beware of the Green Dot scam

Scammers are at it again, this time with green dot cards: a pre-paid debit card available at stores. It can work like this:

9DLet’s say you run a small business. You’re out and about, then return to find an employee informing you that the electric company called about an unpaid bill. So you return the call. The person on the other end says you need to pay that electric bill of (fill in the blank) dollars. The stranger on the other end says you can get a green dot card from, say, Walmart, and that you can give that person the number within the next 20 minutes.

Otherwise, the electricity in your business will be shut off. Your business depends on electricity; you have customers; you don’t have time to really think about what just happened over the phone; so you hurry out to Walmart and get that green dot card, call the stranger back and give him the number.

You just got scammed!

There are more and more cases mounting like this, with the scammers tricking victims with an assortment of tall tales, convincing them to obtain the green dot cards. This scam is difficult to trace back to the thief.

Take time to reflect upon a situation before rushing out to do something that involves your money. No legitimate business like a utility company will ever request that you go out and get a prepaid card and then give them the card’s number, especially within the constraints of a very short time period. If it smells fishy, it IS fishy.

The scammers use stories to charge up the victim’s emotions, because they know that people don’t think logically when under the duress of emotions (e.g., fear of electricity shutting down in their shop).

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

Scammers Use Craigslist to steal identities

I have a growing family. Camping is on my list of family events. The wife isn’t crazy about tents. So I went on Craigslist looking for a second hand camper. I found a $15,000 camper for $2200.00. A pretty good deal to say the least. This ad actually gave me chills it exited me so much. So I sent an email. This is what happend:

9DSeller: “Thank you for contacting me about my 2005 Jayco Jay Feather LGT 25Z that I have for sale. This camper is in great shape, has no damage, no scratches or dents, no hidden defects. It is in immaculate condition, meticulously maintained and hasn’t been involved in any accidents…I do have the title, clear, under my name. Non-smoker.”

My husband and I divorced last month, after the divorce I was awarded with the camper, I don’t need it as i don’t own a drivers license and that’s why I’m selling it so cheap. I also got a new job and moved to another city, and many other things have priority now, so, this camper has to go. The total price is $2,200.00.”

Honestly, this story sounds reasonable. And my response was:

Me: “Sorry to hear, what town are you in”

Seller: “As I told you in my first email, I’m divorced, I got a new job and moved to Chicago. The camper is now at the shipping company warehouse in Chicago sealed, ready to ship. I have setup this sale with Google Wallet so this deal must go through them. I also asked Google Wallet to allow viewers to go there and inspect the camper but their reply was “We are not a showroom!” In this case, I will offer a 5-day period to inspect the camper from the moment you receive it. You’ll have 5 days to inspect, test the camper before decided to keep it or not. The final price for the camper is $2,200.00 with shipping included, it will not take more than 2-3 days for the camper to arrive at your address.”

I want to mention that the camper was inspected by the shipping mechanics and fulfills the standards from all the 50 states so it wouldn’t be a problem for you to register. You will receive the camper along with all the documents including title, bill of sale, full service records and more. If the camper is not like I described, you’ll ship it back on my expense and they will give you a full refund. Google Wallet will hold the funds until you receive the camper with all the papers work. Only after you confirm them that you wanna keep the camper they will release me the funds. In this way, you will be able to inspect the camper before committing to buy it. If you agree with these terms and you have the money, send me your complete name, delivery address and phone number to register you as my buyer. And also you’ll receive all the transaction details from Google Wallet (terms, buyer protection coverage, payment instructions, invoice for the purchase). Let me know!

Dang, this is an escrow scam. Google Wallet doesn’t hold money in escrow. No camping for you! I saw it after 2 communications. Which frankly, isn’t bad. I don’t see how I could have seen it quicker. But this is a perfect example of how these scams happen. Stay on your toes people.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

FTC: Tech Support Scams are baaaaack!

They’re back, and they’re scarier than fangy blood sucking ghosts: tech support scammers. They want to suck you dry of your last penny.

9DA tech support scam may go as follows: You receive a call from someone informing you that your computer is infected with a really bad virus and needs prompt attention. The crook tells you he needs remote access to your computer, then proceeds to “fix” a problem that never existed, and you get charged a fee for it. Worse, when they are logged into your device, they install spyware so they can see everything you do on the PC all day long.

There’s a new type of this scam out now, where you get a call and they tell you you’ll get a refund if you’ve previously paid for tech support services. This scam has several variations, but here is the way it unfolds:

  • They ask if you were happy with the service. If you say no, they’ll then claim they can get your money back.
  • Another claim is that the company is going belly up, and as a result, they’re giving out refunds to individuals who already paid.
  • When enough of these phone calls are made, a certain percentage of the recipients will respond exactly the way the fraudsters want them to: The victims will give out their credit card number or bank account information after being told that this is necessary to process the refund.
  • The scammer may tell you to create a Western Union account in order to receive the refund. Gee, they may even offer to assist you in filling out the forms (how nice of them!) if you hand over remote access to your computer. But they won’t be putting money in your account; they’ll be taking money from it.

Solutions

  • Get a complaint filed at ftc.gov/complaint.
  • If you used a credit card, contact your credit card company and request that they reverse the charge.
  • Hang up on anyone who offers a refund if you provide your credit card or bank information or Western Union account number.
  • Better yet, why bother even answering a call in the first place if you don’t recognize the caller’s number? And if the caller’s number appears to be from “your” bank or credit card company or from Microsoft or anyone you alredy know and trust, still don’t answer; if it’s legitimate, they’ll leave a message. Even still, don’t call back the number they give you. If they leave a message, contact the institution via the number that’s on your statements to find out if the caller was legitimate.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

How to Prevent Door to Door Scams

A close friend called to tell me a man knocked on her door to sell her on repaving her driveway. In the process, he requested she invite him in to discuss it further and go over different options. The man was persistent and if my friend was anyone else, he may have gotten in. However, she is savvier than that and reminded him that her German Shepherd would not appreciate anyone coming in the house.

Call them con men, grifters, scammers, or thieves. Or simply call them liars. Lying is what they do best. Face to face, via email or over the phone they lie through their teeth. They do it casually and with such conviction that we have no reason not to believe them.

These people will stand in your doorway and, in some cases, keep you talking until you buy something or persist till they get into your home. Remember, whatever you tell them can be used against you.

For example, if they act as a home alarm salesman and find out you don’t have an alarm, they may break into your house. If you tell them who your home alarm is with, they may call you at a later date posing as that alarm company and request “updated credit card numbers”.

This “request” is best resolved by not answering any questions at all, or telling the person at the front door (while you speak to them through the locked door) you are not interested. No matter what, never give them Social Security or credit card numbers, or tell them whether or not you have a home alarm.

The key is to stop being so nice and SAY NO as quickly as possible and always do it through a locked door.

Robert Siciliano personal security expert to Home Security Source discussing scammers and thieves on The Big Idea with Donnie Deutsch.

Are You Protected From Zeus?

In Greek mythology, Zeus is the father of all gods and men. Today in the tech world, Zeus is the father of all computer viruses. The Zeus Trojan virus, which has been around since 2007, has been described as one of the most powerful, sophisticated, and evasive viruses ever. Many antivirus programs have had difficulty defeating it. Experts believe that millions of computers may have the virus without users having noticed.

Zeus behaves like many other viruses in that it may lure the PC user into clicking an infected link in the body of an email, then instantly downloads the virus, which quietly installs itself in the background. Sometimes that link may point to an infected website, which injects the virus in the form of a “drive-by download.” Once Zeus has been installed, it works as spyware, recording keystrokes as the user types.

Last month, the FBI broke up a hacking ring that had used the Zeus virus to steal more than $70 million. More than 100 people were charged or detained, including code writers in the Ukraine and “mule-network operators” throughout the United States, the United Kingdom, and Ukraine. The ring primarily targeted U.S. bank accounts, as well as some in the U.K., the Netherlands, and Mexico.

Zeus is designed to steal bank account login credentials. It has traditionally targeted PCs, but has now been updated to attack cell phones as well, with one version of the malware apparently “intercepting SMS confirmations sent by banks to customers, and defeating the fund transfer authorization codes.”

Protect yourself from this and other viruses by running free operating system updates from Microsoft. Click “Start,” then “All Programs,” and then scroll up the menu and select “Windows Update” or “Microsoft Update.”

You should also install antivirus software. Most PCs come bundled with antivirus software that is free for the first year or six months. Just renew the license whenever it expires. Most antivirus software categorizes spyware as a virus now, but it’s also a good idea to run a spyware removal program daily. You should also install a firewall. Microsoft’s operating system has one built in, but it is not sufficient. Use a third party firewall that comes prepackaged with antivirus software.

And don’t be a fool. Scammers consider you, the target, “simple minded.” They’ll use 1001 different techniques to trick you into divulging your data. They attempt to gain your trust by lying, sending misleading emails, or planting pop-up ads that try to convince you to download software for your own protection. Just hit delete.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto, discusses phishing on NBC Boston. (Disclosures)