You are currently browsing the The Revelator weblog archives for the day 19. December 2007.
19. December 2007 by Revelator.
Time for another guest entry. The author is Kirk Dunaway; killer OPSEC trainer, bonafide IT professional, one of those shirt-off-his-back all-around good guys and someone I am proud to call friend. Kirk will grace this page from time to time with his insight into OPSEC and the Web. Enjoy…
Figure you’re smarter than the average Third World teenager? Of course you are! Why then are they so successful at ripping us off? Forget about the “send me money and I’ll send you a check” scam. If you are still falling for that one, perhaps you should just unplug your computer and weld it into modern art.
Put a classified ad online or in a newspaper? Get ready for the “please let me know what condition it is in - do you accept cashiers checks” scam. You’ll get a bogus check; send off your stuff, then get the privilege of paying the bank back for the bad check. Fun stuff, eh?
Your email is an open door into your attention span. And if you share email at home, your spouse or kids can (and will) receive and reply before you have a chance to filter.
Get emails saying your credit card is suspended? What the?!? Well, you’ve just gotta click that link and send your account info to get that fixed. I mean, this is a no-brainer - right? Or maybe you got an email saying that your account may have been exposed and your identity may have been stolen. How the ?!? Shaking from the thought of it you follow the instructions, faxing personal and account information to the phone number listed. And wasn’t it nice of them to include instructions on what to do in case your identity gets stolen? How thoughtful.
In either case, you just gave away the farm. NO financial company will EVER ask you for your account number, PIN number, etc from you. If you do have an account there - they already know! Try this next time; hover your mouse over a link in an email and look at where it goes (at the bottom of the window) but NEVER CLICK IT!!! And never call a number listed in the email! Just open a new browser window and go directly to that institution. Usually the first thing you’ll see is a warning about the scam email you just got. At the very least get the good phone number to call from the “real” website.
And please, please, please, teach this to your spouse, kids, parents, aunts, uncles, cousins, neighbors and furnace repairmen. The less successful these scams are the less we will be bothered by them.
Aloha,
Kirk out