Blog / WHO’S AT THE DOOR? – CRA Scammers Reportedly SCAM a Vancouver Woman for $6,000, by Paying Her a Visit.
There has been a lot of SCAMMER news lately. The boldest was the report of a 58-year-old Vancouver woman who was arrested by FAKE RCMP officers and forced to withdraw $6,000 from her bank, in order to pay a fictitious Canada Revenue Agency (CRA) outstanding tax balance. Well, it turns out the report was PARTIALLY fake, as the woman was scammed out of $6,000 in a traditional CRA phone SCAM, but was NOT approached by FAKE RCMP officers. It turns out she was embellishing the story. It’s hard to know what – or who – to believe these days.
We’ve come across two more credible Email Scams lately. They’re called Phishing Scams. One was noticed by one of our Techs, Ryan Barnes, who said the latest Emails had a genuine Microsoft look and feel to it. Embedded in the Email was a realistic Microsoft login screen. Normally, this would re-direct you to the login.microsoftonline.com website, but in this case, it directed the user to login.micrisoft.cat. Here is the sophisticated part: once you entered your user name and password, the bogus site re-directed you to the legitimate Microsoft site, so everything appeared to work normally and the end-user never suspected a thing. Of course, the Scammers captured the legitimate Microsoft account credentials, meaning they had access to the victim’s OneDrive (Microsoft Cloud) documents, account settings, payment information – and all of the rest.
I received one this morning from Netflix. It wanted me to update my payment information, as they were having trouble billing the monthly subscription. This one was obviously FAKE; when I hovered over the hyperlink, the URL took me to a SCAMMER website, designed to capture user name and passwords. I deleted it.
By now, most of us are becoming hyper-sensitive to these Social Engineering attacks. I just received an Email from Canada Post alerting me to a pending shipment. I was very suspicious and was about to delete it, when I caught the name of the Shipper – it was from someone whom I had ordered a product from some time ago. It turns out he finally had the item in stock and was going to send it to me. I might have missed this important tracking information.
A lot has been written about Email Scams and we’ve been taught to treat everything with suspicion. However, two things are going to work against us:
The Scammers are becoming much more sophisticated – in very subtle ways. The look and feel of the FAKE Emails is more realistic, and they have started to engineer the Technology so that we don’t know we’ve been Scammed. You won’t change your password or take other steps to protect your information, if you don’t suspect a problem.
We’re going to be ordering – and receiving – a lot more goods and services online, which means more online transactions, more delivery notices, and more opportunities to be Scammed. Ordering a can of Pringles online and having them delivered by drone is one thing, but you’ll also be interacting with more sensitive information; ordering and receiving prescriptions comes to mind. It’s estimated that stolen Health Care Identity Information goes for 10 to 20 times more than Credit Card Information on the Black Market.
Much thought and effort is going into better protection of our information. Many online firms are moving to Two-Factor Authentication. Once the purview of large corporations and government, this Security method requires two forms of Electronic Identification, typically username and password, AND a confirmation sent to another device, such as a Smartphone APP, or by text message. Many of our Clients have implemented Two-Factor protection for their secure remote VPN connections to their office files. Google is starting to use it – as are Amazon.
However, this is a Chess match. Every move made by online Providers to protect sensitive information is met with a counter-move by Cyber Criminals to circumvent the protection; using either Technical or Social Engineering vectors. There is too much at stake for either side to give up; it’s estimated that Cyber Crime is worth $5 Billion globally – and these Black Market profits are rising.
So, what to do? Despite many books being written on the subject, there’s no foolproof way of dealing with SCAM attempts. But here are 3 simple tips that might guide you to safer ground:
NEVER click on a hyperlink in an Email; not even one you supposedly trust. Related to this, NEVER copy and paste a hyperlink from an Email into your browser. Instead, open your browser and manually navigate to the site; Google, Netflix, Amazon, or Microsoft for example; and always the HOME page, not the URL suggested in the Email (i.e.: www.google.ca – NOT www.google.ca/myfakelogin.asp).
DON’T pay for any purchase with Bitcoin. Legitimate online businesses and government agencies do NOT take Bitcoin – or insist on payment in it. More often than not, Bitcoin is used as the currency of the Black Market, as it is not traceable.
If you don’t recognize an Email Sender or what they want you to do, ignore it. Most people know the items they have ordered or are expecting, so anything unexpected should be treated with suspicion. Also, most legitimate firms rarely – if ever – have problems with their account databases, and so would never ask for you to “fix up” your payment information, based on trouble they’re having. If it’s legitimate and important, they will contact you again.
I could add a fourth: DON’T answer the door to FAKE RCMP officers, especially those named Guido and Bruno. Thankfully, that method of Internet and Email SCAMMING seems a little way off.
If you would like more information about Email SCAMs and how to protect yourself, please contact me – or your Account Manager at TRINUS. It just might help provide you with stress-free IT.