How Scams Work

Taking scams back to the basics

597651f418864.image.jpg

I have written my articles about scams and how to identify them, but now, I wanted to give you a behind-the-scenes look at how these companies actually get people to fall for scams. There are a few different aspects of scams that I wanted to mention. I also didn't want to simply bring up computer pop-up scams, but also the new scam that seems to be picking up steam rather quickly, the neighbor spoofing scam.

I will start with phone scams, because they seem the most prevalent recently. The majority of the 12-Steps to Avoid Scams I mentioned in my last blog about Corvallis Scams were in reference to victims answering their phone and doing what someone on the other end of the line instructed them to do. I will do my best to keep this light on the tech-jargon, but if I do dive in a little deep, I will do my best to bring you along for the ride.

I'm guessing when you read the first paragraph, you probably had the question, "What is neighbor spoofing?" Don't worry, I had the same question the first time I heard the phrase as well. After a little research, I learned that it is something to which I've dealt.

Have you received a phone call from a number with your matching area code? Better yet, have you received a call with a match area code and a local prefix? For example, you have a cell number with the area code 541 and live in Corvallis, Oregon with the prefix 760. You may receive a call from 541-231-xxxx (Corvallis cell phone), or 503-838-xxxx (Salem cell phone), or 541-753-xxxx (Corvallis landline). This is an example of neighbor spoofing, the process of using VoIP phones and specific software in order to gather YOUR area code and prefix in order to determine what number they want to "mask" their number as. This is why many people let any number that calls that doesn't have a name registered for their Caller ID, go straight to voicemail. I am a little bit of an exception because I LOVE talking to these people.

1140-scam-trends.imgcache.rev19878294a6386b48ffe80c0e404a5bab.jpg

I recently took a phone call about how to lower my credit card interest, and that they have a deal "specially for me." Their first problem was that I don't have a credit card. Second, I knew it was a scam. When I finally got connected to a human, and I asked them how I could lower my credit card interest without a credit card, they promptly hung up. These are the types of things that make me smile. I know, it's a little pathetic.

Now before I give you ways to partially remedy this problem, I want to touch on how many people get started in a scam. It usually begins with a pop-up in their internet browser that tells them some scare-tactic to get them to call the number. An example may be, "We've detected a virus on your computer. Call 1-800-xxx-xxxx to get it removed."

The first thing everyone should know about pop-ups, they are always fake. You will never get a pop-up inside your web browser if you actually had a virus on your computer. 

My goal, however, is to give you a little insight on what's actually happening in your browser. When a pop-up occurs, it is triggered by potentially many different things. It could be triggered the second you reach a webpage, or it may be triggered by a timer, which starts counting down once you access the webpage. The following code would do just that:

// open after 5 seconds
setTimeout(() => window.open('http://crashsecurity.com'), 5000);

It's actually pretty smart. It runs by using Javascript, which is a scripting-language (a programming language for developers). Javascript is universal across all web browsers which is what makes it popular as a pop-up originator. Through Javascript code, it is possible to hide certain aspects of the pop-up, including the toolbar, which can make it impossible to close the page. They will also make it so everything else on your screen is unusable. Some simple code like this will make the pop-up full screen.

// full screen pop-up
window.open(href, windowname, 'type=fullWindow,fullscreen,scrollbars=no');

In some instances, the pop-up may be "dependent," meaning it won't close until a different window closes. Quite often scammers will hide the window that the pop-up is dependent on, making it seemly impossible to get the pop-up to go away. Javascript making it dependent is as follows:

// dependent pop-up, as you can see, dependent=yes
window.open(href, windowname, 'width=400,height=150,dependent=yes,scrollbars=yes');

This is when most people panic, and rightfully so. It is frightening, and it is not a fun experience. FORTUNATELY, there is an easy way to get rid of it. If you press the following keys and hold them down, it will open a Force Quit box that will allow you to force your web browser to close. The key command is: Command (⌘) + Option + Esc. Press them in that order then hold them down, so press and hold Command (⌘), continue to hold Command while you press and hold the Option key, then the Escape key the same way. If you are still a little confused, Apple provides a support page for Force Quit.

Let's now get to the part that you care about, how to keep this from happening. Unfortunately, pop-ups in your browser will, for the most part, always be relevant, but as long as you know how to Force Quit, you'll be just fine.

The more frustrating scam is the neighbor spoofing. It is a pain and invasive. Luckily, my good friends over at Malwarebytes recently released an application for iOS. I beta-tested their app, which is still on my phone, but it is now available in the App Store. It is subscription-based, but it is well worth the cost.

One of the best parts of the app is this simple aspect, it will alert you if a call is a suspected scammer. I received a call from a 541 area code, which is mine, and a 740 prefix, a very, very common prefix in my area. Malwarebytes for iOS alerted me on the screen of the incoming call, and after the fact, it continued to tell me in my Call History.

IMG_6626.jpg

They give you lots of options for assistance. From a Phone List Alert section to Web Protection, it has everything. It ALSO has mobile pop-up blocking.

IMG_6627.png
IMG_6629.png

I can't recommend this app enough, and no, they are not paying me for this. It is fantastic, and I am very happy with it.

Lastly, how are pop-ups and neighbor spoofing related? Well, they both have a lot to do with call centers utilizing Call Optimization. According to research by Symantec, scammers have been utilizing scripts to find out what kind of browser you are using, as well as utilizing call optimization to dynamically insert phone numbers into the pop-up itself. The script to find the browser is quite easy to write.

// first check the browser. Is it Firefox, Safari, etc?
if (browserTpye=='isFirefox)
{
    if(browser.version >= 57) // what version of Firefox is it
    {
        document.getElementbyId("fr_mozilla_html").style.display="block";
        document.getElementbyId("fr_ie_html").style.display="none";
        document.getElementbyId("fr_safari_html").style.display="none";
        window.location.href="assests/eng_ff_auth.html?" + sPageURL + "&p_num=" + phone_number; // insert phone number
    }

    else
    {
        document.getElementbyId("fr_mozilla_html").style.display="block";
        document.getElementbyId("fr_ie_html").style.display="none";
        document.getElementbyId("fr_safari_html").style.display="none";
        $("#fr_mozilla_html").load("assests/eng_ff.html");
    }

Then you just have a script that assists in the Call Optimization.

Call Optimization Service Script (Source: Symantec)

Call Optimization Service Script (Source: Symantec)

Well, I know it was a long blog, but I hope you got a little insight into how some of these scams work. Also, if you haven't read our 12-steps to avoid scams in our Corvallis Scams blog, make sure you check it out.

Take care and safe browsing!

Is This A Scam - Part II

This publication has been a long time coming, but for some reason, it always has gotten put on the back-burner in lieu of a "more interesting" story. After reading a news article out of Chesapeake, Virginia today, which was February 22nd, I realized that this was an article that needed to be written. So, this is:


Is This A Scam - Part II

The trigger for this post was actially an article I read which referred to a gentlemen who was contacted and told that he owed the IRS money, and that he needed to pay or "the police will come."

636173109841874978-iTunes-card.JPG

Let's first address the fact that we are in full swing of IRS scams. It's terrible that people choose such a time to profit off of others, with so much sensative data, but I guess you could say hackers don't exactly have the highest moral standards. That being said, DO YOUR TAXES AS SOON AS POSSIBLE. Do not wait. The longer consumers wait to file their taxes, the better the chance of having your identity stolen. Now I'm not try to scare you, but let me put it in this perspective...if you wanted to steal people's IRS information, what would be the best time to do it? April 5-14th most likely. Plus, the longer hackers operate, the more likely they are to get caught, so hackers typically will try to infiltrate a system and get out in a small amount of time, so file your taxes as soon as you can.

Now I want to get back to the main reason behind this post - the scam portion of the story I mentioned in the opening paragraph. If you read my last post, I mentioned a scam that happened right in Corvallis, Oregon, and quite frankly, is occurring all over the country. 

Scammers are contacting "customers" and explaining the to them that "they may be in trouble with the police if they don't give (insert amount of money) to (insert company name ie: IRS). In order to do this, the scammer almost always has the customer do one of the following: go to a Western Union and wire the money, buy gift cards then give the scammer the gift card number on the back, or the scammer sends a check for an amount more than requested, you then wire back the excess amount of money.

I spoke with a customer that I was working with last night who said, "Who would fall for that?" I responded, "Apparently quite a few people."

Just be cautious when you receive phone calls and keep these in mind:

  1. NEVER WIRE SOMEONE MONEY OR BUY GIFT CARDS TO "SETTLE DEBT"
  2. Apple, Comcast, Microsoft, or the IRS will NEVER call you because of a "hacked account." Apple, Comcast, and Microsoft will email you (most likely); the IRS will send you a letter
  3. If it sounds fishy, it probably is.
  4. Get a second opinion. That's why I'm here! Give me a call (541.714.5880) or an email (stuart@crashsecurity.com) about what happened, because 99% of the time, I'll know within the first two sentences (just because I've seen these types of issues so many times).

Please spread this to your friends, as I know this has been an issue of my town of Corvallis.

Be safe out there, and get your taxes done early!

-Stuart