Page 2 of 28

Smishing

An Etymology & History Lesson

Hacking is nothing new. In the 1970’s, we had hackers that were experts at gaming and abusing our telephone systems. They were able to avoid long-distance charges when placing calls, and those free calls may had led to them being called freaks. But soon after, those phone freaks were simply termed phreaks.

In the 90’s, cybercrime developed and spread via email. We needed a new term for all those deceptive, fraudulent messages going around. Borrowing from the cool jargon 20 years prior, we turned fishing into phishing and used that to refer to those emails that tried to get their hooks into people for their passwords and account numbers.

To this day, phishing remains a major vector for fraud and e-trickery. And phishing continues to evolve and adapt to how we communicate. The Simple Message System (SMS) caught on in the 2000’s and its text messages are now used for so much of our daily activities. And as SMS messages proved to be a viable medium for phishing attempts, a new portmanteau was born: smishing.

Only One Real Defense Against Smishing

Today’s smishes generally try to trick you into one of two things: 1) click on a bogus URL, so that you visit a deceptive site, or 2) call a phone number to connect you with a scammer. Each scam is a little bit different from the next, but in general, once you go down one of those two roads, your computer, finances, passwords and sanity are all at risk.

Your cellular provider blocks a lot of smish attacks, but there’s bound to be something that get through. Smish happens. Your best defense is education. Look at some examples of smishing messages and get familiar with them. And later, when some smish shows up at your door, you’ll just roll your eyes and move on.

Examples

Some smishing wants convince you of a purchase that you didn’t authorize. It could be for a laptop, or some antivirus or a Peloton Bike. It doesn’t matter what it is, what’s important is: the message is 100% fiction. There is no charge. There is no high-dollar item. Notice that the text message doesn’t even say which card has been charged! The bogus phone number doesn’t go to a bank; it goes right to a scammer’s cubicle.

Fake Purchase Smish

Another smish to consider is the Delivery Smish. This one lies about an imaginary package that couldn’t make it to your door. If you click the link, it will lead to a phishing website, where you will be asked for credit card information to cover a postage fee to get your package. But again, there is no package, but they will quickly run some real charges on your bank card, if they get that number from you!

Delivery Smish

You are almost never going to win anything through a text message. But below, you’ll see a smishing message that wants you to believe. Please don’t.

Lottery Smish

Ever get this text about a pending criminal charge or tax return problem? The police or FBI is not coming to arrest you. Or rather, if they are, they certainly aren’t going to text you in advance.

Going to Jail Smish

There are so many more examples I can give, such as Password Reset Smishing and Message from your CEO smishing. A couple of months ago, I blogged about the EBT Scam. Next year, I’ll have to blog about a new smish. Feel free to Google for “smishing examples” if you need more food for thought.

Common Traits to Watch Out For

  • The phone numbers in these bogus texts often give it away. The smish may arrive from an area code you’ve never dealt with before. Or the stated number may have odd punctuation. Plus, if you want, you can copy down the number and Google it. A lot of these scammers’ numbers will turn up in a search, on scam-watch websites.
  • The details are usually vague. There’s a pending charge, but it doesn’t say with which bank. You’ve won a prize, but from which company? Your plane tickets were cancelled, but the airline name is not mentioned. A legitimate notification would be crystal clear about important details.
  • The URLs are questionable, but sometimes you have to look closely. It’s a pretty obvious trap if the weblink contains wording like “curesickness.com.” But other URLs are written to look similar to trusted domains. They may only be one letter off, but if they’re trying to get you to tap on “www.disneyy.com”, think twice and back away.

How To Respond

First of all, don’t ever respond to a phishing text. Communicating in any way with a scammer is bound to get you more spam, phishing, smishing and other annoyances coming your way.

Treat smishing as you would any other spam: Report it, block it, delete it.

If you have a severe problem with too much SMS spam, contact your cell provider. They may offer extra spam-blocking options to curb the junk.

And if you’re just not sure, if you got a text and you worry that it might be legitimate… Close the text message and seek verification elsewhere. Call your bank from the number on your statement. Go to the Amazon website and chat with their support. Find real help somewhere else and they will corroborate the facts or dispel the myth.

Kaspersky Virus Removal Tool

Here’s another freebie that can do a one-time virus scan on your Windows computer: the Kaspersky Virus Removal Tool. It’s similar to others I’ve mentioned (ADWCleaner, Norton Power Eraser, and McAfee Stinger), and I can recommend it if you want a second or third opinion on how clean your computer is.

Kaspersky Virus Removal Tool can be downloaded from this site. Install the downloaded file and run its scan. Remove anything it finds, or simply close it if it reports nothing suspicious was found. This tool will not interfere with your full-time antivirus.

Dissection of a Facebook Scam

The internet is a hotbed for crime, Facebook especially so. It’s simply too big to police. But since we can’t give up using the internet or Facebook, our other options are to prepare, learn and adapt. I encourage you to maintain a rampant skepticism as you use the web.

Come with me and consider the following scam post from Facebook:

This post popped up in a local Facebook group and triggered my Spidey-Sense. But even I had to pause and doubt myself. C’mon, Jesse, it’s just some eggs, people are always selling off their excess henfruit. But as I dissected this post, I knew my gut was right.

The Clues

The first clue here was plainly visible: the poster turned off commenting for their post. Surely, there are good reasons to turn off comments on group posts. But if you are selling something, comments usually aren’t that big of a deal. The next clue is the few comments that occurred before they were turned off:

Notice that the poster is trying to get the commenters to PM her immediately, using identical comments. And the poster commented on her own post, first thing. These do not constitute a smoking gun, but they are suspicious to me, and I see this on many spammy posts.

Going further, I click on the poster’s name and noticed the following:

A new member in that Facebook group? Oh, really? Again, it’s not proof of a scam, but it looks more and more sus, as I go. Next, I clicked further to visit her Main Profile page:

There’s nothing here except for two photos. As I click through every menu, there is no other info to be gleaned. No Details, no Friends, no other Posts, etc. And that’s OK, I recommend that you hide most of your info from public view. But still, most of the locals would have a little something here to make them look authentic.

Next, I went to her two public photos. Those photos had one Like on each of them:

Two very nice looking people… from Kenya. I don’t have anything against the people of Kenya, but what are the odds that this poster in rural Virginia has two friends in Kenya (and no one else!), liking her photos?

The Final Clue

By now, you’re looking this over and nodding your head and thinking, “Yup, sure is fishy.” But thinking like a scientist or lawyer: All of these clues so far suggest something is off, but there is still a non-zero chance that maybe this character is really selling eggs in my community. So let’s go further.

I highlighted and copied the first sentence of her post, and then pasted it into Facebook search field in the left corner. And I turned up another FB post by the same poster:

Different photo, but the same exact text, posted at the same time as her other post. But wait, she posted in a Virginia group, and Nacogdoches is in Texas. And she’s ready to deliver in both states? To quote a Tarantino film, “Now I am calling you a liar, Señor Bob.”

Epilogue

After recognizing the scam on Facebook, I reported the content as best I could, to both Facebook and the group admins. And that’s all you can do, too, when you recognize something shifty on Facebook. Report it, and move on.

Unless you notice someone you know, commenting on or sharing the scam post. Then you might go the extra mile and reach out to them, tell them what they’ve stepped in.

What was the scam, anyhow? It’s probably an advance payment sort of scam, where they try to collect your cash through Zelle or Cash App. If I can message with these scammers and get proof, I’ll update these details.

Stay safe out there, folks!

Microsoft Power Toys

Microsoft offers a batch of extra tools and utilities for anyone to add to their Windows computers. These “Power Toys” come bundled together as a single free download, and you can get them here or from the Microsoft Store.

Some of these tools are basic while others are for advanced users, so breeze through the list to see if any of them appeal to you. I especially like remapping keys on my keyboard with the Keyboard Manager toy…

Reporting Content on Facebook

If you see something inappropriate, illegal, or just plain wrong on Facebook, please report it. This includes spam and scam posts, comments that are beyond the pale, and any content that has you concerned of threat or harm to someone.

Reporting Posts and Comments

Most of the time, you can report Facebook content using the 3-dots button to the upper-right of the post or comment:

After clicking the 3-dots button, you’ll have a menu with options. Click Report Post and select the best category for why you are reporting the content.

If you are reporting content from a Facebook Group, you should also send a report to the group admins. They are much more likely to act on your report.

Reporting People

You can also report people (accounts) on Facebook. If you think a person is not real (a bot), or misrepresenting who they are (a faker from some faraway land), go to their main profile FB page and look for the 3-dots button to the right, below their masthead photo:

You should also report a friend’s account, if you think they’ve been hacked.

Reporting Private Messages

Yes, it’s even necessary sometimes to report the PMs you receive. Harassment messages are a no-brainer, but you should also report anyone slipping into your PMs with shady offers of crypto or government tax refunds.

On a computer, it can be tricky finding the options to report FB messages. If you do not see the 3-dots button, go to www.messenger.com to view your PMs. If you float over a person on the left-hand column, you may find the 3-dots button, and that should give you the chance to report.

Also at www.messenger.com, look to the right-hand side for “Privacy & Support”. Click that to reveal an extra option to Report something.

On mobile devices, you can usually report a message by long-pressing on it. Then, look below for a 3-dots button labeled More, and that should reveal a Report option. You might also tap the ‘i’ button at the top-right, if you see it, and that will get you many options for the person who has contacted you. At the bottom of that menu, you should find Restrict, Block and Report.

What Good Does Reporting Do?

First, I can say that reporting posts to Group Admins, when possible, offers the best chance for positive change. Group Admins are people like you and me, and they often respond promptly. They usually don’t want junk or unpleasant material in the group that they volunteer to maintain.

But when you are reporting to Facebook themselves, I must say the results are likely to be disappointing. Your report will probably not reach a living human, at first. Facebook has a lot of bots and software to go over most of the reported material. And those things do not do a good job.

For example, I reported something objectionable to Facebook recently. After 3 days, they got back to me, and said they couldn’t review my report. I resubmitted it, using their options to tell them they got it wrong. After another 3 days, they got back to me to say: We removed the bad content you reported.

Hey, thanks, Facebook, but this means it was up for an extra 6 days, for all of your users to encounter. And your users are as young as 13…

Criticisms aside, Facebook supposedly responds better when many people all report the same content. So you should click that Report tool whenever you care to. Also, Facebook should respond in a more timely manner when life and limb are on the line. If you are worried about someone harming themselves or doing something unsafe, definitely report that ASAP to Facebook. And consult with your local authorities, too, if appropriate.

Brushing Scams

Here’s a scam that you should know about, but not because it’s particularly dangerous. It’s just weird. But once you know the details about brushing scams, they won’t creep you out, and you can quickly move on from them.

Surprise‽

When an unexpected item arrives at your doorstep, it may be part of a brushing scam. The item may be lightweight or small or just plain curious: people have reported receiving packets of seeds, hand warmers, “dragon eggs“, and even Bluetooth speakers. The packaging often shows an international return address, but no further clues about the point of sale. No bill is included, no company name or URL can be spotted.

Nothing “killer” about this, just an artsy rock…

In general, the items are harmless. There have been no reports of hazardous items being shipped with this scheme. Whatever you receive, you do not have to pay for it, and you are under no obligations regarding what you do with it. Keep it. Donate it. Trash it.

Why Send Me Junk?

This scam is harmless to you specifically, because it isn’t targeting you. Certainly, someone used your mailing address in this scheme. But don’t take it personally. Your address was probably chosen at random, from any number of online public information sources.

The scam’s target is an e-commerce website. It could be Amazon, Wal*Mart, AliExpress or others. They are gaming the reviews in order to sell more merchandise. Their process is:

  • Create a new account and buy an item.
  • Have the item shipped to a random address in the USA.
  • Once the item is shipped, the new account is considered legitimate, and can leave a review. So the account holder leaves a 5-Star review on the item and for the seller.

If they repeat this over and over for a particular item/seller, that item will soon show a lot of trustworthy, 5-Star reviews, even though it may be a new listing or a shady, fly-by-night vendor. This can help encourage a lot of future sales.

Whatever it takes to sell more jewelry.

Final Takeaways

Most brushing scams give you no info to act on. But if you spot a clue on the parcel and you manage to determine what site it was purchased through, you could follow-up with that company. Don’t call any number listed on the package, but you may, for example, go to Amazon.com or Walmart.com and contact their support about the item. If they care to listen to you, you may ask that they:

  • File a fraud report for the item you received.
  • Find and remove any reviews associated with your name or address.

Brushing scams are actually incredibly effective at what they do. Amazon and similar stores are constantly battling fake reviews. But brushing reviews is where the bad guys have the upper hand. Brushed reviews are almost impossible to suss out, even with sophisticated software tools. So at the end of the day, I have to advise you: Don’t give 100% of your trust to online reviews. Sure, read them over, but take them with a grain of salt.

Fixing a Stuck Pixel

Computer monitors, laptop screens and mobile devices all use lots of pixels together to display their images. And sometimes, one of those picture elements gets stuck. This is a one-in-a-million event that can drive you crazy.

More annoying than muscae volitantes

Note: there are stuck pixels (white or a single color) and dead pixels (black). It is highly unlikely that you can fix a dead pixel, but it can’t hurt to try.

Easy Fixes

The easiest & best tool for you to try is the JScreenFix website. Open that site on the screen with the problem pixel. Click the Launch button. And move/park the hyperactive square over top of your trouble spot. Leave it there for 10 minutes, or more (it won’t hurt to run this for an extra-long time).

Another program I’ve found that does the same thing is UDPixel. But it is an app that you download and install before using. Despite the extra steps, UnDeadPixel is safe to use on Windows computers.

Android users also have the option to use a free app, if for any reason the JScreenFix site doesn’t work out. Consider Dead Pixels Test and Fix.

And in a pinch, you may open YouTube and search for “stuck pixel repair” or screen repair pixel”. There are various stroboscopic videos that you can leave playing on your device that may unstuck a pixel. But you may want to leave the room while the lightshow flashes on, to avoid getting a headache.

Miscellany

These tools don’t always work. A stuck pixel is caused by some hang-up at the sub-pixel level, which can be stimulated into working again. But a dead pixel is caused by a failed transistor, and no software tool can resurrect that component.

Stuck or dead, a bad pixel may turn out to be something you have to live with. But please know also that every monitor/device comes with a warranty. And most of them have a specific dead-pixel promise. If you can locate that verbiage, it will help you figure out if you qualify for free repair or replacement of your screen/device.

There are other methods described online, where some people massage their screens to physically stimulate a problem pixel back to life. I don’t recommend this tactic, as this could cause more problems with your display. But if you have nothing to lose, you may Google for “stuck pixel apply pressure” and probably find the risky details on this.

Fake Hard Drives for Sale

A couple of years ago, I blogged about Fake Flash Drives, and now I have to write a refresh article: You also need to watch out for Fake Hard Drives and Fake Solid State Drives. Please make sure you don’t buy these things!

Good & Bad Examples

First, some examples of legitimate, reliable storage drives:

These items are all fine choices for your data storage. Please note that they are recognizable, big-brand names within the $50-100 price range.

Now for some fakes for your consideration (PLEASE DO NOT BUY THE FOLLOWING PRODUCTS!):

If you regard those items, you should notice some clues that something’s not right. First, there’s no noticeable brand name, or if there is, it’s a name you’ve never seen before and won’t see anywhere else on the web. There’s a big price disparity, too; charging a few dollars per Terabyte of storage is too good to be true.

16TB storage drives do exist, for the rare few of you that need one. If you buy a legitimate 16TB hard drive, expect to pay around $300 at the time of this writing.

Details & Dangers of Fake Drives

The dangers of this scam go beyond losing some money. Your files are at risk if you fall into this trap. These fraudulent devices are mis-manufactured to offer 16TB of storage to your computer. And your computer will believe it when you attach the drive! But there isn’t really that much storage in there. It’s more like a couple of 64GB microSD cards glued to a reader board in these sham drives.

So what happens is that you can try to put data on the device. And it will work, up to a point, but then catastrophe will strike. As your computer pipes data into an area that it thinks is huge but is really much smaller, your data will fall into oblivion. Like lemmings walking off a cliff. And this won’t be apparent until later, when you try to open or retrieve those files. Then you will meet with errors and irrevocable data loss.

Dos & Don’ts

The Too-Long;-Didn’t-Read advice I can finish up with is:

  • Do pay attention to brand names, and buy something from a recognizable manufacturer.
  • Don’t jump on amazing prices/deals. If the price is too good to be true, it probably is.
  • Don’t believe the posted reviews! Amazon and other websites are commonly gamed by the scammers, and a sham product can have thousands of 5-star reviews below it.
  • Do be judgmental about where you buy (online). Costco, Staples & Best Buy vet their vendors more than Wal*Mart, Amazon and eBay. Avoid those free-for-all marketplaces where anyone can hawk their wares.
  • Do feel free to report scam products to the website’s support team, but don’t spend a lot of your time or emotion on it. I did that 2 years ago with the flash drive debacle, and it became obvious that these big companies don’t care about or can’t fix the problem from their side.

Checking Out Charities

There are so many charitable causes to donate to. And there are plenty of shady outfits that try to pose as legitimate charities. Before you act, make sure you’re donating to a worthwhile outfit.

Charity Research Websites

Use any of these websites to lookup and learn more about legitimate charitable organizations:

GuideStar

CharityWatch

Charity Navigator

Give.org

Check with the Government

The federal government will let you search their list of tax-exempt organizations and verify their eligibility to receive donations. I find that this search is easiest if I know and enter the EIN of the company I am researching.

Your state government may also offer tools for finding registered charities. Find your state on this list for appropriate tools, contacts and additional info.

General Advice

When donating money, using a credit card is going to protect you the most. Personal checks are also acceptable if you are confident of the company you are dealing with. But please be suspicious of any charity asking for gift cards or wire transfers or cryptocurrency.

Fraudulent charities may use a name that is deceptively similar to legitimate charities. When doing your research, be exact with the wording and spelling of the company with whom you are dealing.

If a charity is pressuring you to act now before time runs out, stop and back away from the situation. Pressure tactics should be a red flag for fraud. Legitimate charities won’t use a sense of urgency to earn your donations.

Keep good records of what you give, and check your accounts and statements to verify what you’ve given. Watch out for any misunderstandings that lead to recurring withdrawals or charges.

« Older posts Newer posts »

© 2023 BlueScreen Computer

Theme by Anders NorenUp ↑