phishing scam

The Great Phishing Scamdemic

phishing scamHave you been noticing an abundance of suspicious looking emails flooding your inbox over the past few months? You aren’t alone! In the age of COVID-19, InfoSecurity Magazine reports that phishing scams have soared by over 600% since the end of February. Unfortunately, many of these scammers prey on fear and uncertainty in order to worm their way around barriers. And working from home means those barriers aren’t often as well maintained as they would be in the office.

So what can you do to help keep your passwords and accounts secure? When it comes to phishing, awareness is often the best defense. With that in mind, we’ve put together a guide to help you navigate some of the common tricks and scams to watch out for during these trying times.

CDC Alerts

If you receive an email claiming to be from the CDC or WHO, you should be careful. It is most likely a scam! These messages often contain links claiming to list coronavirus cases in your area along with an urgent request to review those cases and see if you were in contact with anyone affected. The links may look legitimate on the surface. However, hovering a mouse pointer over the link and examining the actual target underneath reveals that it actually points somewhere more nefarious.

Health Advice

Phishers have been sending many scam emails purporting to offer important health advice related to the pandemic. These often appear to come from a specialist, doctor, or expert of some kind. These emails may contain a link or even an infected attachment. If you receive one of these messages, do not open any attachments or follow the links. Delete the email immediately. If you feel uncertain about your health, it is always best to contact your own doctor directly.

Workplace Policy Updates

You may receive occasional updates from your employer while working from home. This is normal and expected, but if you receive one of these notices, review it carefully before following any links or downloading any attachments. Cybercriminals have been sending highly targeted “Policy Update” messages appearing to come from your employer. These messages appear to link to an updated company wide policy due to the pandemic. Always double check the link by hovering your mouse over the text and checking where it really goes. If you are unsure, reach out to your employer directly and ask whether or not the message came from them.

Charitable Appeals

Many scammers are exploiting people’s best intentions by requesting financial support to help victims of the virus and front-line workers. Although these types of emails may not always be phishing scams, the charities they fund are usually illegitimate. Rather than helping to fund relief efforts, the money instead goes straight into the scammer’s bank account. Always do your research before donating to any charity. If you receive a charitable appeal via email, it is most likely fake.

SMS Recovery Hack

You may receive an email or SMS from someone claiming to be your employer or email provider. The attacker typically claims that someone breached your account and they need you to forward a forthcoming SMS code to restore it. The attacker then initiates an account recovery process which automatically sends out an SMS code to the account owner’s phone. If you unwittingly forward that code to the attacker, they will be able to take over your account.

These attacks have become very popular lately and have seen widespread success. There is even a variation of this scheme affecting WhatsApp users. To ensure this doesn’t happen to you, never forward any account codes to someone else. Your email provider should never require this information. If your employer legitimately needs it to rescue your account, contact them directly over the phone or video conference to ensure you know exactly where you are sending it.

Smudged Screen

Since touch devices have become the norm, a new type of attack targets these devices by simulating a smudge, hair, or piece of dust on the screen. Many people are already educated about the dangers inherent with clicking unknown links in an email, but wiping smudges from their touch screen is almost a reflex. However, if the smudge is actually a disguised link, that reflexive swipe may be detected as a tap. If you’re using a touch device, it’s always a good idea to close your email and browser before cleaning the screen.

Fake Ads

Scammers have been placing ads around the web and over email claiming to offer cures and treatments for the virus. Norton Security reports that the websites these ads lead to sometimes contain malware. Even in the best case scenario, the products and services they offer are useless.

How to Avoid Phishing Scams

Now that you are aware of some of the more malicious phishing scams going around right now, here are some general practices that will help protect you and your accounts from these threats:

  • Avoid opening unsolicited email.
  • Hover your mouse pointer over links to see where they really lead.
  • Do not download attachments from any email unless it was something you were expecting to receive and you are certain of where it came from.
  • Do not supply personal information to anyone via email.
  • Watch out for sloppy spelling and grammar. Although this is not always a guarantee (they get more convincing all the time), poor grammar and spelling usually indicates the email is coming from a fake source.
  • Be wary of urgency. Emails that try to create a sense of urgency are almost certainly scams.
  • Stay calm. People can be more easily manipulated when they are in a state of panic. Try not to fall victim to fear-inducing emails or messages. This is a tactic used by social engineers to bypass your natural defenses. Instead, keep a steady hand and delete such emails.
Social Distancing on Social Media

Serious Risks to Consider When Socializing Distantly

In today’s crazy world of staying home instead of visiting friends, we’ve all been inclined to share a little more of ourselves on social media. There are more pictures of baking adventures with kids, selfies of good health and shared lists with a rundown of your personal information. Let me explain why sharing life information without precautions can be bad for real life.

Security Questions are Passwords

Decades ago, banks added extra questions to bank signature cards. This included information – such as a mother’s maiden name – to help verify customers needing account services. In the early 2000’s security questions became the norm for every account you set up online. Security questions are often required as an extra security layer to grant account access or to request a password reset. Questions range from asking your mother’s maiden name to the details of your first vehicle to the street you grew up on. The answers to these questions are additional passwords to access your accounts.

Breaches Handing Out Your Secrets

Security breaches happen every day, but in 2016 Yahoo admitted their security breach leaked over 3 billion users’ security answers to hackers, yes 3 BILLION accounts. This shed light on an even more serious issue – you can’t change your mom’s maiden name or the street you grew up on. But those now-public answers have the power to grant access to your accounts.

Fun But Harmful Social Media Posts

The Yahoo breach and other breaches may have spread some traditional security question answers around, but many people use social media to willingly spread the rest of them. Social media serves as a medium to help us connect to others (or argue with them, but that’s a different article). It was made for these things, but sharing such information publicly also opens users up to account hacking.

  • Who doesn’t get a kick out of discovering that our soft-spoken, sweet friend that we met in church has a list of favorite concerts that includes hardcore rap?
  • Why not gather “Likes” from posting pictures of us restoring our first vehicle on social media or reminiscing over old 1st grade class photos?
  • How many have competed to see who’s moved the most times with lists of former hometowns?
  • What other sharing have you seen that includes security question answers?

We’ve all enjoyed these posts, but all of these items are answers to many of the traditional security questions that secure our accounts. It’s hard to remember what we’ve used for our security questions around the internet, so we should assume we’ve used our personal information somewhere. Your privacy settings on your account may be high, but social media is stored in an online database that has certainly been hacked more than once.

Other Options for Security Questions

It’s not likely that you’ll switch over to posting fake information to social media to avoid giving up your security question answers. However, you do have the option to make up fake answers to security questions on your accounts. But how do you remember your fake answers? What if you mess up the exact spelling? A lot of people use a paper notebook to keep track of passwords and security answers. If this is you, please stop. With this strategy, one spilled glass or stolen laptop bag creates a whole new disaster in your life. Instead, look into a free password keeper like LastPass where you can add extra notes to your entries and only have to remember one password. With ever-present malware key-stroke loggers hiding silently on many computers, typing in passwords and security question answers still hands the keys over to hackers.

Upgrading To Two Factor Authentication (2FA)

Two factor authentication (2FA) is one of the most popular alternatives to security questions. 2FA requires two steps to allow you account access. The first step is usually your account password. According to PC World,  “two-factor authentication is basically a combination of two of the following factors:

  • Something you know – such as your password.
  • Something you have – some options include getting a text on your phone, iCloud verification, email verification code, authentication app, or a physical security key.
  • Something you are – such as a fingerprint reader or retina/face scanner.

There are no specific regulations requiring a business to have or request security questions. However, there have been increasing regulations requiring the safe storage of a user’s personal identifying information, such as the data which can be gleaned from stored security question answers. With this in mind, it’s a no brainer to set up 2FA if it is offered by your vendor. If your vendor does not offer 2FA yet, let them know you want better security on your account.

If you enjoy social media, then keep an eye out for our upcoming blog article – How to Stop My Social Media Account From Being Hacked.

How to be Successful While Working From Home

Ten Tips on How to be Successful While Working From Home During Coronavirus Outbreak

As a web developer of over 15 years, I’ve spent a lot of time working remote. Sometimes out of convenience and other times out of necessity because of sick kids at home. With the outbreak of COVID-19, there are now millions of workers finding their desks a lot closer to home. My hope is that this article will help you settle in and get your productivity levels back to the same levels or better than they were in the workplace.

1. Don’t Steal from Your Employer

Do not use the company equipment for personal work, especially while on the clock. If you were issued a computer to take home, it’s highly likely your employer knows when you log on and what you’re doing. Many employers are being hit hard financially by this outbreak. They will not hesitate to fire an employee for wasting precious company time and resources.

2. Get Equipment that Works for You

In a perfect world, you have a home office or study room already setup with your home computer. However, the reality for many of us that we usually just pull out our personal laptop or tablet and sit on the couch or kitchen island to surf the web. It’s now imperative that you have a quiet, low traffic area set aside specifically for working.

Your equipment list may include:

  • Laptop or Computer – It’s likely your employer has provided you with these.
  • Desk – If you have a desk with your personal computer on it, move it aside and you’ll be all set. If you don’t have a desk, grab a folding table or another surface for your work equipment and place in a low traffic area where available.
  • Monitor – Some laptop screens are small. An external monitor can solve that. Before ordering one online, be sure to check what ports your laptop has. Here is a link to help you identify the ports you have.
  • Peripherals – Other items may improve your productivity, such as an external mouse or keyboard for your laptop. You may also need a web camera if your employer plans on doing online meetings.
  • Printer – You may or may not need a printer depending on your job. Don’t forget ink and paper.
  • Other – The list of other items to increase productivity could go on for pages. Some other items that I can’t live without when working from home include: noise cancelling headphones, a large refillable water bottle, pens, notebooks, sticky-notes, a lamp and a lap blanket.

3. Get Creative if You Don’t Have a Spare Room to Work Remote

Some suggestions include:

  • Closet – I have a friend in a small apartment, she doesn’t have an extra room available. However, she did have a large bedroom closet full of clothes she’s not going to wear for a while since there’s no fashion police in her home office. She emptied those clothes onto a living room chair and moved her desk and a lamp into her closet.
  • Table – A kitchen table is not exactly ideal, but if your family does not regularly utilize the entire kitchen table, then you have a space. Clear it off and let your family know it’s off limits to them. You won’t be having guests over, so you can leave your new desk as is every day. Important: keep glasses cleaned off the table and use a rolled-up towel to not only mark your space but also make barrier to keep accidental spills away from your computer and paperwork.
  • Kids Room – If you have multiple children with multiple bedrooms, then you may have a new workspace option. Do a coin flip and pick who’s moving out temporarily. Unless you need to work at night, your displaced child may still be able to return to their room to sleep every night.
  • Basement – We all groan at the thought of working in our basement, but hard times may call for hard decisions. Grab a table, space heater and some extra lamps for your new home office and call it good for now. Introverts may actually enjoy the peace and quiet of your basement.

4. Setup Security Measures

I’m not an IT expert, I make websites; but here are some bare minimums.

  • Secure Internet Connection – You’ll have fastest internet speeds with a direct Ethernet cable plugged into your computer or dock. If that’s not an option for you, be sure your WiFi is behind a login. Your employer may have also setup a VPN for you to connect through. This is ideal!
  • Password Protection – Make sure your machine requires a password to login. The last thing you want is your kid hopping on your computer and going to sites your employer would not approve of.
  • Virus Protection – Staying off sites not related to your work while on your work equipment is the first step. The second step is being wary of emails and scams going around due to the outbreak. Your employer may or may not have installed special software for you, when in doubt, check in with them.
  • Out of Site – News reports show that crime has not slowed and desperate times may lead to more break-ins. Keep your computer and valuables out of sight of windows and draw your blinds at night to lower temptation.

5. Limit Your Distractions

Let your family and friends know your work schedule. It’s so easy to get inundated with texts from your bored friends. Let your friends know you’re working from home and ensure them you’re not ignoring them. Tell them you’ll get back to them on your breaks or after work. Every text or social media notification can lead to work mistakes and it can take up to 30 minutes to get yourself back on track.

If you’re home with the family, share and post your schedule. Tell them your rules and that, although they can see you, you are at work and this time is very important.  Your family and loved ones will push this boundary, but you must enforce it until it becomes natural for everyone.

6. Get to Work on Time

Your commute just got shortened, but the “traffic” may be just as bad or worse. By traffic, I mean your family and other home distractions. With kids home from school and pets seeing you home, your morning routine may take longer. I find it best to get up earlier than when I was going into the office. This gives extra time to do social media surfing and get the kids/loved ones settled in with enough attention, snacks and activities to make it until the morning break comes around. If your employer didn’t give you a specific time to start work, then you need to pick a time, communicate it to them and stick with it.

Plan for a short morning break, if your kids and pets are home with you, they may dictate when this time occurs. At the very least, get up from your desk and walk away from it for a few minutes, some light stretches may feel great too. I know it’s tempting to do some cleaning or laundry while you’re home, but you may quickly lose track of time during breaks. Don’t make a habit of this, set a timer on your phone and get back to work on time.

7. Enjoy Your Lunch Break

Set a timer on your watch or phone for your lunch break. Get away from your work space. Make this your personal time; catch up on social media, get some fresh air, play with the kids, do whatever gives you a break and lets you recharge to take on the second half of your day. Preparing healthy foods ahead of time will also provide you with good fuel for the afternoon.  I use my lunch break to have a quick lunch with the kids, a little play time and then put them down for a nap.

8. Be Prepared for the Afternoon Slump

Just like at work, it may be hard to stay motivated in the afternoon. Learn to adjust your work agenda to what works best for you. I find that saving my new or challenging work for the afternoon works best. Others may find this to be the best time to answer emails. Do what works for you, but do not waste your employer’s time.

Give yourself a short afternoon break of 15-20 minutes. Use this break to resettle the family and pets, switch laundry or get a snack. Set a timer on your phone if you find break time getting out of control.

9. Know When to End the Work Day

If your work load allows it, keep your normal end of day schedule. I use the last 30 minutes of my day to make notes of where line items stand and setup an agenda of tomorrow’s priorities. This can be done using an electronic resource or even a paper notebook with a paperclip on the current agenda page.  At the end of the day, shut down your computer and get away from your work space.  You’ll quickly become spoiled by your short commute.

10. Appreciate Your Workday

You’ll easily find many benefits to working from home. You’ll save money on commuting, be able throw a load of laundry in on a break, and so much more. I personally love being able to have lunch with my kids and getting hugs from them while I’m on break.

Ready to be Successful While Working From Home the Coronavirus Outbreak?

Telecommuting has many advantages, but it also comes with trying challenges. Distractions are much higher at home; you will need to work hard to become disciplined and focused. It’s imperative to teach your loved ones what the new normal is for you – your livelihood depends on it. Your integrity must shine through, you no longer have your boss or co-worker policing your every move. Trust me, your employer will know if things are getting done in the end and that’s the bottom line.

Covid-19 Virus Scams

How to Stay Safe Online During the COVID-19 Outbreak

Covid-19 Virus ScamsThe COVID-19 outbreak has taken the world by surprise. In these unprecedented times, it is important to know who you can trust. Unfortunately, there are some people who are looking to benefit off of the grief and anxiety of others. COVID-19 scams are running rampant right now. We’ve outlined how to stay safe online during the COVID-19 pandemic.

Malicious Coronavirus Emails

Scammers are sending emails while posing as various professional health organizations such as the CDC and the World Health Organization. Most of these emails are known as phishing emails, which are used to lure the receiver to click a malicious link. These links often impersonate other websites like banks or other accounts. The fake websites prompt you to log in or enter credit cards information. The consequences of handing this information over a malicious site can be crippling. Other links may send you to websites that install Malware onto your computer.

How to Spot COVID-19 Scams in Your Email

The number one rule of thumb is to always be cautious. Therefore, never immediately click a link or download attachments from ANY email. You want to be 100% sure of its authenticity. Here is how to tell if an email is a legitimate and avoid COVID-19 scams:

  1. Check the sender’s email address
    If the sender’s email address does not end with the company’s domain (for example, an email from the CDC would look something like email@cdc.gov), it is almost always a sure sign of spam. Flag the email and trash it. If it does match, that is a good sign. However, it is possible for hackers to spoof emails to look like the real thing, so check for the next things as well.
  2. Look for typos and grammar mistakes
    Professional emails are usually read by a few pairs of eyes internally before it gets sent out to the public masses. This means typos and grammar mistakes are generally caught before the email hits your inbox. Scam emails are often written by one person. Additionally, it is not uncommon for the emails to have poor English translations if its origin is international. If you notice any typos or grammar mistakes, it is best to flag and trash the email.
  3. Check the destination URL of any links
    Hyperlinks allow the sender to type whatever they want and have that text link to any website on the web. This means that just because you see a link to a website, doesn’t mean your destination will be that website. This is one of the main ways hackers obtain your information. To check the actual destination of a link, hover your mouse over it and you should see the revealed URL somewhere in your email program or browser.Test this by hovering over this link to the CDC’s website: https://www.cdc.gov/coronavirus/2019-ncov/
    As you can hopefully see, this actually links to our homepage. Refrain from clicking any link that will not bring you where you’d expect. Remember that this method of link checking works on hyperlinked images and regular text as well. If you receive a notice, you can always call your vendor directly to check on a notice or browse out directly to the vendor’s website instead of clicking on the email’s link.

Working From Home

If you are working from home or have employees working from home, you may be leaving sensitive information vulnerable. Hackers are targeting more and more people working from home in hopes to gain corporate information. Keeping yourself and your team informed on the email information above can tremendously minimize the risk of a data leak.

Another thing to do is to provide legitimate resources for employees to go to if something goes wrong. Whether it’s your internal IT department or the Microsoft help desk, giving a direct resource minimizes the chance of being baited by fake tech support.

Lastly, make sure you and your team have secure WiFi network and have changed the default password on their router. You will be off the secure work network, so double check that you are not leaving yourself to potential risks.

Stay Safe

Being vigilant is the best way to stay safe. If you’re unsure about an email, asking for a second opinion is better than taking the risk. Run it by a colleague, or contact Appletree with any questions. We can provide tech support and help you identify suspicious emails or web pages.

Unsafe Connection

Why You Need an SSL Certificate on Your Website

Unsafe ConnectionHave you ever visited a website and been greeted by a warning stating that the site is “Not Secure” or something similar? It is definitely off-putting to visitors when this happens. If you are a site owner and notice your site doing this, it is actually pretty easy to fix. All you need to do is install an SSL certificate.

What is SSL?

SSL stands for “secure sockets layer”. This essential technology encrypts data as it moves between a web server and browser. In other words, it stands between you and the rest of the internet, SSL Certificate Appletreejumbling whatever information you send (such as usernames, passwords, credit card info, etc) into nonsense that can only be decrypted by a special “private key” held by the intended recipient. This protects you from hackers who could otherwise intercept your info while it is in transit. You’ll know you’re on a site with an SSL certificate if you see a padlock to the left of the URL in the address bar.

What if My Site Doesn’t Collect Personal Information?

Google encourages every site to obtain an SSL certificate. As a reward, your website gets a boost in search ranking. By not having one, you ultimately rank worse regardless of your data collection policy. If you’re running a small business, building a good Google ranking is essential to help bring in customers. This reason alone is good enough to justify the effort – you can outrank your competitors!

In addition to that, not having an SSL certificate causes some browsers to display a warning. Google Chrome, specifically, shows a “Not Secure” label (as mentioned earlier). This can be alarming to potential visitors, redirecting them away before they even land on your site. If enough visitors “bounce” because of this, it can ruin your website’s performance and eventually even harm your company’s credibility!

Keep Your Information Safe

If you manage your website using a content management system like WordPress, your administrative login credentials could become compromised if your site does not have an SSL certificate. Without it, your username and password are sent as plain text over the internet. Credentials sent this way can easily be picked up by hackers. Another way to combat unauthorized logins is by using two-step verification. Enable that whenever it is available.

Stay Cautious

Sometimes even phishing & scam websites are able to obtain legitimate SSL certificates. Just seeing a padlock in the corner does not necessarily mean you should trust the site with your personal information. Usually, you only have to worry about these types of scams coming through your email, so make sure to keep your guard up and know what to look out for.

Now that you know how important SSL certificates can be for you and your customers, help keep your website visitors safe and comfortable by installing one as soon as possible. This will boost your reputation as well as your organic search rankings over time. Not sure how to install SSL yourself? The experts here at Appletree would be happy to assist – we do this all the time! Don’t hesitate to drop us a line and let us know how we can help.

Subscribe to the free Appletree MediaWorks E-Newsletter to get bi-weekly tech tips, scam notices and more, straight to your email!

Social Media After Death

Social Media After Death

Social Media After DeathAs of this year, at least 2.34 billion people worldwide are social media users. In the United States alone, 79% of people have a social media profile. Something we don’t really think about when signing up for these accounts is what will happen to them when we pass away. Should we write your passwords down somewhere? Can someone gain access to them after we’re gone? What happens to your social media after death? It is reported that around 8,000 Facebook users die every day. It’s important that policies and protocols are put into place.

Facebook & Instagram

Facebook and Instagram are the only major social media platforms that “memorialize” your account.

Memorialized Facebook

With Facebook, you can set up a “legacy contact”. This is the person who will manage your account after you’re gone. To set up your legacy contact, go into your Facebook general settings and select Manage Account and choose the person to take this role. As seen in this screenshot, the person you choose to be your legacy contact will not be able to post as you or read your messages. If you don’t want to have a legacy contact, you can also request for your account to be deleted when the time comes. To request for an account to be memorialized, contact Facebook here.

Instagram does things a little bit different. There is no legacy contact that can manage your account for you when you die. Once a family or friend sends a report and the account is memorialized, it appears mostly the same. However, the account will not show up as a recommendation anywhere on the app (such as in the explore section). Nothing can be deleted or changed on the account after it is memorialized.

Other Platforms

For most other social media platforms (including Twitter), there are no memorialized profiles, therefore a family member has to request the removal of a deceased user’s account. In general, social media platforms will never give login details to anyone but the account owner, even immediate family members. This would violate most terms of service. If you want someone to have full access to your social media, it may be smart for you to put this in writing with something like a digital will. This will hand over ownership of your accounts after you pass away. This helps avoid violating any terms of service.

Computers and Devices

That great password you’ve set up on your computer or device to keep others out will do just that after your death. As a rule, device manufacturers will not grant access to others to get around your pass codes and passwords. Keep in mind many of your online accounts also have 2-factor authentication too. Banks and other service providers are happy to work with whoever holds your power of attorney posthumously, but email accounts and other online accounts will need to be accessed with the information you leave in your digital will.

Though it may be odd, it is important to have a plan for what happens to your social media and online accounts after death. Set up your legacy contact on Facebook today. Also, inform your friends and family by sharing this with them! Subscribe to our bi-weekly e-newsletter for more helpful information like this!

 

Business Social Media

Maintaining Your Company’s Social Media

Business Social Media

Being active on social media is almost required to run a successful business these days. We also know that it can be difficult to gain and maintain an active following. This is why it is extremely important to make sure you create and approach your social media accounts in a professional manner.

Creating Business Social Media Accounts

One of the most important things to do when creating profiles for your business is to use a business email address (for example: marketing@companyname.com). Do not allow an employee to use their own email when setting up social media accounts. We’ve seen companies let go of employees and lose access to accounts because they hadn’t been set up using a business-owned email address.

Employee retaliation can even result in the account being deleted with no option for recovery. This means you would lose access to the audience you worked so hard to build up. You’ll have to start all over which can be a large waste of time and money. Make sure to use a company email and keep track of your passwords!

Posting to Your Business Social Media

Nowadays, there are too many social media platforms to keep up with. It is time-consuming to jump from platform to platform and make individual posts. Thankfully, there are tools available which make this process much faster and easier. Using a program like Hootsuite helps by enabling you to schedule posts to almost any social media platform from one location, all at the same time. It will also allow you to schedule posts out for days when you aren’t going to be at the office. Scheduling ahead like this also gives you time to proof each post before it goes live. You can even send the draft around internally to get another set of eyes on it before any embarrassing mistakes go out to your audience. If Hootsuite isn’t your cup of tea, there are many other alternatives for you to choose from.

Having Social Media Guidelines

Making sure you have a company social media policy in place is important. Your social media policy should outline that an employee’s online activity reflects on the company and employee. It should remind employees of your company’s privacy and confidentiality rules. Setting rules in a policy ensure that nothing gets posted that shouldn’t. Your policy should educate and train your employees about using social media on behalf of the company while presenting a consistent corporate image. Keeping your posts on-brand and relevant will help them stand out from the crowd.

Conclusion

To maintain the security and longevity of your social media accounts, make sure they are created with company credentials. Use a scheduling program like Hootsuite to plan and proof posts before they go live. Lastly, have a clear social media policy in place to ensure the appropriateness of the content being posted. You can always call in a professional to handle your company’s social media. Appletree MediaWorks has an on-staff Social Media Specialist that is experienced in managing social media accounts for businesses like yours.

Get weekly tech tips and helpful products by subscribing to our bi-weekly newsletter for free (at the top of the article)!

Microsoft Scam

Microsoft Scam Calls are Still Rampant

Fraud Microsoft Support Scam CallMicrosoft scam calls have been around for a while, but they’re still detrimental. In 2018 alone, it’s estimated that tech support scammers managed to take a whopping $55 million out of the bank accounts of over 140,000 innocent people. These scammers call you out of the blue to catch you off guard. This is why it is important to know exactly how to handle scam calls and get real support when needed.

How to Identify Fraudulent Support

Unsolicited calls from anyone claiming to work for a software company and asking for bank information are not real. Similar calls telling you that your computer/device is infected are usually not real. The best thing to do would be to hang up, report the incident, and block the number. Unfortunately, some of these scams are becoming a little more sophisticated. Sometimes Microsoft scam calls may appear on your caller ID as the real number for Microsoft. This is called caller ID spoofing.

Caller ID spoofing is done through a computer program that allows the user to change the outgoing number to anything. This makes it harder to block and report the scammers.

In the event that you receive a call from any company such as Microsoft, you can always hang up and contact them yourself to confirm if the call was real or not. On Microsoft’s website, they have an option to instantly chat with a real Microsoft support person.  You should be able to verify if you were actually being contacted by Microsoft or not.  You can also find their real customer service numbers on the Microsoft website if you prefer talking on the phone.

If you are ever prompted with a pop up telling you to call immediately because something is wrong with your computer or information has been stolen, you can rest assured that it is not real. Microsoft error and warning messages will never have a phone number for you to call. Follow the steps below to get rid of and avoid these pop-ups.

How to Get Rid of Pop-Ups

Browser Pop-Ups

If you are browsing the web when you receive a pop-up, all you have to do is close out of it. The best way to do that is by pressing CTRL+W. This will close the tab that is currently in focus without you having to click on anything. This minimizes the risk of you accidentally downloading malware by clicking a false X or initiating other hidden downloads. If you see something did get downloaded, do not click on it in the downloads bar. Go to your downloads folder of your computer and delete the download, followed by clearing your recycling bin to make sure it is completely off your machine.

To avoid browser-based pop-ups like this, make sure you have your pop up blocker enabled. We also recommend that internet users download an ad blocker like Adblock Plus. It is completely free and blocks any intrusive or misleading ads, but whitelists legitimate ads that are clearly labeled as advertisements. If pop-ups persist, check your browser extensions and make sure to uninstall any extensions that you do not recognize.

System Pop-Ups

In the case of receiving odd system pop-ups, this is probably caused by a virus that is already on your computer. If these pop-ups are new and you recently installed some software, you might have missed something in the installer that was packaged with the software. Make sure to uninstall any non-native programs that you do not recognize. If you’ve been having pop-ups for a while and can’t pinpoint where they’re coming from, scan your computer with Windows Defender Antivirus which is built into Windows 10 (if you’re not running Windows 10, make sure to update soon to keep your computer secure).

Never Be Too Sure

It’s important to never immediately trust any email, phone call, or computer message that you receive. Make sure to confirm that you’re talking to the people you think you are to avoid falling victim to a scam that has claimed the dollars of so many. Keep your computer and your money safe and sound. Appletree clients frequently forward us emails and text messages that they’ve received. Many of these scams appear to be legit until we look closer at them. Check out our blog for how to spot a scam email.

When in doubt, feel free to contact Appletree, we’re happy to provide peace of mind.