Don’t Get Fooled by the Phone [Microsoft and the IRS Do Not Call]

dont get fooled by the phone

As I sit down to write this I got a phone call. It was a local number but no indication of who it was.

Like most reasonable people I figured I would answer it. I do run a business and often need to speak to new or existing clients.

You can almost always tell when it’s a telemarketer or a scam because there’s a delay in someone responding to you answering the phone.

This time it was someone representing a chimney cleaning company. Another telemarketer or worse, a possible scam.

My response “I don’t have a chimney” to which he hung up. They clearly did zero research before calling me. Another turn-off.

How Is a Chimney Cleaning Telemarketer a Scam?

That’s an easy one. I worked with a local chimney cleaner and his business before. He told me about how his industry has taken a turn for the worse because of these scams.
There are a few ways it can go.

1. They get you to agree to clean your chimney at a very reasonable price. You agree, pay a deposit and never hear from anyone again.
2. They get you to agree to clean your chimney at a very reasonable price. You agree, pay a deposit and they send someone who has no idea what they’re doing. This is probably worse because of the potential damage to your home.
3. They get you to agree to clean your chimney at a very reasonable price. You agree, pay a deposit. Someone shows up to your home claiming to be there to clean your chimney. You become the victim of a home invasion.

None of these scenarios are ideal. They all hurt the real chimney cleaners. Now people are hesitant to hire anyone to clean their chimney.

What Are Some of the Other Potential Phone Scams?

Let’s start with the more prevalent and obvious ones.

The IRS is Going to Arrest You

Well, they might if you are defrauding them.

But they’re not going to call you to warn you about it.

The IRS does not call people. They send letters.

Let me type it again. The IRS does not call people.

If you get a call from John with an Indian accent calling you from what sounds like the boiler room just hang up. Or do like I do and toy with them.

dont get scammed over the phone

Microsoft Detected a Virus on Your Computer

Microsoft does not proactively monitor people’s computers.

Even if you use Windows Defender for your anti-virus they will not call you to let you know you have a virus.

I see this a lot. A computer user has allowed someone to remotely connect to take a look at their computer because they called and said their computer was infected with a virus.

DO NOT ALLOW ANYONE WHO CALLS YOU OUT OF THE BLUE TO ACCESS YOUR COMPUTER REMOTELY.

What they’re really after is a backdoor into your computer. They will likely install something that will give them access to your computer whenever they want.

Antivirus Software for your Windows Computer on Amazon>>>

Why Do They Do This?

Because they can

Because they want to watch you on the webcam

Because they want to steal private or sensitive information

Because they want to use your computer as a bot

The reasons are numerous. And many times, you may not even know they have control of your computer. Just do not allow this to happen.

You Won a Vacation or a Cruise.

And all they want is a deposit to your hold your spot. Why would you ever give money to someone you have never spoken to over the phone and without a piece of paper clearly stating what it’s for and who is delivering it?

This really can be applied to almost anything. If you receive a call out of the blue stating you won something just hang up.

They’re going to ask you for a deposit. My response is always, take it out of the winnings. They always have some excuse why they cannot do that.

We Have a Refund for You or Here’s $300 to go Shopping

This one has gotten some people close to me.

The caller states that they have a refund check or a check for some other reason.

In one instance that I am aware of a friend got a phone call saying they would get a $300 check to use at Walmart. All they had to do was report back on how the shopping experience was.

There are legitimate jobs for mystery shoppers, but they don’t give you $300 to spend. They will give you maybe $10 and you get reimbursed for it, not paid in advance.
What Are They After?

They want you to deposit the check. They then use the deposited check to gain access to your account. Then your account gets wiped out.

Up to $250,000 in Funding for Your Business

I own a business. The business does not make $250,000/year. Not even close. Why would anyone want to offer that kind of money?

I have not figured this one out yet, but I do know I am not falling for it. They call me every day. Different numbers, different “lenders”. It’s an obvious scam.

The one thing I know for sure is they will ask for access to my invoices which I am not comfortable with for various reasons.

Business owners get scammed too. They get scammed at an alarming rate.

These are just a few of the more common phone scenarios that I have come across. I also get calls about back and shoulder pain, dentist and health insurance. I don’t even bother wasting my time listening to their pitch at this point.

These are only phone scams. These and other scams happen on Facebook, email and the internet in general as well. I have seen text message scams too.

The one thing they all have in common is preying on people’s emotions. More (or less) money, computer issues, vacations, and health.

All issues that can be very emotional, primarily fear, cause people to react with their emotions rather than logic.

When you think with emotion you make rash decisions. When receiving a call (or email, facebook message or text) from a complete stranger put emotions to the side to avoid being scammed.

How to Avoid Phone Scams

Don’t Get Skimmed at the Gas Station [or Anywhere Else]

dont get skimmed at the gas pump fb

Another fairly easy and low-risk scam for would be criminals is the credit card skimmer. There’s a good chance you or someone you know has been victimized by this.

It’s really simple. Take a credit card skimmer and attach it to the credit card reader on a gas pump, or an ATM, or even the reader inside a retail store. Then wait for the skimmer to do its job.

By the time anyone realizes there is a card skimmer attached to the credit card reader the scammer probably has multiple credit card numbers at his disposal.

The reason this is so low risk is the card readers are easy to install, and the people getting the card info don’t usually use it. They usually sell the info online.

Often your stolen credit card information is not used for months. I had a conversation with a fraud specialist at a large bank about this very topic. They told me that more often than not the credit card numbers are sold on the dark web. A new credit card is created with the information and the new card is used wherever in the world the purchaser of your credit card number is.

To prevent detection they often wait a while before selling and/or using the stolen credit card numbers.

There are ways to protect yourself from being skimmed.

4 WAYS TO NOT GET SCAMMED BY THE SKIMMER

It happened to me once. It was over 5 years ago. My bank called me on a Monday morning while I was at work and asked if I was in France.

Needless to say, I was not. Someone had made repeated attempts (some successful) to use my card in France. Fortunately for me, the bank refunded all the money.

1. Use 24 Hour Gas Stations

There’s really no way to avoid having to get gas for your car unless you’re fortunate enough to own an electric car.

That means there is no way to 100% prevent from being skimmed if you plan to use your debit or credit card.

You could, of course, use cash. Realistically most of us do not carry cash around anymore.

I have found that using gas stations that are well lit and open 24 hours decreases the chances that I will get skimmed.

Avoid gas stations that do not have security cameras. I also avoid gas stations that look run down or are not part of a large chain.

The process of installing a skimmer is pretty quick so it can happen within a matter of minutes but criminals are less likely to try this somewhere that is well lit and constantly being monitored.

A gas station with lots of foot traffic also decreases the opportunities a card skimmer will be installed.

The gas station I usually use is open 24 hours, always well lit and always very busy.

It helps that they also have some of the lowest gas prices in my area.

Some gas stations have started to add a security sticker to gas pumps. The sticker covers the panel where the card reader is installed. This is actually very easy to circumvent with a box cutter and some creativity.

credit card skimmer

2. Avoid Stand Alone ATMs Like the Plague

You have all seen the ATM standing there on the side of a building, outside, with nothing else around it.

This is a big no-no. First of all, you’re probably going to get charged somewhere between $3 and $5 to use this ATM.

Even more importantly there is a good chance that this ATM has a card skimmer attached to it.

I almost never use a stand-alone ATM. If I do it’s going to be inside a business where a real person is within eyesight of it.

For the most part, I go to my bank’s ATM. Almost all of them are inside the bank and require your ATM card to get in.

There are always cameras on the ATM at the bank, and it always well lit.

Again, I cannot stress this enough. Cameras and well-lit areas discourage criminal activity, but they don’t prevent it 100%.

If you can withdraw money while the bank is open this is an even better option.

Here’s another option that I use sometimes because it’s a great way to avoid ATM fees. Go to a pharmacy or grocery store and make a small purchase like a pack of gum or a bottle of water. You can then ask for cash back when you purchase the item.

A chain like Walgreens or CVS is not going to have card skimmers installed at their cash registers. This is a great segway to my next point.

3. Be Very Diligent at Mom & Pop Shops

I love to shop locally. I believe local businesses should get all the support possible. If I have to choose between Walmart and a local mom and pop store I am going local every time.

The problem is the local stores don’t have the level of security and knowledge that a large chain has.

If the card reader is not in the direct line of sight of the cashier then I would use cash. Card skimmers are crafty at distracting cashiers and store clerks while a partner installs the skimmer.

credit card terminal

The one time I was the victim of a skimmer it was determined that the skimmer was installed on the card reader at the cash register at a bodega in New York.

Be very careful when using the card reader at a local store, especially one you are not familiar with. If you can use cash or a check this is better.

Of course, checks come with another set of problems that I won’t even get into.

4. Bonus Suggestion

A lot of people don’t know this but your debit card can also be used as a credit card. If you have ever used your debit card and asked if you want to use it as a US Debit or a Visa Card then the establishment you are at allows this.

Selecting Visa means you are using it as a credit card, and you will not be asked to enter your pin.

Most of the time a signature and a photo ID are not required either.

This makes it easier for anyone with your card or card information to use it. Without being asked for a pin or ID it becomes very easy to make purchases without your knowledge.

Turn this feature off. You can ask your bank to set it up so that your debit card cannot be used as a credit card. I would encourage you to do just that.

I hope this helps you avoid being skimmed. It is an unfortunate crime that can cause a lot of heartache. Using these 4 steps will help decrease the likelihood you become a victim of credit card skimming.

WordPress Security 101 – Protect Your Blog from Evil Hackers

WordPressSecurity 101

WordPress Security 101 – Protect Your Blog from Evil Hackers

I am going to be honest with you. It’s not hard to hack a WordPress site if the owner doesn’t do his/her due diligence. Once a WordPress Hack has been identified it’s only a matter of time before the script kiddies try to compromise your site.

WordPressSecurity 101

I bring this up because of a discussion I had recently with a blog owner about why he is receiving A LOT of traffic from Russia.

After speaking with other blog owners and so-called experts he decided to just ignore it. I pointed out there is a chance that a vulnerability has been identified on his site and wannabe hackers are trying to exploit it.

I did not hear back from him. He must think I am crazy.

I Am Not Crazy

Statistics show that a large number of “hackers” come from the eastern part of the world. Russia, China, India, Korea…you get the idea.

I am not ignorant to the fact that the US has a large number of hackers as well. Generally speaking though if you are a US-based website you should expect to receive most of your traffic from the US.

When I first began using WordPress many years ago I launched a website that just reposted content from an RSS feed. Ironically the site was called HackersDelite. It just shared content from other resources around the internet. The content was exclusively about Information Security.

That site was the first time a website that I owned or managed was hacked. It was also the last time.

I really did not do anything to manage it. It was basically on autopilot with the sole purpose of making money off of ads. I seldomly updated WordPress, the plugins or the theme. This was the way in for a hacker.

Not All Hackers Are Equal

You probably noticed I placed quotations around Hacker a few times. I also referred to hackers as wannabes and script kiddies. That’s because most of the people who are hacking WordPress sites do not represent the hacking community.

The true definition of a hacker is someone who takes things apart to learn how they work and then puts them back together again. Somewhere along the way, the word Hacker developed a negative connotation.

6 tips to securing your wordpress website or blog

There are 3 types of hackers generally speaking. I talk about this here.

Prevention and Education Are Your Best Defense

There are websites dedicated to listing vulnerabilities on nearly every platform that exists. If a “Hacker” were to learn about a WordPress vulnerability and then do a simple Google search they would find possibly hundreds or thousands of sites with said vulnerability. It will partially depend on how new the vulnerability is.

You can do the same thing. I do understand that this would require a lot of time, research, learning and more research on your part. I’ll just give you a few pointers on how to avoid having your WordPress site hacked.

6 Tips to Secure Your WordPress Blog/Website

1. Updates: I know updating your site can be scary. I mentioned above that I have only been hacked once in all my years of web work (over 20 years). In that same time span, I have had sites get destroyed by updates more times than I can remember.

Using a WordPress backup plugin and ensuring you have a new backup before doing updates will help alleviate some of that stress.

Whenever there is an update available to the WordPress core files, plugins or your theme install them. Many times updates are provided because of an identified vulnerability.

2. Get Rid Of It: If you have a plugin or a theme not being used, get rid of it. Remove it from your site. If you’re not using it then it probably is not being updated. If it’s not being updated then it is by definition vulnerable.

Uninstall any plugins that are not active. Also get rid of any plugins that have not been updated by the developer in a long time.

One note here. I always keep the default WordPress theme just in case the theme I am using breaks.

3. WordFence: WordFence helps protect your site. There is a free version and a paid version. Among other things, WordFence blocks known spam IP addresses and alerts you if your WordPress site has been logged into. They also have an email subscription. This newsletter is full of great tips for securing your site as well as the latest threats

4. TFA: TFA is short for Two Factor Authentication. Sometimes this is referred to as MFA or Multifactor Authentication. What that means is you need a second item to log in to your website.

wordpress security

For all of my sites, I use mini-orange and Google Authenticator. This works with a timecoded token that’s only good for 30 seconds. To log in to my site I use my username, password, and code that Google Authenticator gives me. You can set Google Authenticator up on your smartphone.

5. Complex Passwords: I used to use a password that was a combination of my wife’s nickname (that only close family and friends knew), a few random numbers and a special character. I recently discovered that this password is on a list of passwords somewhere on the internet.

All of my passwords are complex letters (upper and lower case), numbers and special characters now. They are generated by LastPass and stored in LastPass. I do not know any of my passwords. Sounds scary but it really isn’t that bad.

6. Spend $50: Everyone wants everything free. Spend $50 and purchase the theme you want. So many people use WordPress themes that have been modified by a hacker just to save a few dollars. In the long run, it will cost you a lot more.

Today lots of sites on the internet have been compromised and are being used to mine bitcoin. Most of those sites have been compromised by someone using a theme that was downloaded from a not so credible resource just to avoid spending $50.

If Google identifies that your site is compromised they will deindex it if it is not corrected immediately. No one will ever see your website.

WordPressSecurity 101 Pinterest