By Bob Charest
Why You Should Care NH
We have to step up our game, people.
The crooks are getting smarter. Technology is getting scarier. And we are the marks, or the sheep, or the victims-to-be, if you will.
When I address issues of technology and privacy in this column, I’m usually focused on the legal means people have of getting at you, but there’s a whole nefarious element at work out there, brought to light by my recent experiences and news items about an old kidnapping scam that has been updated and made better: version 2.0 if you will.
While I worry about updating my virus protection every year, I grouse about forking over the $40 or so I pay for McAfee or Norton or whatever else promises to protect me best. I used to think in terms of “if” I get hit in a scheme, but these days I think in terms of “when.”
Well, the “when” arrived earlier than I expected.
It came a few weeks ago in the form of an email from a friend, or so I thought. It was definitely his email address, and the note in the text sounded like it could have been him, and he, or someone posing as him, told me “you’ve got to see this,” and in the email was a link to a You Tube video that had an address that ended in my name. My name! My first reaction was: Now who the heck has posted a You Tube video about me? And my second reaction was: CLICK! I’ve got to see this.
Now, those who know how these things work are saying: Bonehead! (or probably something worse)
I know. I know.
I was rushed that day. I had a lot of emails to go through. OK, I get it. It’s all just excuses on my part. I should have known better.
The good news is the next screen that appeared on my laptop. It said something like: Do you really want to go there? And I immediately thought: Dammit!
Thank goodness my virus protection was working because obviously my brain wasn’t. It wasn’t an email from my friend (His account had been hijacked) and lord knows what I would have had to do to get myself out of that mess.
Sometimes I think if we could harness the creative talent of all the crooks in the world, we would solve the world’s problems. These scams get better and better all the time.
Crooks, I have been told time and time again, are basically lazy. If you protect yourself, they grow tired of coming up with ways to get at you and move on to the next guy. I’m not so sure about that anymore.
Recent emails in my account and a news story made me realize I have to step up my game because the crooks are obviously stepping up theirs.
Most of us are aware of the scams that promise us millions if only we could see our way clear to first sending our check for a paltry thousand or two so that the money might be freed up; or the call or email from the enforcement division of the IRS, which is about to throw us in prison if we don’t pay up right away.
But here’s a couple of other email scams I experienced recently, one that made me laugh, and the other not so much:
The first email was obviously bogus. It was labeled “Account Update” and supposedly came from my internet service provider. The text in the email was:
“Dear user: What do you need to do? You need to login securely below and your account will re-activated automatically. You have less than 24hrs. Click the button below to continue using this service.”
And right below, as promised, was the link that was marked “Continue with Verification.”
Due to the improper capitalization, punctuation and the missing word, I wasn’t convinced. I’d have thought my ISP (which was named in the email) would have automatically filtered such things to spam, but this one got through. If I had clicked on that link, who knows what would have happened? I’m not that adventurous and I didn’t try to find out.
A few days later, another email came to my account, this one from PayPal support. And this is the one that made me nervous:
“Your $82.04 GBP payment made for the game FarmVille on Facebook Inc. is being processed. Because of our geographic detector recorded this payment as being made from an unknown ip we had to put the payment on hold. If you did not authorize this payment and you want to cancel, please login and complete the form requested.”
And right there in the email was a link that had a paypal.com address, but as I looked a little deeper, it was actually linked to something not at all PayPal-ish. It was an email address with a long string of letters and numbers.
If, like me, your first reaction after receiving such an email is: How dare they! Someone has hacked my account. I’ve never played FarmVille in my life. I am a Candy Crush kind of guy! I’ll get that $82.04 charge off my account. (GBP, by the way, is a British pound.) So off I go clicking on the link. Got ya! (But not so fast. I didn’t click on the link, but I did look at my PayPal account to make sure no such charge was applied.)
If the crooks keep refining their techniques, applying a little psychology to throw us off, it’s only a matter of time before they get us.
And oh, the things they will do. I’ve heard tales of people having to go to Walmart for an untraceable debit card, or to Western Union, to wire money somewhere. My advice: Be vigilant, always. Never click on a link inside an email unless you are absolutely certain where it came from. Better yet, never click on a link in an email. (As per my first experience above.)
Which brings me to my next topic: The kidnap scam that now seems to be all the rage.
Variations of this scam have been going around for years and years. I found references all the way back to 2006.
It surfaced in New Hampshire in January, in Merrimack and Hudson, when two people got calls at the same time, the scammer telling each that the other had been kidnapped. The twist is that when one tried to call the other, the call would not go through. Now how did that happen? That’s scary. I did look up on the Internet to see how this might be done, and I came across a software product that purports to be able to hack into someone else’s cellphone, without having physical access to the cellphone. A Tweet from AARP sent last month warns that these scams can involve phone techniques such as three-way calling.
The elements of this particular hoax are that the caller tells the person a loved one is being held against his/her will, and they have a very short amount of time to wire money through Western Union to an address in Puerto Rico. That seems to be the common denominator in this scam: It’s always an address in Puerto Rico and it’s always Western Union.
The New Hampshire victims ended up paying. On their Facebook page, Merrimack police called the amount the couple lost “tremendous.” WMUR-TV in its report said the amount was close to $4,000.
Now when I think of crooks, I have to think of them as not only being lazy, but in some cases, being smart. If we don’t step up our game, they are going to get us. Spam filters don’t always work, and crooks are coming up with more creative ways to get our money. Merrimack police reported that the scammers in this particular instance had personal details about the supposedly kidnapped person. There are many places they can get personal information (Facebook comes immediately to mind, especially if you haven’t set your privacy settings.), so we have to be aware that because someone knows something about us, we have to think about if that can be culled out of the vast resources available for all to find.
This type of “virtual kidnapping” in which the caller demands a ransom is not be confused with ransomware, which is a malicious code that is sent to the victim’s computer (probably by clicking on something) that hijacks the computer files and locks the user out. The thieves demand a ransom, which you must send them by some third-party service (Webmoney, eGold and Western Union are three). You send the money, you get the decryption key. The experts suggest to protect against these kinds of threats, keep your firewall turned on, make sure your anti-virus and anti-spyware software are up to date, and use a pop-up blocker if you don’t already, since ransomware is often delivered by pop-ups. Also, scan any software you download.
Two years ago, the virtual kidnapping scam that surfaced in New Hampshire was making the rounds of New York City, and the FBI and New York City Police put out an advisory that the calls included several variations. One scenario: The victim is told that a relative was involved in a car accident with a member of a gang, and the caller says the relative is seriously hurt, but the gang member will not allow the person to go to the hospital until a ransom is paid. Or a caller is told his/her daughter has been kidnapped, and a female screams in the background to add a little tension to the scenario. The FBI indicated that sometimes the telephone numbers appear to be dialed at random.
The FBI advises to avoid becoming a victim:
- If you have caller ID, check the area code. Sometimes they are from Puerto Rico with area codes (787), (939) and (856).
- Calls do not come from the kidnapped victim’s phone.
- Callers go to great lengths to keep you on the phone.
- Callers prevent you from calling or locating the “kidnapped” victim.
- Ransom money is only accepted via wire transfer service.
If you get such a call, the FBI advises:
- Try to slow the situation down. Request to speak to the victim directly. Ask, “How do I know my loved one is okay?”
- If they don’t let you speak to the victim, ask them to describe the victim or describe the vehicle they drive, if applicable.
- Listen carefully to the voice of the kidnapped victim if they speak.
- Attempt to call, text, or contact the victim via social media. Request that the victim call back from his or her cell phone.
- While staying on the line with alleged kidnappers, try to call the alleged kidnap victim from another phone.
- To buy time, repeat the caller’s request and tell them you are writing down the demand, or tell the caller you need time to get things moving.
- Don’t directly challenge or argue with the caller. Keep your voice low and steady.
- Request the kidnapped victim call back from his/her cell phone.
My immediate reaction to all this advice? Yeah, right. Who’s going to be thinking of doing all this at the time you get the call and you think your loved one is in trouble? Not me. But my best advice: Keep it in your mind that this is probably a scam. Treat the call accordingly. If you remember at least some of the above advice, great.
You’ve been warned. Now step up your game!
Shameless plug time: Lately, I’ve noticed more comments on websites and Facebook as well as letters to the editor addressing the issue of town boards seemingly spending more time behind closed doors. Now I don’t know if this is a new development or if people just seem to be noticing more often, but town boards have always been meeting in “executive session,” or as one newspaper I worked for insisted on calling them, “secret sessions.” (That used to get town officials upset, but the newspaper insisted way back when that this is what we would call them.)
Even though the boards may be adhering to the state’s right-to-know law, RSA 91A, how do we now?
Luckily, there’s a training coming up brought to you by InDepthNH.org along with The Telegraph of Nashua and the New England First Amendment Coalition. Experts on the state’s public records law will present a workshop Thursday, March 16, from 6 to 9 p.m. at the Hunt Memorial Building, 6 Main St., Nashua.
If you are experiencing difficulty getting public records, advocates will be available from 6 to 7 p.m. to discuss your case one-on-one with you. Please email RightToKnowNH@gmail.com or nwest@indepthNH.org to set up an appointment, or just show up.
At 7 p.m., David Saad, president of Right to Know NH (RightToKnowNH.wordpress.com) will present an easy-to-understand guide to help you know how to obtain public records and exercise your right to know. First Amendment Attorney Rick Gagliuso will share his experiences fighting for public records for a variety of news outlets since the 1980s. A panel of news reporters, editors and citizens, including Chris Garofolo from the Telegraph of Nashua, and Nancy West from InDepthNH.org, will also be on hand.
Bob Charest has been in the news business since 1977. He has worked at newspapers in Massachusetts and New Hampshire as a reporter and editor. A graduate of Boston University, he has been involved in volunteer advocacy work that has included speaking up for people living in institutions, group homes and foster care. He has consulted with InDepthNH.org on editing and grant proposals since before its founding in 2015 and also leads a watershed association that monitors water quality at a small New Hampshire lake. He has been interested in the advances in technology and how they have affected our privacy in America.