Tag Archives: phony

ALERT! Phony Calls From VISA Card Services ALERT!

visa-full-colour-reverseCurrently there is a clever fraud scheme that is striking VISA card holders in the midwest. Card holders are receiving calls from criminals claiming to be VISA Security and Fraud Department. The scam works like this .

1) Person calling says – “This is (name) and I’m calling from the Security and Fraud Department at VISA. My Badge number is (xxxxx), your card has been flagged for an unusual purchase pattern, and I’m calling to verify. This would be on your VISA card which was issued by (name of bank).”

2)  They ask; “Did you purchase an Anti-Telemarketing Device for $497.99 from a marketing company based in Arizona?” When you say “No”, the caller continues with, “Then we will be issuing a credit to your account. This is a company we have been watching, and the charges range from $297 to $497, just under the $500 purchase pattern that flags most cards.” Before your next statement, the credit will be sent to (gives you your address). Is that correct?’ You say “yes”.

3) The caller continues – “I will be starting a Fraud Investigation. If you have any questions, you should call the 1- 800 number listed on the back of your card (1-800-VISA) and ask for Security. You will need to refer to this Control Number.” The caller then gives you a 6 digit number. “Do you need me to read it again?”

4)  Here’s the IMPORTANT part on how the scam works – The caller then says, “I need to verify you are in possession of your card.” He’ll ask you to “turn your card over and look for some numbers.” There are 7 numbers; the first 4 are part of your card number, the last 3 are the Security Numbers that verify you are the possessor of the card. These are the numbers you sometimes use to make Internet purchases to prove you have the card. The caller will ask you to read the last 3 numbers to him. After you tell the caller the 3 numbers, he’ll say, “That is correct, I just needed to verify that the card has not been lost or stolen, and that you still have your card. Do you have any other questions?”
After you say no, the caller then thanks you and states, “Don’t hesitate to call back if you do”, and hangs up. You actually say very little, and they never ask for or tell you the card number.

The scammer is after the 3-digit PIN number on the back of the card. For online purchases they need this number to verify they have the card in their possession. If you are a VISA card holder you should understand that VISA has all this information. Consumers need to know that VISA will not call or e-mail cardholders to request their personal account information. Report suspicious calls or emails by calling the number on the back of your payment card or by contacting the FTC’s Complaint Assistant. Cardholders should also know that Visa’s zero liability fraud policy ensures that they are not held responsible for any unauthorized purchases.

If you get a call like this and you suspect something is amiss hang up and call the company back. Never give your credit card information to anyone you are not certain of.

Finally; how did the scammer know your name, address, bank and credit card number? Scammers do their homework on targeted victims or buy stolen or hacked information on black market websites. That information often comes from data breaches.

To learn more about protecting yourself visit the VISA website and test your security IQ. Or call the Visa Global Customer Assistance Center at (800) 847-2911

Fake Websites and Phony Trust

www.keepcalm-o-matic.co.uk

If you follow the African-American Cyber Report you know there are certain rules that we preach constantly. You can find these rules on the homepage. But I need to point out two of those rules that come into play here. Rule #1 “The only rules on the Internet are the ones you impose and enforce.” And rule #10, “Everything on the Internet is real; just not always true.”

I encourage black people not to trust anything you see on the Internet simply because its all suspect until you verify it. That is the case with all those seals of approval you find on the Internet websites. They could be worthless because the are so easily copied and used by scammers and malicious actors online. Those badges or seals are known as “trust seals” but really they are just images, pixels, on your screens. Anyone could copy and paste these images on any webpage. Yeah it might look fancy and official but that means nothing. Check rule #10 again. Whenever you are about to buy something online or download some app or software you need to first verify that you are indeed dealing with a reputable party. You need to do your homework.

African-Americans are warned to impose their own standards on everything they do online and protect yourself from the bad actors you are bound to come across on the wild world web. Check rule #1.

You might be ready to buy software or a game or movie online or download an app and see this;  “CNET gave our software a 5-star editor’s choice rating,” or “We are a BBB accredited business with an A+ rating.” Suspicion of these statements would serve you well.

Any malware author or phisher could copy and paste a logo, seal or statement on a  malicious website in a few seconds. Someone that copies those seals or statement to mislead people would be violating copyright law but how many people are going to lose money before that person is caught and shut down?

 

And if you did not know there are literally thousands of phony, duplicate or replica websites on the Internet. You can easily get caught up in a scam or get stuck with malware, ramsomware or a virus if you are not careful. Do you home work and study how to spot phony websites.

When you see those seals or badges on a website you should be able to click on it and be taken directly to the website that provided the seal of approval. Once there the seal-provider’s website will verify whether the original website you were on is actually a recipient of the seal.

Ok, that’s how it is supposed to work. But does it really? In reality even if the site is legitimate clicking on that badge may not work. This where you have to do your homework. Take the time to go to the seal providers website and investigate to see if the software is really a “PCWorld editor’s choice” or accredited by the Better Business Bureau. Listen to me when I tell you that those seals, badges and quotes don’t mean a damn thing by themselves. You need to protect yourself. No one is going to do it for you.  Check rule #1 yet again!

In some cases doing the research may not be a easy task. Microsoft doesn’t offer an easy-to-find “certified partners” list but we found it here in case you need it. However, some seals you can click,  but again, you could be transferred to a phony replica website.  Investigate the web address closely look for misspellings that could look like the web address but is not.  This trick is called typosquatting or URL hijacking. Here is an example; www.google.com is the real website. the fake could look like this www.gooooogle.com or www.goggle.com. Look carefully at the differences.

Another problem you need to be aware of is that those seals and logos don’t always mean what you think they mean.  For example, that “Norton Secured” seal only means that the website is scanned daily for malware and other vulnerabilities. That is not considered the ultimate level of security or privacy. The BBB Accredited badge means the website’s company is registered with the Better Business Bureau. It is not an indication of the level of satisfaction of its customers. That 5-star rating from a software download site just means a reviewer at some point in the past gave that program a good rating, or the scammer gave themselves five stars. And that “Microsoft Certified Partner” badge has its own issues. It doesn’t seem to mean much at all except maybe the software works with Windows computers.

 “Be paranoid when you are online. It’s a great defense mechanism.” 

I understand all this can be confusing and even frustrating. You need to use that fear and frustration as fuel to protect yourself. But there are a few things you can trust when online. Look for the green bar on your URL window. That’s the window where you type the web address of the website you want to go to. When you see that green name next to your address bar that is a definite confirmation that the website has had its identity verified. Read more about these “Extended Validation” certificates and how they’re more trustworthy than typical SSL certificates.

The above image reveals the real PayPal website and a phony site. Notice the green in the address bar.

Lets be real about this. You will find legitimate websites displaying a fake seal. And eventually they will get caught and be forced to remove it. But how legitimate is a website that fakes its trustworthiness? What you should worry about are the pop up sites that are here today and gone today. These are the site that distribute malware, launch phishing scams and steal data. Its those websites that get the most benefit from stealing these seals. They are breaking the law anyway so faking a seal-provider’s logo or seal is really no big deal for them. Be most cautious when it come to financial websites like your bank. A fake website like www.wellsfago.com is waiting for you to log on thinking its www.wellsfargo.com.

Its the Internet; trust no one.

Now you know