Recently, I had a phone call – it came as I was in the middle of something and not paying attention and I answered. It began with a voice saying, “Hi, this is X” where X happened to be the name of someone I was currently doing business with, and with sufficient background noise it sounded like where she worked. The voice then asked, “Can you hear me okay?”
Supposedly this was a prompt to get me to say “Yes”. I’m not sure how it works but allegedly having a recording of your voice saying “Yes” might be used to engage in some nefarious activity. I’m skeptical of that. Some of these are, in fact, just trying to see if a human answered the phone – to avoid sending the telemarketing call to voice mail. That way they can break off the call and get on to the next number faster.
Since then I’ve had additional calls using the (area code) (3 digit prefix) trick – and I block those immediately. Let’s say your phone # is (415) 234-xxxx. The incoming caller ID is spoofed and shows the same (415) 234-yyyy – which makes it seem like a familiar incoming call – so you answer it.
Yesterday I had two calls with the caller ID reporting “Survey Call”. It was probably a fake political call purporting to be a survey but which trashes someone’s opponent. “We are doing a survey regarding a local political race. Do you think Mark Jones is an incompetent idiot? Would you vote for an incompetent idiot who tortures puppies?” I exaggerate but you get the idea!
I did not answer those calls.
Finally, there are the fake “wrong #” text messages. I had one of these, just once – the message was something like “Hi Julie, just checked if you received the package containing X that I shipped last week”.
Thinking it was just a wrong text message, I replied, “I don’t know you, you have a wrong #”. A little while later I get a reply, “Oh sorry, you are right. You seem like a nice person, perhaps we could get together for an in person visit over coffee when I am in the area?” Yikes, an obvious scam. Number blocked.
I no longer reply to text messages that were sent to the wrong number – but block them immediately.
Today, I no longer answer calls from anyone that I do not have prior experience or relationship with – to avoid spam and scams.
Another trick you may have seen is emails that contain fake PDF file attachments. They have the right Adobe PDF icon and look like something you can open. But in fact, they contain a script that activates a Windows .exe malware file. To get around anti-virus software detecting this in your incoming email, the attachment is often password protected – but the mail may even tell you what the password is. Don’t use it! Don’t open it!
While I have not yet received one of these, as best I can tell, I no longer open PDF attachments – unless I specifically know the sender AND know that they are intending to send this to me. It is not sufficient to think “Oh, I know the sender” as their email address may have been spoofed.
I also no longer leave most online pages “logged in”. For example, let’s say you have logged into Facebook. Malware can rummage through your cookie files and locate the authentication cookie that says you are logged in – and then use that to access your online account, bypassing two factor authentication. This happened to me – once – when malware had gotten on my computer. I had immediately changed passwords everywhere as my browser was open and had been logged into several online web services. I later determined that it appeared I had clicked on an online ad that resulted in a drive-by malware drop on my computer. I no longer click on online ads – this turns out to have been a known security vulnerability.
Today, I use Cookie Autodelete browser extension to automatically delete all cookie files associated with websites after a short period of time. I also clear the entire history and cookie file collection automatically each time I exit the browser.
It does mean I have to login and go through 2FA a lot, for each time I log in to something. A process which Facebook has now made more awkward – with 3 screens and 5 clicks – to get logged in through 2FA. Stupid Facebook, stupid.
There are other measures I have taken too – not going to go through all of them.
Unfortunately, no one can be trusted anymore.
