Recently I received a phone call while talking to a business associate. I usually don’t take calls when I am with another person, but felt it was important so I asked my associate for a moment to answer and tell the party calling I would call her back.
When I answered and advised her I was in a meeting, she said, “Just answer one question. Would Microsoft call to tell me I have a virus?” I repeated her question out loud and said, “Absolutely not!” She said she had refused their help and wanted to know if she had done the right thing. I told her she had and that I would call her back later to get the details.
My business associate, having just heard this exchange said, “The same thing happened to me.”
“What did you do?”
“I let them into my computer to clean it up,” he said.
As Mark Twain wrote in “Tom Sawyer,” “Let us pull the curtain of charity across the rest of this scene.”
In last week’s column we talked about how hacking had gone from being a playful exercise of using software flaws to play practical jokes to one in which computers are used for theft and extortion. As software companies have gotten better about blocking cyber-attacks, criminals have fallen back to a more basic type of hacking. They hack you. This is a type of attack called social engineering.
Social engineering is what we used to call running a scam. You have heard about of the creeps who watch the obituaries to find an elderly man leaving behind his widow but no children. Then a few days later that creep drives up to the house and says that he is ready to start on the roof that her husband has ordered. No computer necessary. They hack the person.
So now we not only have to protect our computers from hackers, we also must protect ourselves from hacking. Here are some ways to do it.
- Reduce anxiety: It is easy to fall for this kind of thing when one is in a state of anxiety and a state of anxiety is always present when one has a computer. After all, your records are on it. Your banking information is on it. Your photos are on it. If you are self-employed, your business is on it.
A friend of mine, an accountant, was paralyzed two days prior to the October 15 filing deadline because of an infected computer. You can certainly understand his anxiety level was high. When your anxiety level is high be on your guard against making decisions. It is an easy time for someone to hack you.
- Have a backup: I will same discussing computer back up strategies for a future column but it is an easy concept. Use a CD or DVD or an external hard drive every day or two to make sure all your documents and photos are backed up away from your computer. Do the same thing for your personal life. Think about things that can go wrong and make a plan. Do you have insurance? A will? A health care power of attorney? If you do, it is a lot harder for someone to hack you.
- Call an expert: The “I got a call from Microsoft” scam has been around a long time. Any computer shop would have been pleased to give my friend the same advice I did. If anyone calls and wants access to your computer or personal information just say no and call one of the shops. If a worker shows up at your door to fix something you did not know was broken, call city hall or the police department or your insurance company. No scammer is going to hang around while the police are coming over to chat with him or her.
- Notice the fishy smell: A friend of mine has a website. She received a call from the company saying it was time to renew. She said, “Okay” and began to answer their questions. Owner? Site name? Term? Last four of your Social? Name on the account? First five of your Social? She caught the whiff of fish. She said, “You do not need that” and began to ask verifying questions of her own until they hung up. Then she called her web company. You know what they said, don’t you? Her account was not up for renewal and they had not called her. As inconvenient as it is to do this, I encourage you never to give information to anyone on the phone. If it is a company and they want to talk with you, look up the company number yourself. Call and ask for that person at that number. Never accept the number from them.
Suggestion for the week: Go over each of the four suggestions about not being socially engineered and try to practice each one this week. I will be interested in hearing how it goes.