The malware scam has a long and ignoble history. We’ve talked about them before, most notably in the context of confusing the scammers. Back then (2014), we were seeing the rise of the robo-scammer. Surprisingly, it seems that was a short-lived phenomenon.
For the record, I keep an eye on what scams are making the rounds both out of personal curiosity and as part of my day job. A rare occurrence, being paid to do something I’d do anyway (that doesn’t involve writing).
Anyway, in the absence of data, I speculate that people hate talking to a computer so much that not enough people pressed 1 to allow the auto-dialer to connect them to a human being. It seems logical, anyway: the reason these scams are so successful is that the caller has a well-written and well-practiced script to panic the recipient into forking over their money and opening up their computer. No one is going to trust a robotic voice that says “Your computer is under attack.”
Heck, most people are going to assume that the robotic voice is the one that’s doing the attacking.
So we’re back to more traditional methods of scamming. But there are still new wrinkles.
Remember those popups that claim you need to install a special codec to see the video you’ve clicked on? They’re still around, but they’ve been joined by a new come-on. With the long-awaited and well-publicized demise of Flash, now we’re seeing popups telling would-be viewers that they need to reinstall the Flash player that has been removed from their browser.
I would have thought people would stop to ask themselves why Flash was removed in the first place, but apparently there’s a sufficiency of people who aren’t that self-inquisitive. Sufficient enough to keep the scammers happy, anyway.
Of course email spam is still a potent venue for scammers. The “I’ve hacked your webcam and will send your family pictures of you masturbating” letters seem to be on the decline. And good riddance. The current popular approach is a subscription renewal. “Hey, this is [large corporate entity]. Your subscription to our service is about to expire. Your card will be charged [outrageously large fee] tomorrow.” This scam works well because the fee is so high. “Five hundred bucks for a magazine/website/streaming service?” If the victim is actually a subscriber, they call to correct what they figure must have been a typo; if they don’t have the service, they call to prevent the large charge. Of course, if they aren’t a subscriber, the scammer is set with a script to apologize for the incorrect message, pitch the service in glowing terms at a much more reasonable price, and get a credit card number that can then be wildly abused.
Oddly, while the scammers go to great lengths to make the emails look like they’re coming from the real company, incorporating stolen graphics and boilerplate legal text lifted from actual emails, they often don’t make the slightest effort to forge the “From” on the email. Though the evidence suggests that they don’t need to make the attempt. People seem to be quite willing to assume that “firstname.lastname@example.org” is fully authorized to speak for Netflix, Fox News, or Xfinity. Or, more likely, nobody even looks at the sender’s address. Those big numbers apparently attached to their credit cards exert a magnetic attraction on the eyes.
The big winner from a scammer’s perspective, however, is still the phone call. Yes, Sam and Nancy and their ilk are still in business. Apparently, however, enough people have figured out that Microsoft and Apple aren’t monitoring their customers’ computers and phones that claiming to be “Sam from Apple” doesn’t work well enough.
Today, the caller is much more likely put a gloss of plausibility on their claim. “Hi, this is Jolene from Norton Security Services.” LifeLock is popular with the scammers, since so many people have subscriptions to LifeLock, either directly or through their association with Norton. Other name-brand security companies’ names are being abused as well: McAfee (many computers come with a trial version of McAfee antivirus installed, so people are used to seeing or hearing the name) and ADT–“Hey, I got my burglar alarm from them, I guess they’re protecting my Internet too”–are at the top of the list.
So let’s be careful out there. Remember, when someone says they’re watching out for you online, they’re telling the exact truth. They’re watching out for you and your wallet.