Everybody seems to be having money troubles this summer. At home, we're getting constant calls from the Internal Revenue Service, demanding payment. At work, an area travel agent emailed to say that she'd been attacked by gunmen in Malaysia, where they'd taken all her money and credit cards. She needed me to send her money quickly. With the IRS breathing down my neck, what can I do?
The answer is — nothing. Both are scams.
Mr. Phone Answerer at my house knows (and the Federal Trade Commission confirms) that if the IRS wants to get in touch with you, it sends a letter; it doesn't call. He hung up on the caller (the FTC recommends this too) and mourned the demise of the type of telephone that allows you to slam down the receiver. The FTC notes, "If you owe — or think you owe — federal taxes, call the IRS at (800) 829-1040….You also can visit the IRS website at www.irs.gov." We continue to receive those fraudulent calls, so I will be moving an air horn closer to the phone. You can submit a complaint to the FTC at www.1.usa.gov/1sAlMLy.
Meanwhile, I called the travel agent to tell her that her email had been compromised.
In truth, I told her that her email had been hacked, but that's the wrong terminology, said Daniel Draz, the principal at Fraud Solutions, a global fraud consultancy based in the Chicago area.
"The issue is caused by a form of malicious software (Trojans, keystroke loggers, password breakers, etc.) sent out via computers to your computer, which somehow infiltrates your machine (often due to an unsafe user practice), then sends out a malicious payload (the email message) to everyone in your contact manager," he said in an email to me. "This is definitely not the same thing as being hacked."
Whatever it is, it's a big problem that seems to come in waves. Besides the travel agent, I recently heard from someone in Ukraine who said that none of his debit cards would work and that he needed $2,500. Before that, a journalist friend sent a similarly sad story, except she was allegedly in London and had lost all her money and cards.
This is known as the Stranded Traveler Scam, Draz said in a later interview, and it brings in hundreds of thousands of dollars, increasingly for organized crime abroad. Like the IRS scam, the traveler trickster scam plays on your emotions— compassion, in this case, instead of your fear in the IRS example.
If you get such an email plea, take a look at the missive and see whether the language is stilted, whether it's riddled with grammatical or typographical errors or whether it's uncharacteristic of the person who is supposed to be writing.
In the case of the travel agent, she was, the email said, writing with "tears in her eyes." Stuff and nonsense. Instead of weeping, she would have been on her way to the nearest U.S. Embassy or consulate, which is what a smart traveler does. You can learn more about what to do if you're in a jam by going to the State Department's "Help for U.S. Citizen Victims of Crime Overseas" at www.1.usa.gov/1su61FT.
No such visit was required, of course, because she was at home. What she needed to do was contact everyone in her address book and explain what had happened.
Her next, even more odious task was to begin running virus scans — maybe with more than one antivirus software, perhaps even adding an antimalware program, Draz said. If the first scan doesn't find anything, he noted, it's not because there's nothing there; it's more likely that the software just didn't find it.
Now that your scam antennae are up, how do you know what's safe to download? In general, name-brand antivirus software can be downloaded safely, Draz said. Such programs are designed to defeat the evildoers, and chances are good that if there's a URL that says "Norton" or "McAfee," it probably is Norton or McAfee. After all, it's their job to keep away the bad guys, especially from their turf.
Be wary of unknown sites that say, "We can fix this for $79.95," because that may be yet another way to part you from your money (or your credit card info), Draz said. If you're suspicious, a domain name provider, such as GoDaddy, can tell you who owns the URL, Draz said. If it looks suspicious, don't go to the site.
If you're the recipient of the stranded traveler email, you have two responsibilities. The first is to walk away from the computer so you don't act on impulse and draw on your well of compassion. The second is to call or text your acquaintance and say, "Hey, are you OK?" If that person is fine, it's your job to say, "Glad to hear you're OK, but your PC isn't," then explain what needs to be done.
I must stop writing now because I need to restart my PC. I ran an antimalware scan when I started writing this. Results: 147 pieces of malware detected. I think I just found the PC equivalent of that air horn, maybe not as auditorily satisfying but satisfying nonetheless.