Have you received random text messages from numbers that you don’t know? Sometimes, they just say “Hi”, or they appear to be for someone else and mistakenly sent to you. Either way, they look like the come from real phone numbers. Is it safe to respond to these messages, or are these a scam?
Most likely these text messages are a scam, not just a chatty Kathy trying to make friends. Sometimes these messages just start out with a mysterious “Hi”. The scammer is hoping the person on the other end will be intrigued enough to respond. If they get a response, they now know they have reached a working number, and will likely call or text you more in the future.
Identifying potential scams
Some scammers use messages that seem like they are intended for someone else. They might say something like, “Hi, Mike. I had a great time at dinner last night”, or “Hi Susan, I really enjoyed our lunch meeting yesterday”.
Many people respond out of kindness, letting the person know that they have the wrong number. What they don’t realize is that is exactly what the scammer wants. At first, they may sound friendly or apologetic, maybe even try to start up a conversation. But eventually the scammer will send a link to a malicious website or ask for money as part of a bigger con.
If you are unsure whether a wrong number message is a scam, proceed with caution. The scammer may send messages for days or weeks before doing anything suspicious, or they may use seemingly harmless techniques, such as sending a link to a cool product to check out. However, this could be a link to a malicious website or to their landing page. If this is the case, any personal information or credit card numbers entered on the website will be available to the scammer.
How to avoid wrong number scams
Here are some best practices to avoid falling for text message scams like this one.
Avoid responding to unsolicited text messages from unknown numbers, even if they seem harmless.
Don’t click on links sent in text messages, even if the person seems friendly or has been messaging you for weeks.
Type in any links to a site directly into your browser instead of clicking provided links in text messages or emails. Links can be made to appear to go to one site, while routing you to another site. They may even go so far as to create a fake site that looks like the real site.
Always double-check site URLs before attempting to log in or enter in personal information.
Check what options your mobile phone has for blocking and reporting suspicious senders. Here are some instructions for iPhone (iOS) and Android.
It is important not to let your guard down, as these are tactics commonly used by scammers. Remember, these scammers can be tricky. If you find yourself unsure about the legitimacy of a text message, it is best not to respond.
If you are ever unsure if you have been the target of a scam, you can talk to one of our technicians at our storefront in Pembroke, GA. We are open from 8am to 5pm, Monday through Friday, closed for holidays. We normally service Savannah, GA and the surrounding areas, such as Skidaway Island, Tybee Island, Statesboro, Pooler, Richmond Hill and Hilton Head SC. If you are located outside of the Greater Savannah area, we are always open to working with clients from in any area if the partnership makes sense. if you are concerned about the security of your online information, we offer a service to scan the Dark Web for our business clients.
In our continuing series on cybersecurity issues, we discuss the fragility of relying solely on passwords to protect our identity and our data online. We will peel back the curtain and show you some different methods used by hackers. We will also discuss some simple methods you can employ to keep your personal information protected.
How hackers crack passwords
Passwords are used for pretty much every service we use online today. From our bank accounts to our Facebook profiles, passwords are just a first step in securing your data. Hackers can use a variety of methods to “crack” or obtain passwords. Once they have your login credentials, they can quickly do damage to your finances, impersonate you online, or simply sell those passwords on the Dark Web. Knowing how these hackers obtain passwords will help you defend against their malicious attacks, keeping your online identity safer.
Brute Force Attack: This method uses computers to try every possible combination of letters, numbers and symbols against a login system. From 000000 to zzzzzz and beyond, trying this method will eventually yield a working password. However, it may take a long time to find the password. The longer the password, the longer it takes to crack. This graphic from BitWarden illustrates the time it takes to crack a password nicely. As we can see from the graphic, a 7-character password takes mere minutes to crack, while a 15-character password can take centuries to crack:
Dictionary Attack: This type of attack is similar to a Brute Force Attack, except instead of constantly generating passwords, it tries a list of words in a dictionary. That dictionary can be a standard dictionary or it can be customized list of words to increase efficiency.
Rainbow Attack: This attack uses precomputed tables of hashed passwords to speed up the cracking process.
Malware Retrieval: This type of attack infects the user’s device with malicious software designed to steal password data from a computer or network and send it somewhere the hacker can retrieve it later.
Social Engineering: Although we tend to think of hackers sitting in some dark room in front of a computer, hackers can be out in public looking for opportunities to gain access to secure areas. They may study a target for weeks or months, developing solid strategies while learning people’s schedules. Once they successfully enter the secure area, they look for obvious places where people write down and store passwords, such as notebooks stored in desk drawers, and sticky notes stuck to the back of user’s keyboards.
Phishing Phone Calls: In this method, the hacker calls the user or has the user call a phone number. Posing as a technician or agent from a legitimate business, they try to trick the person into giving them their password, payment info or other identifying information. Sometimes this is teamed up with a malicious browser popup claiming that the computer is infected and needs to be fixed by a computer technician on standby at a supplied phone number.
Email Phishing Attacks: In this method, specially crafted emails are sent to hundreds of people. These emails can be quite deceptive, looking like legitimate emails from well-known companies such as Microsoft, Apple, Google, Facebook, Paypal and even major banks.
Guessing: Yes, hackers can sometimes get lucky and guess a password. This may be an educated guess, such as knowing the name of a person’s pet or favorite sports team. Or they could just be guessing popularly overused passwords such as Password123 or abc123.
How to protect yourself from hackers
To keep your identity and account data protected, follow these tips and suggestions to keep your online accounts secure.
Use long, complex passwords that contain upper and lower case letters, numbers and symbols. The longer the password, the harder it is to crack with brute force methods.
Don’t use easily guessable passwords like Password123.
Don’t use a single word as a password! This will prevent successful dictionary attacks. If you do want to use a single word, incorporate numbers and symbols. Sometimes you can use numbers and symbols in place of letters. For example, use 3 for E, ! instead of i, @ for A, etc.
Don’t use words or names that can be easily traced back to you. For example, don’t incorporate your name or the names of your loved ones into your passwords. Don’t use easily guessable pet names, sports teams or city names that people can easily associate with you. You would be surprised how much of your data is readily available online, especially if you use social media.
If you think words are an easy way to remember your password, consider using a passphrase. A passphrase is a password made up of 3 or 4 words, separated by a hyphen. This typically yields a password is many characters long. For example, Coastal-Green-Turtle would be considered a strong password. Because of its length and complexity, a brute force attack would take centuries to crack a typical passphrase.
Consider using a randomly generated password. There are several tools online for free, but make sure it is hosted or sponsored by a reputable source.
Don’t use the same password for different accounts. If one account gets compromised, potentially they all could be compromised if the passwords are the same.
For accounts that support it, Turn on Two-Factor Authentication whenever possible. Alternatively, you can use biometrics to secure your data, such as using the fingerprint reader or FaceID on your phone.
If you have a problem remembering passwords, consider using a password manager, like LastPass. Password managers will typically automatically fill in your login information to sites and applications, after it authenticates you as the primary user.
Don’t write passwords down on paper. And don’t store passwords online in a non-secure location or method.
If you do need to write down passwords, make sure you keep them locked up in a drawer or cabinet.
For online accounts:
Keep online accounts to a minimum. The less accounts you have, the less likely you will be targeted.
Only use services from trusted businesses.
For social media accounts, limit the kind of personally identifiable information that you post.
Change the privacy settings on your social media accounts. This will also help limit what hackers can learn about you online.
Dedicate one credit card for online purchases. Make sure that credit card offers online theft protection. In case your identity is stolen, and fraudulent charges are made, you won’t be personally responsible for those unauthorized charges.
Don’t accept a friend request from someone who is already your friend on the service. It is most likely a fake account created to fool you. Check with the actual person first before accepting these kinds of friend requests.
Concerning Computers and Email:
When you receive a suspicious email, carefully check the sender’s email address. If you get an email from a large company, but the sender’s email address is Gmail, it is most likely a scam.
Hover over all links in the browser before clicking on them. Make sure the URL is actually going to the place it says it is going to.
Never open or download attachments from suspicious emails.
Have separate email addresses for different activities. For example, you could have an email address dedicated to financial accounts, one dedicated to job searches, an email address dedicated to online purchases. You can even have an email address dedicated to services you only intend to use for a short time.
Install and use malware protection software from a trusted company.
Lock or shut down computers in public or work environments when they are not in use. A computer cannot get infected when it is off!
On the Phone:
As spam callers and spambots are making record number of bogus phone calls, only answer calls for people you know.
Don’t volunteer personal information or credit card information on any phone calls you did not initiate.
If you get a popup saying your computer is infected with a virus, don’t call any phone number that it provides. Rather, take it to a trusted computer repair shop or friend that works on computers to help you clear the malware.
Out in Public:
Don’t discuss personal or financial information in public areas.
Don’t give strangers any personal information.
Stay vigilant when in a new area. Pay attention to those that are paying attention to you.
At your place of business, don’t hold open any doors to secure areas for anyone.
Don’t let people enter secure areas with your credentials.
Keep an eye out for unfamiliar people in your work area.
By following some of the suggestions listed above, you will decrease your chances of getting your data stolen or your accounts compromised. If you are concerned that you may have been the victim of identity theft, you can have a dark web scan performed on your behalf.
Allegiance Technology Solutions provides 24-7 Cybersecurity Monitoring services for our Managed IT Service clients. Our service will proactively monitor the Dark Web for you and notify you immediately when your data is found to be compromised. Contact us if you are interested in using our cybersecurity protection services for your business.