A Family Friend’s Close Call with a Cyber Scam

A few weeks ago, a family friend came to me looking worried. They told me they had received a phone call from someone who claimed to be from Microsoft support and said that there was an issue with their account that needed urgent troubleshooting.

The caller asked them to log in to their account and provide remote access to their computer so they could “fix the issue.” Trusting the caller, they complied but soon after realized something was terribly wrong.

What started as a seemingly innocent call escalated into a full-blown tech support scam where the attacker gained remote access to their computer and started gathering personal information, installing malware, and even potentially monitoring keystrokes. This is a common and dangerous scam that targets unsuspecting individuals. In this case, the attacker may have done some of the following things:

• Installed malware to track personal details, passwords, or financial information
• Accessed sensitive accounts, such as online banking, social media, or email, to steal or manipulate information
• Used remote access to install ransomware, potentially locking important files or demanding payment to release them
• Stolen login credentials for accounts or systems, giving them access to other personal or financial information

The real danger is that fraudsters are excellent at what they do. They sound professional. They are great at building trust. And they know how to get you to act. My friend isn’t naïve, and it’s a good thing to trust people. However in this case, they were tricked into allowing a bad actor to control their computer, putting their personal and financial security at great risk. This highlights just how sophisticated these types of scams have become and why it’s essential to remain cautious about unsolicited calls, emails, or messages.

What to Do When Someone You Know Is Compromised

Even when a known contact is involved, it’s not always safe. Imagine receiving an email from a trusted colleague or business partner, asking you to click a link or download an attachment that seems off. This can be a sign that their email account has been compromised and is now being used for phishing attacks.

Phishing involves an attacker impersonating a trusted source to steal personal information, like usernames, passwords, or financial data. If you receive an email from someone you know and they ask you do something unusual or suspicious, it’s important to take extra precautions:

1. Verbally verify: Call or text the person directly, to confirm that they actually sent the email. Don’t rely on contact information from the email itself, because it could be “spoofed”

2. Examine the email carefully: Look for signs of phishing, such as unusual grammar, a sense of urgency to take action, unfamiliar links, or attachments.

3. Don’t click or open attachments: Until you verify the authenticity, don’t click any links or open attachments in the message.

4. Report it: If you find out the contact’s account was compromised, alert them immediately so they can take action.

Even the most well-meaning and familiar contacts can become targets of cybercriminals. Taking a moment to verify can help protect you and your personal information from falling into the wrong hands.

Five Immediate Actions to Help Stay Secure Online.

As we’ve seen, online threats are everywhere, but there are some basic steps everyone can take to stay secure. Here are five essential actions that can drastically reduce your risk:

1. Use a Password Manager & Unique Passwords for Every Account.
Password managers like 1Password, Bitwarden, Dashlane, and Keeper Security allow you to create and store complex, unique passwords for each of your accounts. Using the same password for multiple sites is an easy way to give hackers access to everything you do online. With a password manager, you don’t need to remember each password, just one master password.

2. Enable Multi-Factor Authentication (MFA) Everywhere.
Multi-Factor Authentication (MFA) adds an extra layer of security to your online accounts. Instead of just entering your password, MFA requires another step, such as a code sent to your phone or generated by an app. Enabling MFA on all of your accounts makes it much harder for hackers to break in, even if they have your password.

3. Keep Your Software Up-to-Date.
Make sure you use the latest versions of all your software on all of your equipment, including your phone, tablet, computer, and any other internet connected devices. Developers often release updates to patch vulnerabilities that hackers could exploit. Enabling automatic updates can help ensure you’re always protected.

4. Practice Secure Browsing.
Always use secure, encrypted connections. Look for “HTTPS” in URLs and consider using a VPN (Virtual Private Network) when browsing on public Wi-Fi. A VPN secures your internet connection, preventing hackers from intercepting your data. Be cautious of clicking on links from unfamiliar sources, and always check that websites are legitimate before entering personal information.

5. Stay Vigilant.
The most important defense against cyber threats is staying alert. Be cautious about unsolicited emails, phone calls, or messages, and always verify requests before taking any action. Cybercriminals often rely on social engineering to trick victims into revealing sensitive information. Trust your instincts and always double-check if something feels off.

By following these basic steps, you can significantly improve your online security and protect yourself from a range of cyber threats. If you’d like to discuss online security further or need help with securing your accounts, don’t hesitate to reach out. Remember, a little bit of vigilance can go a long way in keeping you safe in the digital world! At Foster Group, we believe that being truly cared for means understanding your passions and using proven methods to help you reach your goals—including protecting what matters most.