2 Most Common Scams (And How to Avoid Them)

Scams. We’ve all encountered them. Whether it was receiving a dubious email or coming across a deal that was too good to be true, one thing is for sure – scams are ever-present in today’s highly digitalized world. In fact, in 2020, Singapore saw an all-time high in the number of scam cases reported, up 65.1% from 2019 as reported by the Strait Times. Shocking, isn’t it?

This trend is particularly attributed to the increase in time spent online due to Covid-19 remote work and learning arrangements. Given that this is likely to be the new normal for some time, it is ever more important to educate ourselves on common types of scams and how to steer clear of them. 

1. Ransomware

What is Ransomware?

Ransomware is a kind of malicious software (malware) that takes many forms and aims to create damage or inconvenience to its victims. They are all a ploy to make the victim pay a ransom to the attacker to revert the computer to its original state. However, there is no guarantee that the attacker will perform their end of the agreement after receiving payment. 

• Filecoders encrypt, or lock, the files in your computer with a mathematical key held by the attacker. Without this key, it is practically impossible to decrypt the files. Hence, this type of ransomware is the most difficult to deal with as it causes extensive damage. 
• Screenlockers simply lock your screen and prevent you from using your computer until a payment is made to the attacker. 
• Doxxing-related ransomware notifies you that your passwords, emails and et cetera have been seized and will be made public unless payment is made.
• Scareware overwhelms your computer with pop-ups requesting payment for the fixing of alleged computer issues which do not actually exist. Of these four types of ransomware, this is usually the simplest to resolve.

How Does Ransomware Spread?

The most common way that ransomware ends up on your computer is through phishing emails, in which the attacker masks itself as a legitimate institution to gain the trust of its victims. Often, malicious links and files acting as Trojans are involved.

Take CryptoLocker or WannaCry, for example. Both scams lured their targets to open ransomware that was disguised as a legitimate file attachment in an email. Upon opening the file, encryption would then begin.

How Can I Avoid Installing Ransomware?

There is not sure-fire way of avoiding this. The best guard for such a thing is to keep yourself vigilant over any suspicious emails or calls you receive. When in doubt, always ask for more proof and always get someone who is knowledgeable in this field.

That said, there is a couple of things you may do to avoid installing such malicious softwares:

• Exercise extreme caution when opening emails. Check the sender’s email address to ensure that the email is from a legitimate institution. Mouse over any links and check that the URL matches that of the institution. Avoid opening attachments from unknown senders.
• Always update your operating system to reduce the number of vulnerabilities that scammers can exploit.
• Install a reputable antivirus software, such as McAfee or Avast. This will detect any malicious software on your computer and notify you of it. 
• Install whitelisting software that will prevent unauthorised software such as ransomware from executing. Some options are Applocker and PowerBroker.
• Don’t install software or allow it administrative access unless you are certain of its functions.
• Make it a habit to back up your files often. Though this will not prevent a ransomware attack, it will definitely reduce the damage of one as the amount of data lost will be significantly smaller. 

What if I’m a Victim of Ransomware?

1. Do not pay the ransom, as there is no guarantee that your files will be decrypted after making payment. Paying the attacker would also encourage them to continue scamming others, as it is profitable for them.
2. You can use Crypto Sheriff, a tool developed by Europol’s European Cybercrime Center,  to identify the ransomware type. It will scan the ransom note and files encrypted and inform you if there is any decryption program which exists for you to download.
3. Reboot your computer to safe mode to prevent non-essential software from launching during the boot process. Remove the ransomware from your computer either manually or by installing a trusted antivirus software to run a scan to detect and remove any malware. Sometimes, the malware will remove itself from the computer as scammers do not want to leave traces of their strain’s encryption for others to crack.
4. Perform any system updates available to reduce the number of vulnerabilities that could potentially be exploited.
5. Recover your lost files from a system backup or a backup stored in an external device. For Mac users, you can try the Time Machine function or iCloud to restore your computer to its pre-attack state if you had regularly performed backups. For Windows users, you can use the View Hidden Items feature in File Explorer to access shadow copies of your files.

2. Technical Support Scams

What are Technical Support Scams?

Technical support scams usually involve either a phone call or a pop-up.

For the former, the person on the line will inform you that they have allegedly detected an issue with your computer, such as a virus, and that they can help you fix it if you give them remote access to your computer via the installation of a remote control software.

For the latter, it could take place when you are using your browser. A system pop-up will appear, similarly stating that your computer is vulnerable and asking you to call the stated number for technical assistance.

However, the person on the line is simply a scammer trying to steal your personal data or make you pay for technical support for a nonexistent problem.

How Can I Avoid Technical Support Scams?

• Be aware of this type of scam. Microsoft and Apple will neither contact you to ask for personal information nor provide technical support. Any communication with them will have to be initiated by you. Hence, if someone calls your phone to inform you that your computer has been compromised, hang up immediately. Note that scammers are able to spoof their phone number such that the one displayed is the legitimate support hotline.
• Though the system pop-ups may look convincing, know that Apple and Windows pop-ups never include any technical support hotlines. This means that these pop-ups will always be scams, so close them and the website which triggered the pop-ups. The pop-ups could also be triggered from malware installed in your computer, so it would be good to download a trusted antivirus software such as McAfee or Avast to scan for and remove any malware.
• If in doubt, you can visit the official websites of Apple or Microsoft to obtain the legitimate support hotlines.

What if I’m a Victim of a Technical Support Scam?

1. Uninstall any software that the scammer guided you to install.
2. Install a trusted antivirus software and run a scan to detect and remove any malware that may be in your computer.
3. Perform any system updates available to reduce the number of vulnerabilities that could potentially be exploited.
4. If fake error messages continue to pop-up, you may wish to consider performing a factory reset on your device. This would restore the computer to its original system state by erasing all information stored on it.
5. If you have revealed any passwords, change them immediately.
6. If you have made any payments via credit card, contact your credit card company immediately as they may be able to cancel the transaction. If you disclosed your credit card details, you should request to cancel the card altogether and ask for a replacement.

Stay Vigilant

Another way to protect yourself from scams is to stay informed about the latest scam news. Two useful resources would be ScamAlert and the Singapore Police Force’s Facebook page. As the saying goes, it is definitely better to be safe than sorry when it comes to scams, and knowing more about them can only benefit you!