Every single day we hear about a new phishing scam, a new way to get at our personal information stored on our hard drives or in our cell phones.
I’ve seen everything from “PayPal” emails, rife with misspellings, hoping to obtain your login information to the “IRS” leaving you a voicemail telling you that you are going to be arrested for not paying your taxes.
I like to consider myself smart enough, savvy enough to not fall for these scams. I’ve had fun with a few of them and written about them. Until recently, I’ve never fallen for such a scam.
Sitting next to me, as I write this on my Chromebook, is a Dell paperweight. A laptop that has been rendered useless by clicking on a link in an email that I thought was connected to my Skype account. Guess, what? It wasn’t.
Just what did I fall for? Let me tell you.
I opened my email this past week and found a few emails that came from Office 365. I use this for email for my two business webpages as well as for Skype.
Not too surprising to have emails that show they are from Office, I get them all the time. What I receive are mostly emails telling me how this or that has become better, or how this new add on will simplify my life.
Also, in the past, I have received emails telling me I had a voice mail on my Skype number. I have this thing about giving out my actual cell phone number. Most of the time, my business cards have either a Skype or Google Voice number on them.
The email – emails, as there were about nine of them – all said that I had a missed call from someone, and showed a partial transcript of the message.
The first one, the one I clicked the link on, began: “We are calling about your camera…” I’ve had an issue with a couple of my camera and have sent them out for repair. I didn’t recall which number I had given Canon, so I clicked on the link that said: “listen to voicemail now.”
When I clicked on it, I was met with a Microsoft login portal that looked legit. Okay, maybe not so much, I was in a hurry, so perhaps I was not as careful as I thought I was. I entered my login information and was met with a screen that said I would need to download the updated version of Skype.
It automatically started, and I went on to do something else as It “updated.”
I can hear you right now, “never click on a link like this!” Links like this are standard for me. As I said, between Google Voice and Skype, I receive emails like this quite often. Usually, after I see one of these, I open the respective app on my cell phone. The only problem here, I neglected to reinstall Skype on my new cell phone.
Skype updated, and I was ready for that voice message. As I didn’t recall my Skype password, I went back to that email and clicked the link, knowing it would just take me into my account.
“What you have done,” according to Daniel at Dell, “was give the virus quicker access to your system by going back to that email to be redirected to the installed application.”
Daniel said that I – in no way downloaded – an actual update from Skype. What I did download was a piece of software that, as it installed the “update” removed Skype and installed a clone.
“In this way,” he said, “they are assured you will use their vehicle and install the ransomware.”
When I clicked on the link in my email, I set off an unfortunate chain of events. An app on my laptop opened and then locked my computer entirely down.
“This piece of malicious software has encrypted everything on your system, including system files,” said Daniel. “This is why, no matter what you attempt to access, brings the demand for payment up.”
The only thing I have access to is my browser. Daniel did try to take remote control of my laptop, but we were blocked from even that.
It is a brick.
“The nasty side to this coin,” began a friend of mine who works on viruses and ransomware for a federal law enforcement agency, “that you may have received this message some time ago and may have just noticed it. This is one that has been in the wild for some time. Even if you made payment, the bad actor may not be there to receive it and unlock your system.”
My laptop is done for.
“Even paying the fee does not prevent this from happening again,” my friend said. “All it shows is that you are willing to pay. You may receive another piece of ransomware from this bad actor or another. It’s not worth it.”
What can we do to prevent things like this from happening?
“Do not click on such links,” says Daniel at Dell.
I placed too much trust in my antivirus software to catch things like this. Turns out, that they are not always one-hundred per cent in finding such things.
Between Daniel and my friend, here is what they suggest you not do:
1. Keep your antivirus up to date. Even though it may not be completely effective in stopping this from happening, it can significantly reduce malware from getting into your system;
2. Don’t click every link emailed to you. Even if it looks like it comes from a trusted source, take extra precautions. For example, look at the header information, or link itself. Quite often the spelling will be one letter off- just enough to confuse you;
3. Back your computer up to the cloud or an external hard drive. This way, if you are locked out due to ransomware, you will still have copies of everything;
4. DO NOT keep essential or sensitive information on your computer. Keep that on an external hard drive. My laptop had my login information for everything from my email to my bank account. After this happened, I had to spend the night changing passwords to everything.
5. Lastly, use two-factor verification as part of your login for everything. This will go a long way to keep hackers from getting into your other services.
All-in-all, I should have known better. I can’t even begin to tell you how many Nigerian princes want me to have their dead father’s money, how many lotteries I’ve won, or how many emails and text messages I’ve had from people telling me they’ve found videos of me and I should check them out.
Guess it goes to show, anyone can fall for these phishing attempts.
Now, who wants to buy a useless laptop?