A brazen attempt by a phone scammer to get remote access to a police computer recently shows that everyone needs to be on the lookout when it comes to online con artists.
So, how do they work?
Scammers phone up and pretend to offer to help with slow or infected computers. They use the names of well known companies such as Microsoft or Spark to convince targets they are genuine. They often try to get remote access to a victim's device, which would enable them to access a network or computer from another location.
What are the scammers after?
According to Netsafe they may be trying to get online banking or credit card details, and get targets to pay for a fake security check. Sometimes they also ask for personal information such as copies of passports and drivers licences that can be used for identity fraud.
How often does this happen?
No one really knows, but Netsafe says it gets thousands of reports of this scam. In 2015 it received 859 reports of what was then called the PC doctor scam. In the cases reported to Netsafe in 2015, targets lost nearly $104,000. That was likely to be "just the tip of the iceberg".
In the 2015 report, Netsafe acknowledged it was advised of "only a fraction of the total number of online challenges that New Zealanders experience each year". In 2015 it received 6 per cent more requests for advice or support - for a wide range of online issues, not just scams - than it did in 2014. Reporting rates provided an indication of possible trends, it said.
Where do the scams originate?
Identifying those behind cyber incidents is notoriously difficult, Netsafe says. Caller ID for the PC doctor scammers showed incoming numbers theoretically tracing back to various countries including Egypt, India, Romania, Australia, the Philippines and the US.
Other targets reported getting a browser pop-up asking them to call a NZ 0800 number for virus removal that clearly connected to an overseas call centre.
What other kinds of scams are there?
Among the scams highlighted by Netsafe are:
Email phishing: The aim of this widespread scam is to get personal information such as bank account numbers and passwords. Usually a large number of people are sent emails in the hope some will fall for the scam.
An example is the lottery scam, where people are told they have won a prize, and need to provide some details to claim their winnings. In others, scammers pretend to be lawyers or from the government and threaten legal action if targets don't provide information or money. Netsafe warns that not all phishing scams are obvious, and the scams are becoming more difficult to spot.
Fake invoicing: Scammers send an invoice - printed or email - that looks like it has come from a legitimate business. The bills are for goods or services that haven't been requested, of for something that doesn't exist such as a fake trade directory. They can also ask for changes to usual billing arrangements.
Facebook trading scams: These involve scammers posing as sellers on a buy and sell Facebook page or group, or setting up fake business pages. They pretend to have goods or services for sale, but once they're paid they disappear, or buyers are blocked from their sites, or buyers' messages are ignored.
What should people do if they are targets of a scam?
Ransomeware works by blocking people's access to their computers or files until they pay a ransom.
Another recent attack was a Google Docs phishing attack about a month ago. It involved Gmail users receiving an invitation from a friend in their contact list to join a Google Doc. The link directed users to google.com, while also giving the attacker access to users' email inboxes.
As a result, the attacker was able to read, send and delete emails and communicate with users' contacts. Google disabled the attack but by then thousands of people had reported clicking on the link.
Have you ever fallen victim to a scam?
Written by Michael Daly. Republished by permission of Stuff.co.nz.