The gift-giving holiday season is upon us. Monday was "Cyber Monday," the retail industry's term for the online shopping frenzy on the first Monday after the Thanksgiving holiday. With plenty of packages to be delivered from online shopping, the story below applies to everyone.
A friend, Celeste (not her real name), called me on the phone Sunday evening about an official-looking e-mail message she had received from the FedEx package delivery service. She thought that the e-mail was a scam and wanted to confirm it with me. Since she was expecting a package, she admitted to have already opened both the e-mail message and the file attached to it.
I explained that this probably a scam. A quick online search found the fraud page at the FedEx website:
"FedEx has received reports that there has been an increase in fraudulent emails claiming to come from FedEx. These messages typically have a vague subject referencing a FedEx tracking, invoice or item number and an attached zip file with 'FEDEXInvoice' in the file name that may contain a computer virus. If you receive a message matching this description do not open the attachment. Delete the email immediately."
Identity-theft criminals know that year round, and especially during the holiday season, consumers send and receive gift packages. The scam takes advantage of this to trick consumers into revealing sensitive personal and financial information. Celeste read part of the e-mail message, which had several telltale grammatical errors and a corporate logo with the wrong colors. Plus, the message sounded similar to others package scams reported:
"Your parcel has arrived at the post office at December 24. Our courier was unable to deliver the parcel to you.To receive a parcel, please, go to the nearest our office and show this receipt. DOWNLOAD POSTAL RECEIPT.
Best Regards, The FedEx Team"
FedEx does not send unrequested e-mail messages about the status of packages, invoices, nor personal information. Since Celeste had already downloaded and opened the bogus receipt, I explained to her that her laptop probably was infected with a computer virus. This is the purpose of bogus file attachments. I suggested that she not do anything online until the virus is removed, since it could compromise her online passwords. If the anti-virus software on her laptop can't remove the malware, then she'll probably need to take her laptop to a computer repair service.
I suggested that Celeste delete the e-mail message and file attachment, log out from her home WiFi network, and run a full virus scan of her laptop. She deleted the e-mail and attachment, but didn't know how to log out from the home WiFi network which her daughter operates.
For privacy, mobile devices contain the option to disable wireless connections; a necessary feature when using devices airplane flights. When a computer is infected, it is important to disable the wireless connection so that the virus doesn't spread to other devices on a home WiFi network, send out spam to the contacts in your address book, nor alert criminals of a successfully infected computer. Ransomware scams and keystroke-logging spyware usually communicate remotely to the criminals that distributed the malware.
The wireless modem on Celeste's laptop was controlled by the software and not a physical switch. While I looking for a user manual online for the specific keystrokes to disable WiFi on her Toshiba Satellite laptop, she restarted her computer. When her laptop restarted, it was immediately clear that a computer virus was present, since the Windows operating system displayed several error messages. Ultimately, she was able to successfully restart her laptop, download updates for her anti-virus software, and perform a full anti-virus scan.
However, the virus was a stubborn one, and she was only able to fully remove it with the help of the anti-virus vendor's technical support staff.
Online scams can be bogus e-mail messages, like the one Celeste received, or bogus websites. The industry term is "phishing" as in fishing for consumers' information. The FedEx website lists several warning signs of phishing scams:
"- Unexpected requests for money in return for delivery of a package, often with a sense of urgency.
- Requests for personal and/or financial information.
- Links to misspelled or slightly altered Web-site addresses (fedx.com, fed-ex.com, etc.)
- Spelling and grammatical errors or excessive use of capitalization and exclamation points.
- Claims that you have won a large sum of money in a lottery or settlement.
- Certificate errors or lack of SSL for sensitive activities"
Celeste's experience highlights several things for consumers:
- Learn to spot e-mail scams
- Don't open file attachments from strangers
- Know how to disable the WiFi connection on your mobile device(s)
- Keep the anti-virus software up-to-date on your mobile device(s)
- Know that password protecting your device and logging into a home network are two separate steps.
To learn more, read: