Hello all. This post is quite different from my typical EReader reviews and recommendations but given the rise of online scams due to Covid 19 I felt the need to warn my fellow readers. You need to protect yourself online more than ever before and this guide will give you some top tips on how to do it. Some of these scams are Kindle Specific whilst others are more generic.
I’ll be covering the following scams and how you can avoid them:
- Amazon Scams
- Fake EBooks / EBook Stuffing
- Covid-19 Scams
- Extortion Emails
- Fake Utility Bills
- Expired Virus Protection
Before we get into the specifics of the scams, let’s talk about the psychology behind them and how you can protect yourself.
The Psychology Of Scams
The main aim of these scams is to:
- Trick you into handing over funds or personal information
- Make you feel you have been individually targeted
- Force you to think fast rather than take a step back and look at things rationally
The combination of these 3 factors mean that even the most tech savvy and rational people can be at risk.
The primary aim of scammers is to make money. They are treating this like any other business where the primary aim is to make money and they really don’t care how they get it. The level of sophistication has increased over the years. It’s rare that you’ll get the typical email from a Nigerian prince that just needs a few thousand dollars transferred so he can then release a wealth of Gold to you. It’s much more likely that they’re written professionally and look like companies that you have regular interactions with.
They want to make you feel like you’re the mark and they’ve got something on you. This is rarely the case. It’s more likely that a company database has had it’s contents leaked on the internet which may have had some of your personal information. However, they’re sending out millions of scam emails in an attempt to see who takes the bait rather than just focusing on you.
Normally the scams will have some form of time component associated with them to rush you into making a decision. An example of this could be:
Send me money in the next 24 hours or XYZ bad event will happen
Hold your ground! This is arguably the toughest part of the scam and causes the most psychological stress. Scammers love playing on our fears. Even the hint of something bad happening and our brains will create a variety of worst case scenarios that make us feel even more stressed out.
The Types Of Scams Out There
Amazon Account Holders
For those of you who have a Kindle, you would have set up an Amazon account in order to purchase EBooks. Given how big Amazon is, it makes it an easy target for potential attackers. The types of unsolicited calls or emails you may receive include:
- Orders you don’t recognize
- Your payment details have expired
- Asking for sensitive personal info via email/call
- Requests to install software
- Emails containing bad grammar
- Links to non Amazon websites
Although these emails may look like they have come from Amazon, they haven’t. It’s scammers looking to gain additional information in order to access your account.
You can protect yourself by:
- Never opening the emails
- Deleting the emails
- Hang up the call if it sounds suspicious and call Amazon directly using their website
- Report it to Amazon
Fake EBooks / EBook Stuffing
These types of scams are a little more difficult to detect and are not your average type of scam. In this context, fake EBooks refer to poor content being created cheaply and then the use of automated bots to download the book and positively rate it. This in turn will increase the visibility of the EBook to the point where real customers could potentially purchase it. There have been a few cases of this over the years but the most infamous was the multi-million dollar Valeriy Shershnyov scam.
On the face of it, the EBooks looked legitimate. It was only once the customer downloaded the book they would find the content poorly written, full of grammatical errors and usually not the intended topic they wanted to read about.
You can protect yourself by:
- Doing some research on the book and the author outside of the Amazon ecosystem
- Download the free preview, it’s likely this would contain the same type of errors as the rest of the book
- Report it to Amazon if you do find you’re the victim of this type of scam
EBook stuffing refers to a percentage of the book being populated by another book to make it look bigger. It can be some cases that up to 90% of the original EBook you thought you were getting has been stuffed with irrelevant content. Why does this scam even exist? Well it relates to how authors are paid on Amazon. The bigger the book, the more Amazon will pay the author. You can read more examples of this here
The same advice above broadly applies to EBook stuffing in regards to how you should protect yourself.
This is happening in the UK right now with a fake TV licence bill scam. The scammer sends the TV licence holder a fake email highlighting that there is an overdue amount on their TV licence bill and their account has been suspended. There is also the threat of debt collection if they don’t pay the outstanding balance. The email looks real and the amount overdue is nominal.
It’s only when you use your mouse to hover over the pay now button you’ll see that the link is not going to the TV licencing company. This is just one example but there are many more going on throughout the world right now.
You can protect yourself by:
- Never open these type of emails
- Never click on any links or download any attachments in the email
- Always contact your provider directly using the phone number on the companies website (not the phone number in the email)
- Report them to your local scam authority in your relevant country
Especially with the rise of Covid-19, there has been a surge of companies claiming to offer information and advice to those affected. It highlights just how low some people can go in order to make money off victims.
The example below looks like it’s from the CDC:
How To Protect Yourself:
- Check your official government websites for advice and do not rely on unsolicited emails offering advice
- Never click on any links from these type of emails
- Do your own research on Covid-19
- Delete the emails
These are arguably the toughest to cope with psychologically. They normally start with something where it looks like they have some form of leverage on you. This could be an old password or they know what you’ve been up to online. They then use this alleged leverage to insinuate they know a lot more about you and that this is the tip of the iceberg. An example could be that they’ve installed remote computer monitoring or keyboard logging software on your machine and have somehow gain access to all of your contacts details. Finally they end with a financial demand to be paid (usually to a Bitcoin account) within the next 24 hours or very bad things will happen.
So let’s break this one down into its various components. It’s very unlikely that they have leverage if you have been careful with your passwords and not distributing too much personal information online. Chances are that there has been a data breach of a website you have used in the past and you happen to use these credentials elsewhere.
Next, they want you to focus on the worst case scenario:
- They’ve recorded you
- They’ve logged all your usernames and passwords
- They have all of your friends and families contact details
Again this is quite unlikely if you’ve been relatively careful online.
Finally, with the time component, they want you to panic and act irrationally. 24 hours is not a lot of time to decide if you’re going to transfer funds to an unknown assailant.
An example extortion email is below:
How to protect yourself:
- Never open these types of emails
- Report them to your local countries authorities
- Change any passwords which have a hint of the old password they have shown
- Discuss with a friend if you feel comfortable, talk things through rationally
- Don’t transfer any funds, this will be very hard to recover if Bitcoin has been involved
- You can also invest in a webcam cover
Expired Virus Protection
This scam preys on the not so tech savvy of us. A person receives either an email, call or popup whilst browsing claiming that their virus protection has expired. It usually mentions a well known brand such as Norton. Once the person has clicked on the link or answered the call, the attacker will request to install some remote desktop access software in order to ‘solve‘ the problem. This is where things get bad as the attacker now has access to your machine and can do whatever they want. It could include installing remote key logging or recording software to execute to the extortion scams I mentioned above.
How to protect yourself online:
- Verify what antivirus software you actually have installed, get a friend to help if you don’t know how
- Don’t open the emails or answer the call, go to the antivirus website directly to verify your licence
- Legitimate antivirus companies will never ask you to install software to remotely access your machine.
- If you have already installed the remote software, you may need to take it to a professional to have your machine checked
Best Practices For Staying Safe Online
There are some simple things you can do to ensure you stay safe online. I’ve also included a list below where you can find more information. One key thing to remember is that you need to be careful how much information you disclose online.
- Change your passwords regularly
- Use strong passwords which have a combination of letters, numbers and characters and are at least 8 characters in length
- Don’t use the same password for multiple websites
- Consider using a password manager such as LastPass to store your passwords directly
- Make sure your passwords have been erased when using computers in public places such as internet cafes
What Companies Will Never Ask For
There’s a fairly standard list of items that companies will never ask for via email or over the phone to confirm your identity.
- Your full password
- Any PIN’s you’ve set up
- Bank details
- Ask you to install software
If in doubt, hang up the phone or delete the email and contact the company directly through their website. If a company is calling you out of the blue, treat it as suspicious
Where You Can Get Further Support
I’ve mentioned throughout the article that there are a number of organisations which can provide additional support and information. I’ve listed a few here:
- https://www.scamwatch.gov.au/ (Australia)
- https://www.citizensadvice.org.uk/ (UK)
- https://www.usa.gov/stop-scams-frauds (USA)
From these pages you can find out current online scams as well as report if you have been a victim of one
Hopefully this has been a useful read and you’re a bit wiser online. If you have any additional links or advice you like to get included in this article, please add a comment below.
Until next time, stay safe online