Top tips to beat the screen overlay scammers: Internet Scambusters #1,061
Screen overlays are nothing more than digital imposters. They pretend to be what they're not.
But if you don't know what they are and don't take steps to avoid them, they could land you in big trouble.
We have the explanations and answers you need in this week's issue - including the number one rule that will stop most of them in their tracks.
Let's get started…
The Number One Rule To Avoid Malicious Screen Overlays
You may not always be aware of it, but whenever you switch on your computer or open your mobile device screen, trouble, sometimes big trouble, is only a single click or tap away. And crooks have many ways of tricking you into clicking that dangerous link.
Sometimes it's by pretending to be something they're not and many times you can't even see what they're up to.
One of the most common ways of doing this is by using what's called a screen overlay. They're pages or images that sit on top of the page you think you're viewing. Typically, these might be pop-ups with a fake warning or scare message. Or they might be phony sign-on screens that look identical to the real ones.
Sometimes, these overlays appear as a result of your device already being infected with malware. But they can also be conjured up from a link in a phishing email or text, an innocent looking ad on a web page, or results in a search list. They may come via messages or social media posts that appear to come from someone you know.
Most recently, crooks have been hiding overlay software in a number of Android mobile phone apps. For example, the malware they plant, available online for as little as $3,000, may wait until the user decides to access their online bank, then it slips in the overlay to harvest login information.
Here are some actions you can take to protect yourself from screen overlay scams.
- Keep your internet security software up to date. This is by far the most important thing you can do to keep malware off your device altogether and to detect malicious links.
- When you're online, never click on a pop-up link, never visit an address given in a pop-up, and never phone a number given in a pop-up. Don't do any of these things, even if the message looks genuine.
- Instead, make a note of what it says, then restart your device. If you think the message might have been genuine - for example saying some software needs updating - independently visit the real site of the provider and check from there.
- Use your browser security settings to switch off pop-ups altogether. It may be a minor inconvenience if there's a genuine message. Search online for information on how to switch them on or off.
- If you're using a program rather than a web browser, use the "check for updates" option in the software itself, rather than clicking on a pop-up.
Searching and Browsing
- Watch for sites that don't seem to behave as expected when you touch or click on an area of a page. Scammers focus their attention on their malicious links and other areas of a malicious page may not respond as expected when you touch them.
- Don't assume that the top items in search results are genuine, especially if they're identified as advertisements. Crooks are experts at getting their ads and page links up top. This is particularly true when you're looking for a customer service contact.
- Whenever you're on a login page, check the address/search bar at the top of your browser before you enter anything. Make sure it perfectly matches where you want to be. For instance, does it say "amazon.com" or something similar like "amazom.com" or even "ȃmazon.com" (with an accent over the "a"). Scammers are good at doing this.
- Better yet, key in a known address yourself - again, making sure you've done it correctly.
- Use a password manager. This should automatically check that you're on the correct page before inserting any details. If you're not, it should either alert you or, more likely, simply not operate.
- If you're asked to pay for items or services via Bitcoin, gift card, or cash wiring services, it's almost certainly a scam. These methods send your money to an untraceable location.
- Don't download material from sites you don't know or trust. This is one of the most common techniques for installing malware that can generate overlays.
- Always read the terms and conditions of any software you install, watching for clauses that allow use of overlays.
"Screen overlays" is a broad term that encompasses the above and many other tricks, increasingly so these days on mobile devices.
But they all have two things in common - in the wrong hands, they can provide access to your money or your data, or both. By using security software and by never assuming anything you're seeing is what it purports to be, you can avoid most overlay-driven scams. It's a tall order, but it works.
Freezing your PC via malware until you pay a ransom is one of the fastest growing computer crimes around. This can result from the sort of overlays we've mentioned above.
But crooks have also recently hit on the idea of fake ransomware pop-ups. You get a screen message saying you've been locked out of your PC when, really, you haven't. The scammers hope you'll be scared into taking whatever action they want.
Restart your device to find out if the warning is genuine. If it's fake, you should get back in normally.
If it's real, you may need professional help to try to unlock the device. That's why you should always keep back-ups of both your operating system and your data - so they can be reinstated if the device has to be returned to factory settings.
That's all for today -- we'll see you next week.