Share this story...
Latest News

A good tool for sniffing out scam websites

Q: I think I have fallen for a scam. My desktop said my computer was compromised with some kind of malware and gave me a number to call. I did call and fell for the scam, so what should I do?

It’s unfortunate, but the Internet is loaded with what I refer to as booby-trapped websites that can generate very convincing pop-ups on your computer.

This latest scam is replacing the fake Microsoft calls that have been in play for years. Many of the warning replicate Windows or popular security program’s dialogue boxes, which is why so many are being fooled.

In general, any pop-up warning that encourages you to call someone right away should be considered a scam, as that is not standard operating procedure for any legitimate security program. In fact, most software companies try to do everything they can to prevent you from calling as it’s the least efficient way for them to work with millions of customers.

Some scams are designed to plant something on your computer so that, on a periodic basis, a warning will pop-up with the hopes that you’ll continue to fall for the trick. Others are simply a plot to get you to pay for something you don’t actually need.

You may want to have someone you trust take a look at your system to make sure there isn’t any lingering malware or unnecessary programs still hiding in the background.

If you paid with a credit card, you can try disputing the charges with your card vendor, but most of the scams that I’ve seen include a process where you agree to the service electronically just in case you try to dispute the charges.

Another method that I’ve seen used is getting the victim to agree to pay via an electronic check, which makes getting your money back even more difficult.

The sophistication extends to what look like legitimate websites with lots of industry certifications and verbiage proclaiming no-risk, money-back guarantees to help convince victims to use them.

Any company that uses these tactics to get customers is obviously not too concerned about their reputation, so they’ll operate under a large variety of names to help keep their scams alive. As soon as one of the websites gets enough of a bad reputation online, they’ll shut it down a launch a new one.

One way of sniffing out suspicious companies in the future is to see how long the website has been around versus how long they claim they’ve been around.

You can do this using ICANN’s Whois database which provides lots of details about the company, including where they registered from, when they created the website and when it’s set to expire.

When you see a website that was recently created that will expire within a year and has an offshore administrative address or hides the administrative contact info through a proxy service, you should be suspicious.

If they claim that they’ve been around for 10 years, but their website was created six months ago, that’s a bit of a red flag, especially if they only registered the site for a year. A company that’s been in business for a long time will want to protect itself by registering the site for an extended period of time.

Remote service is a great tool, but it’s generally best used after you’ve established a trust relationship with the organization or individual that wants to use it.