Monday, October 30, 2017

Verify and Validate



We appear to be in a truth crisis.
We see it on Facebook every day – someone has shared a story that simply is not true. Or a news headline from years ago, shared as if it just happened. I received a lime green postcard in my mail that stated they were trying to arrange a delivery, with big bold letters proclaiming PACKAGE SHIPMENT. The stamp was not cancelled, it had no return address, and when I “Googled” the card description, it was a scam.  Our local news station carried the warning that night.
Good grief.  The scams and schemes are flourishing and becoming ever-so deceiving.
The phone call was from a doctor I had not heard from in years.  I had set up his QuickBooks, he had heard me speak a few times and he was cruising right along until something was wrong with his payroll.  He had updated to the 2017 version but the payroll checks did not appear to be auto-calculating, stating his payroll subscription had expired, even after he knew he had paid it.
So, he did what many others do – he Googled “QuickBooks support” and called the first number in the list. He called someone in the “Philippines,” whose accent, he laughingly said, sounded different than 
he thought it should. He allowed the “customer support representative” (CSR) to remote access his computer to determine the problem, believing they were with Intuit.
The CSR moved aptly between screens for approximately 10 minutes before declaring the file was corrupt. The doctor was told he needed to send the file to be fixed but it would cost $4000. That’s when he hung up and called me. With great remorse, he admitted he should have called me first.
I remoted in to his computer and created a portable file. If his QuickBooks was corrupt, I would not have been able to create a portable file.  Now I was highly mistrustful of whom he had actually called.
I opened his file on my computer (different QuickBooks version) and began searching for the problem.  After reviewing, I concluded it was a simple payment conflict and called my Intuit payroll contact to verify his subscription.
The actual problem was fixed relatively quickly and much less costly! 
The doctor did not call Intuit support as he was led to believe, even trusting them to remote into his practice’s computer to view his QuickBooks.  He called the first number listed, which is paid advertisement, targeting countless victims.
Telephone calls, emails and mail – it seems we are being held hostage by deception for whatever we naively believe without verifying and validating!
Because of all the telephone scams, I do not buy anything or donate to anyone on the phone. I typically do not answer the phone if I do not recognize the phone number. If I can tell within a few seconds a phone call is a recording or sales call, I hang up. I do not need to offer an explanation. Hanging up is my polite form of rejection. It appears they are not enforcing The Do Not Call Registry and solicitors change their phone numbers often anyway.
Microsoft will never call to tell you your computer has a virus infecting the internet. The IRS will never call you to accept a payment for delinquent taxes. The County Jail will not call to say there is a warrant for your arrest for failure to appear as a juror but if you purchase and send a prepaid gift card to this address, the warrant will be dropped. If you ever get a notice that I am in trouble in a foreign country and need funds, don’t send it.  If I was in trouble, you have my permission to not bail me out! And, I’m pretty sure that no one in a foreign country needs help with a deceased person’s estate. 
Beware of getting emails to update your information with your bank, or Paypal or your credit card. While writing this article, I checked my spam folder to see how many such emails I had received – one from “American Express™” and another from “Paypal™.”  These phishing emails bank on the recipients being emotionally compelled to click on the link to take care of the request immediately, without thought.  Yet, if you hover your mouse over the email address and the link, it will not be from the company.  If in doubt, simply go directly to the financial institution’s site to see if you are required to update your information.  Verify and Validate.
Ransomware is a threat on a more  costly scale. Spread via email that has  an 
innocent looking link, that when clicked on, the computer is locked down for a ransom, encrypting files and spreading through the network, until you pay. Growing at an alarming speed, ransomware is becoming more sophisticated, often targeting their victims. Update all your software, ensure anti-virus and malware protection software is installed and updated.  Buy the full versions of both to maximize protection. 
Call the email’s sender to verify any links 
that are sent before clicking on them.  
In the past two weeks, I received two  emails with "document" links to review files, one from a dentist and one from a meeting planner. The email context was looked convincing enough. After reviewing the url the links would open to if clicked, I determined them both to be scams. The link in the meeting planner email was for a file embedded on an Australian real estate site. I thought it would be interesting to reply to the dentist's email, curious if I would get a reply. I did. 
"i sent u documant open and revew"  No punctuation with a poorly constructed sentence full of misspelled words. The dentist's personal email was Yahoo, which had recently, again, been hacked.
I called both offices to alert them to the problems, recommending they immediately call their IT expert. 
If you are hit by ransomware, unplug all the computers from the network immediately and call your technology advisor.  Also disconnect all other devices connected to the Wi-Fi, such as cell phones and laptops.
If it sounds too good to be true, it is neither true nor good.  We must protect our online accounts by enhancing our passwords to be exceptionally complicated.   PC Magazine’s recommended LastPass is a password generating program that complicates and remembers passwords.  It works in whatever browser or device you use.   And, you only need to remember LastPass’ password – it remembers all the rest. 
If you have a Yahoo email address, I suggest changing your password at least quarterly and that the password be a minimum combination of ten upper and lower case letters, numbers and symbols. 
A strong complicated password for every internet account is a sturdy line of defense BUT remain aware of the potential threats required to live in our social media world.  Have this conversation with everyone in your practice and your family, including your elderly.
Do not ever give any personal information via phone or email. Be suspicious of all incoming calls of whom you do not know. Sounds paranoid, right? Maybe. But, the calls and email scams continue because the behavior is reinforced by recipients not being cautious.
Be diligent to verify and validate. 



No comments:

Post a Comment