October 5, 2024 • 13 mins
A scam email has been going around in recent weeks that has been so concerning, several local police departments have issued warnings about it. The scammer tells you that they're able to spy on you through your computer or your phone, and they then threaten to release a bunch of info about you if you don't pay up. How do these emails work? Who is behind all this? Why is this one making such a mark? Professor Amir Houmansadr at UMass Amherst breaks this down with Nichole and talks about how you can protect yourself against these scammers.
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Speaker 1 (00:07):
From WBZ News Radio in Boston. This is New England Weekend,
where each and every week we come together right here
we talk about all the topics important to you and
the place where you live. It is so good to
be back with you again this week. I'm Nicole Davis. Now.
A few weeks back, police departments all over the states
started to put out advisories and warnings about a certain
type of email scam. This scam made a lot of
(00:30):
people feel very, very unsettled. There is a letter attached
in the email that has your name, your address, your
phone number, but then it claims the spammer saw you
doing some really inappropriate stuff by spying on you, and
as long as you pay them a bunch of cash,
they're not going to tell anybody. Of course, it's not
real and nobody was spying on you. But you might
have noticed that these scam emails are coming more and
(00:51):
more often. I wanted us to learn a bit more
about the people behind these emails and how you can
keep yourself safe. So enter Professor A Mere Homan side
over at UMass Ammers. He joins us now with all
the details about this And you know, Professor, I think
a lot of people are wondering, how on earth do
these spammers get my personal information?
Speaker 2 (01:11):
Yeah, that's a great question. I think in this particular case,
a lot of information these scammers have been using these
are just public information. So like if you just even
google your own name on like on the internet, you
will see that your address will pop up, perhaps your
phone number, even your age. A lot of things would
(01:36):
kind of pop up when you just search for yourself online.
So it seems like in this case, the hackers or
the scammers are just relying on public information and they
just attached some screenshots of the street they find for
that particular person, and that all makes it like convincing
(01:56):
to the target, to the victim that they I actually
have something against them.
Speaker 1 (02:02):
I'm sure these are these data breaches that we've had
lately definitely are not helping. There's been some pretty big
breaches from what I've heard from background check companies and
big corporations like that.
Speaker 2 (02:13):
Absolutely absolutely that could be the other source of kind
of information the scammers could could find about people. So
there's been different data breaches left and right, leaking cell
phone numbers and different kind of social interests, even things
(02:34):
about perhaps the model of the car you're driving, and
your insurance company and things like that, and a lot
of those kind of information has also been leaked through
different data breaches, through different organizations.
Speaker 1 (02:49):
Yeah, I mean, I know that using the Internet you
kind of give away a lot of your privacy. Like
these social media apps and stuff that we use, they're
not free. They say they're free, but you're essentially paying
with your privacy. And do you think that that's contributing
to almost this bigger wave of scam emails that we're
seeing lately.
Speaker 2 (03:09):
Absolutely. Yeah, I think, like you said, a lot of
these apps, a lot of these services that you use
for double code free on the Internet, they collect some
personal information from you. And either the information they collect
they could sell it to others or they could just
destroy it on their servers. But then guess what, their
(03:29):
service could get compromised. So even if the apps you're
using they don't share your information with others, they just
could get compromised. So, like you said, yeah, with all
the apps that we use, and with each of them
we're providing different kind of private information and personal information,
we have to assume that anyone could gain access to
(03:51):
that kind of information because once it's out there.
Speaker 1 (03:53):
It's out there, unfortunately, and you've got these websites like
white pages, and like you said, public information kind of
all over the place. How is it possible for us
to protect ourselves from too much of our private information
getting into the hands of these people.
Speaker 2 (04:09):
Yeah, it's a really difficult situation. I mean, in many cases,
even some of these information are scraped from public records
like town records. And also sometimes these happen even if
you're careful, they could be exposed because of a data
(04:30):
breach from your banking kind of company, right, So, I
think in those cases you really have no control in
protecting I think the one thing that could help is
at least being aware that if someone knows those kinds
of personal information, it doesn't necessarily means that they've broken
into your system. It just could be that they've obtained
(04:51):
that information from other sources that is available to pretty
much anyone.
Speaker 1 (04:58):
I mean, it's kind of scary to open up your
email and see something like that people accusing you of
doing things you're not doing, and then seeing a picture
of your house, you know, for people who might not
be too Internet inclined, that would definitely throw me for
a bit of a loop.
Speaker 2 (05:13):
Well, absolutely, I would be shocked to receive an email
with like a picture of my front tour and I
guess yeah, and then accusing of things that I don't
know anyone could have done anything similar to that. So
it's really scary.
Speaker 1 (05:30):
Yeah, it is. So who, by the way, who is
behind scams like this? I mean, obviously back in the
day you used to get all the emails from the
Nigerian princes and stuff like that, and you know, there's
all sorts of different scams that have gone on throughout
the years. But are we talking about state actors behind
something like this now? Is this people's state side or
are we talking about just some groups of hackers? Like
(05:53):
who is behind a lot of this?
Speaker 2 (05:55):
Yeah, it's a really great question, and it's a difficult
one to answer unless some police department runs forensics investigation.
I mean, in a theory, it could be anyone, like
you said, it could be sponsored by a government, It
could be a group of hackers just doing it for
monetary kind of purposes. But then looking at this particular case,
(06:22):
it seems like the scammers had a pretty good technical knowledge,
so like they're using kind of terminologies like like Pegasus,
which is a famous mobile malver to also talk about.
I don't know, like they have set up payments through bitcoin,
(06:44):
and that's also it's not a trivial thing. So I
would say in this case, the scammers are really technically advanced,
but it's really hard to tell who's behind it unless
someone runs some kind of forensic analysis.
Speaker 1 (07:02):
Do people tend to fall for scams like this or
do you think that at this point enough people have realized, Okay,
this is not legit, this is somebody trying to take
my money.
Speaker 2 (07:14):
It seems like unfortunately, you still people fall for these
kind of things. And also these scams keep getting more
advanced and more personalized. I mean sometimes and especially if
you read this kind of scam, it's it's kind of
putting like a time fuse for the target that if
(07:35):
you don't pay in a day, I'll do such and such,
and that could kind of trigger the target to do
something without kind of thinking more about it.
Speaker 1 (07:45):
If somebody were to get this email, and I know
a lot of people did, and because there's news articles
about it, police departments are responding to this. Clearly, an
email like this really messed with a lot of us
and scared a lot of people in general. If you're
looking at your email, let's go over best practices. I
suppose what do you do when you see an email
that makes you think, I don't know, is this legit?
Speaker 2 (08:08):
Yeah? I guess, first thing, never click on any links
in that email or if there's anything attached that says
download this file and see that I have evidence of
you doing such and such. Never download anything from these emails.
And I guess I would say the next thing is,
if you're really skeptical that this could be real, you
(08:31):
should go talk to the police.
Speaker 1 (08:33):
Okay, Yeah, And what should you do if you did
click on one of those links, or maybe you got
scared and did find a way to transfer money to
these people, do you have any recourse?
Speaker 2 (08:43):
Yeah? Then in that case you could have been kind
of you could have downloaded a malor into your machine,
and in that case they could actually might have gained
access to your computer. So if you download anything that
is not trusted, especially from these emails, you should immediately
take it to some I guess expert to run security
(09:10):
analysis to make sure the thing you've downloaded does not
put a back door on your machine.
Speaker 1 (09:16):
Okay, And then I suppose if people just want to
be safer online. What are some of your best tips
that people should know when they're just in general trying
to avoid scammers.
Speaker 2 (09:29):
Yeah, I guess in general, don't trust anyone. Never share
private information or any information as long as you don't
need to share for using services. Don't visit websites that
you don't trust. Sometimes even browsing a website could download
(09:50):
a malver onto your device. Also, likewise, don't click on
any links that you get through emails or even on
different websites, so at least and also I guess perhaps
another thing is always have malver kind of detection or
anti malware anti viruses on your machine so that it
(10:13):
keeps the scanning for malicious activities on your computer.
Speaker 1 (10:17):
And when it comes to passwords, please do not do
ABC one two three or like one two three, four
five six like. Please try and do better.
Speaker 2 (10:25):
Passwords absolutely and never share your password with anyone.
Speaker 1 (10:29):
Absolutely not What is a good password? Would you say?
Not not exactly what the password is, but what sort
of elements make a good password?
Speaker 2 (10:37):
I think with password managers, I think it has made
our job way easier to create strong passwords or good
passwords and without the need to memorizing the passwords, and
pretty much any operating system, any phone, so like whether
you have iPhone or Android, or whether you're using Windows
(10:59):
or Mac, they all have built in password managers. And
these password managers are capable of creating good passwords for
you and also storing and memorizing the passwords for you.
So I think that would be the best practice to
just for any new website, just use your password manager
and have it create some really good password and then
(11:21):
have it remember it for you.
Speaker 1 (11:22):
And what about two factor authentication. I'm a big fan
of that. Do you support that as well?
Speaker 2 (11:27):
Well? Absolutely? Yeahword two factor authentication is especially useful when
your password, I mean, no matter how strong good password is,
it could get compromise because let's say the website you're
using their databases compromise or any other reasons. With two
(11:48):
factor authentication, it really makes it difficult for the attackers
and for criminals to get access to your accounts, to
your banking accounts, and to other accounts, even if they
have your passwords, until they also get access to the
second factor of authentication, which could be your phone device. Right,
(12:08):
So it's really helpful in many different settings.
Speaker 1 (12:12):
And you know, Throughout all this, I guess to wrap
it up, the Internet is still a great place to be.
You know, there is still lots of good stuff on
the Internet. There's still plenty of websites and apps and
stuff that are fun to use. So yeah, these scammers
and these emails and all these people who want to
steal your information, that can be a little overwhelming, but
there's still many good reasons to live a life online.
Speaker 2 (12:33):
Well absolutely, I mean I can imagine not going on
the internet like any day that I wake up, right,
so so much things we do from online shopping to
entertainment to connecting with the people, will love right. So yeah,
still Internet it's a great place to do things to
enjoy a life. However, we all have to be aware
(12:56):
of the potential risks and also there are certain ways
that we can enhance our security and privacy on the internet.
Speaker 1 (13:06):
All right, well, professor, thank you so much for your
time on the show. Really good information and we'll take
it to heart as we move ahead.
Speaker 2 (13:13):
Absolutely, it was my pleasure. Thank you so much.
Speaker 1 (13:16):
Have a safe and healthy weekend. Please join me again
next week for another edition of the show. I'm Nicole
Davis from WBZ News Radio. On iHeartRadio,
From WBZ News Radio in Boston. This is New England Weekend,
where each and every week we come together right here
we talk about all the topics important to you and
the place where you live. It is so good to
be back with you again this week. I'm Nicole Davis. Now.
A few weeks back, police departments all over the states
started to put out advisories and warnings about a certain
type of email scam. This scam made a lot of
(00:30):
people feel very, very unsettled. There is a letter attached
in the email that has your name, your address, your
phone number, but then it claims the spammer saw you
doing some really inappropriate stuff by spying on you, and
as long as you pay them a bunch of cash,
they're not going to tell anybody. Of course, it's not
real and nobody was spying on you. But you might
have noticed that these scam emails are coming more and
(00:51):
more often. I wanted us to learn a bit more
about the people behind these emails and how you can
keep yourself safe. So enter Professor A Mere Homan side
over at UMass Ammers. He joins us now with all
the details about this And you know, Professor, I think
a lot of people are wondering, how on earth do
these spammers get my personal information?
Speaker 2 (01:11):
Yeah, that's a great question. I think in this particular case,
a lot of information these scammers have been using these
are just public information. So like if you just even
google your own name on like on the internet, you
will see that your address will pop up, perhaps your
phone number, even your age. A lot of things would
(01:36):
kind of pop up when you just search for yourself online.
So it seems like in this case, the hackers or
the scammers are just relying on public information and they
just attached some screenshots of the street they find for
that particular person, and that all makes it like convincing
(01:56):
to the target, to the victim that they I actually
have something against them.
Speaker 1 (02:02):
I'm sure these are these data breaches that we've had
lately definitely are not helping. There's been some pretty big
breaches from what I've heard from background check companies and
big corporations like that.
Speaker 2 (02:13):
Absolutely absolutely that could be the other source of kind
of information the scammers could could find about people. So
there's been different data breaches left and right, leaking cell
phone numbers and different kind of social interests, even things
(02:34):
about perhaps the model of the car you're driving, and
your insurance company and things like that, and a lot
of those kind of information has also been leaked through
different data breaches, through different organizations.
Speaker 1 (02:49):
Yeah, I mean, I know that using the Internet you
kind of give away a lot of your privacy. Like
these social media apps and stuff that we use, they're
not free. They say they're free, but you're essentially paying
with your privacy. And do you think that that's contributing
to almost this bigger wave of scam emails that we're
seeing lately.
Speaker 2 (03:09):
Absolutely. Yeah, I think, like you said, a lot of
these apps, a lot of these services that you use
for double code free on the Internet, they collect some
personal information from you. And either the information they collect
they could sell it to others or they could just
destroy it on their servers. But then guess what, their
(03:29):
service could get compromised. So even if the apps you're
using they don't share your information with others, they just
could get compromised. So, like you said, yeah, with all
the apps that we use, and with each of them
we're providing different kind of private information and personal information,
we have to assume that anyone could gain access to
(03:51):
that kind of information because once it's out there.
Speaker 1 (03:53):
It's out there, unfortunately, and you've got these websites like
white pages, and like you said, public information kind of
all over the place. How is it possible for us
to protect ourselves from too much of our private information
getting into the hands of these people.
Speaker 2 (04:09):
Yeah, it's a really difficult situation. I mean, in many cases,
even some of these information are scraped from public records
like town records. And also sometimes these happen even if
you're careful, they could be exposed because of a data
(04:30):
breach from your banking kind of company, right, So, I
think in those cases you really have no control in
protecting I think the one thing that could help is
at least being aware that if someone knows those kinds
of personal information, it doesn't necessarily means that they've broken
into your system. It just could be that they've obtained
(04:51):
that information from other sources that is available to pretty
much anyone.
Speaker 1 (04:58):
I mean, it's kind of scary to open up your
email and see something like that people accusing you of
doing things you're not doing, and then seeing a picture
of your house, you know, for people who might not
be too Internet inclined, that would definitely throw me for
a bit of a loop.
Speaker 2 (05:13):
Well, absolutely, I would be shocked to receive an email
with like a picture of my front tour and I
guess yeah, and then accusing of things that I don't
know anyone could have done anything similar to that. So
it's really scary.
Speaker 1 (05:30):
Yeah, it is. So who, by the way, who is
behind scams like this? I mean, obviously back in the
day you used to get all the emails from the
Nigerian princes and stuff like that, and you know, there's
all sorts of different scams that have gone on throughout
the years. But are we talking about state actors behind
something like this now? Is this people's state side or
are we talking about just some groups of hackers? Like
(05:53):
who is behind a lot of this?
Speaker 2 (05:55):
Yeah, it's a really great question, and it's a difficult
one to answer unless some police department runs forensics investigation.
I mean, in a theory, it could be anyone, like
you said, it could be sponsored by a government, It
could be a group of hackers just doing it for
monetary kind of purposes. But then looking at this particular case,
(06:22):
it seems like the scammers had a pretty good technical knowledge,
so like they're using kind of terminologies like like Pegasus,
which is a famous mobile malver to also talk about.
I don't know, like they have set up payments through bitcoin,
(06:44):
and that's also it's not a trivial thing. So I
would say in this case, the scammers are really technically advanced,
but it's really hard to tell who's behind it unless
someone runs some kind of forensic analysis.
Speaker 1 (07:02):
Do people tend to fall for scams like this or
do you think that at this point enough people have realized, Okay,
this is not legit, this is somebody trying to take
my money.
Speaker 2 (07:14):
It seems like unfortunately, you still people fall for these
kind of things. And also these scams keep getting more
advanced and more personalized. I mean sometimes and especially if
you read this kind of scam, it's it's kind of
putting like a time fuse for the target that if
(07:35):
you don't pay in a day, I'll do such and such,
and that could kind of trigger the target to do
something without kind of thinking more about it.
Speaker 1 (07:45):
If somebody were to get this email, and I know
a lot of people did, and because there's news articles
about it, police departments are responding to this. Clearly, an
email like this really messed with a lot of us
and scared a lot of people in general. If you're
looking at your email, let's go over best practices. I
suppose what do you do when you see an email
that makes you think, I don't know, is this legit?
Speaker 2 (08:08):
Yeah? I guess, first thing, never click on any links
in that email or if there's anything attached that says
download this file and see that I have evidence of
you doing such and such. Never download anything from these emails.
And I guess I would say the next thing is,
if you're really skeptical that this could be real, you
(08:31):
should go talk to the police.
Speaker 1 (08:33):
Okay, Yeah, And what should you do if you did
click on one of those links, or maybe you got
scared and did find a way to transfer money to
these people, do you have any recourse?
Speaker 2 (08:43):
Yeah? Then in that case you could have been kind
of you could have downloaded a malor into your machine,
and in that case they could actually might have gained
access to your computer. So if you download anything that
is not trusted, especially from these emails, you should immediately
take it to some I guess expert to run security
(09:10):
analysis to make sure the thing you've downloaded does not
put a back door on your machine.
Speaker 1 (09:16):
Okay, And then I suppose if people just want to
be safer online. What are some of your best tips
that people should know when they're just in general trying
to avoid scammers.
Speaker 2 (09:29):
Yeah, I guess in general, don't trust anyone. Never share
private information or any information as long as you don't
need to share for using services. Don't visit websites that
you don't trust. Sometimes even browsing a website could download
(09:50):
a malver onto your device. Also, likewise, don't click on
any links that you get through emails or even on
different websites, so at least and also I guess perhaps
another thing is always have malver kind of detection or
anti malware anti viruses on your machine so that it
(10:13):
keeps the scanning for malicious activities on your computer.
Speaker 1 (10:17):
And when it comes to passwords, please do not do
ABC one two three or like one two three, four
five six like. Please try and do better.
Speaker 2 (10:25):
Passwords absolutely and never share your password with anyone.
Speaker 1 (10:29):
Absolutely not What is a good password? Would you say?
Not not exactly what the password is, but what sort
of elements make a good password?
Speaker 2 (10:37):
I think with password managers, I think it has made
our job way easier to create strong passwords or good
passwords and without the need to memorizing the passwords, and
pretty much any operating system, any phone, so like whether
you have iPhone or Android, or whether you're using Windows
(10:59):
or Mac, they all have built in password managers. And
these password managers are capable of creating good passwords for
you and also storing and memorizing the passwords for you.
So I think that would be the best practice to
just for any new website, just use your password manager
and have it create some really good password and then
(11:21):
have it remember it for you.
Speaker 1 (11:22):
And what about two factor authentication. I'm a big fan
of that. Do you support that as well?
Speaker 2 (11:27):
Well? Absolutely? Yeahword two factor authentication is especially useful when
your password, I mean, no matter how strong good password is,
it could get compromise because let's say the website you're
using their databases compromise or any other reasons. With two
(11:48):
factor authentication, it really makes it difficult for the attackers
and for criminals to get access to your accounts, to
your banking accounts, and to other accounts, even if they
have your passwords, until they also get access to the
second factor of authentication, which could be your phone device. Right,
(12:08):
So it's really helpful in many different settings.
Speaker 1 (12:12):
And you know, Throughout all this, I guess to wrap
it up, the Internet is still a great place to be.
You know, there is still lots of good stuff on
the Internet. There's still plenty of websites and apps and
stuff that are fun to use. So yeah, these scammers
and these emails and all these people who want to
steal your information, that can be a little overwhelming, but
there's still many good reasons to live a life online.
Speaker 2 (12:33):
Well absolutely, I mean I can imagine not going on
the internet like any day that I wake up, right,
so so much things we do from online shopping to
entertainment to connecting with the people, will love right. So yeah,
still Internet it's a great place to do things to
enjoy a life. However, we all have to be aware
(12:56):
of the potential risks and also there are certain ways
that we can enhance our security and privacy on the internet.
Speaker 1 (13:06):
All right, well, professor, thank you so much for your
time on the show. Really good information and we'll take
it to heart as we move ahead.
Speaker 2 (13:13):
Absolutely, it was my pleasure. Thank you so much.
Speaker 1 (13:16):
Have a safe and healthy weekend. Please join me again
next week for another edition of the show. I'm Nicole
Davis from WBZ News Radio. On iHeartRadio,
Popular Podcasts
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com
24/7 News: The Latest
The latest news in 4 minutes updated every hour, every day.
Therapy Gecko
An unlicensed lizard psychologist travels the universe talking to strangers about absolutely nothing. TO CALL THE GECKO: follow me on https://www.twitch.tv/lyleforever to get a notification for when I am taking calls. I am usually live Mondays, Wednesdays, and Fridays but lately a lot of other times too. I am a gecko.