|
Leon, at this point only you can answer this question and don't answer here for everyone to know. But if you entered any sort of password at all into this wepage, maybe you entered your "usual" password just in case you'd forgotten this site or whatever reason then EVERYWHERE you have ever used that password you need to get changed. the scams are about data collection ultimately, they have little interest in attacking YOU but with traffic logs and things like advertising data collections which are easily purchased they can link your IP address in various logs to start putting together bits of information needed to impersonate someone.
So first step is the social engineering part where they try to panic you and then offer hope and a "safe" way to check, once you click that link you go to a website that looks legit but isn't... your ip address has been collected now the webpage asks you to "confirm" information by answering questions, things like name, username, date of birth, password, whatever. these are all data points now tied to your ip address they've now gathered from you whether you submitted the form or not, they will use javascript in the background that sends every keyboard input back to a server somewhere without you knowing. They may have purchased a marketing database from amazon or google which contains ip addresses and other personal info like credit card details but not passwords but now they can link what you've just given them to what they have from another source and suddenly they quickly have your name, address, phone, credit card details, online username and password etc, everything a growing identity thief needs basically to ruin your life for their own profit.
theres more to it and other methods too but gathering little pieces of information by whatever means and putting them together is the aim, rarely this is done by someone who will use it, more often they compile a complete database of people and sell this on at $X per identity to a criminal enterprise to use in various ways. because its all electronic when things go wrong you might find it impossible to prove you are YOU when someone else can prove it just as effectively.
So anything you typed especially passwords need to be changed. people are creatures of habit and use the same password everywhere because its easy and its usually a regular word, not a random character string including upper and lowercase letters, numbers and symbols too. plus they almost never change them until damage is done.
Fact: online scams, email scams, phone scams are all negated if you take notes on paper, NEVER go to a web address, NEVER click any link in an unfamiliar email (hell, just never from anyone really). You could try to be proactive and seem interested and get their contact details and say you need 30min to go check something before getting back to them. The get online, go to a reputable search engine like Bing or Google, search for the corprate entity the person claimed to be from, for example Commonwealth Bank regarding your account (many people have accounts with them so a guess in this direction will reach many people who the "issue" could plausibly apply. This panic and confusion gives them to control your next steps. But instead contact the entity yourself through publically available contact avenues and ask them if there's a problem with your account and tell them you were just contacted by someone etc... some places may put you through to an investigator to get any information they can from you on the person contacting you so they can help build their own database of scammers that feeds into criminal investigation units that do pursue them and help instigate measures to block them.
Bottom line, ANY business you interact with has an easily found set of ways to contact them from their website, so go find their webisite yourself (dont trust addresses or links given to you) and enquire for yourself. Some banks actively track your spnding habits too and will freeze your account if suddenly odd activity is noticed (like daily withdrawls of maximum limit on account etc) and will send you a letter in the mail for you to contact them to sort it out. its an inconvenience all round these scams and banks are happy to help you because it costs them too.
Scams can come for anywhere really. usually its a complete stranger though via email, social media, phone, etc. It may be a laughably implausible story they spin but its done in bulk to millions around the world at a time. a small enough percentage get suckered in to take the first step involving giving them information or control and the story progresses while they get more from you. Victims often feel ashamed when they realise and rarely speak up about it. Always though, if in doubt you can find the claimed business and contact them yourself through publically obtainable channels. And confirm the alleged emergency for yourself. Even if its real like they were trying to reach you for late fees or something you wont get into trouble for taking a safe method to contact them.
Yes people do suck and some go to extraordinary lengths for apperently little gain. And people also happily give up their own security on the flimsiest of pretexts and even pay for it, thats how 9/11 worked. security and cybersecurity in particular is not in the governments interests to encourage the public to know much about beyond the media spin they control. if you look into the recent history of encryption which is essential in online financial transactions but for private citizens to use could get you thrown in gaol and electronic devices were required to have government known backdoors to get around encryption. this world exceeded the vision of 1984 a long time ago.
those "fun" watercooler office email games that go around like "take you first pets name and your mothers maiden name and you have your porn star name", you've also just given out the answers to two common security questions without thinking about it.
sorry Leon if you got taken in by someone, you're not the first and wont be the last. its often your own fault for not contacting the organisation yourself to see if its all for real or not. the scammers meanwhile learn better ways to lie and what stories work best in various countries and demographics.
you may notice NONE of the above has anything to do with computer viruses etc. No antivirus software will protect you from your own gullibility.
|