Friday, November 22, 2024
37.0°F

Tab nabbing: How to avoid being a victim

by Terri Dickerson Special to
| November 17, 2018 12:00 AM

Tab nabbing is when hackers hijack your open browsers and redirect them to a fake site that they set up for the sole purpose of stealing your username and password. This allows the hacker to rewrite tabs and their content while the tab stays inactive. These fake pages are loaded on our computer and look legitimate. This page directs the user to enter their information and, voila!, your information just got sent straight to the hackers.

Many of us do things like check our bank accounts, credit cards, shop online and pay bills all simultaneously. To do this we have several open tabs on our computer at once. While we think of it as multitasking, hackers think of it as open doors into our personal information. All these open tabs allow hackers to potentially and more easily steal our information.

One account that is particularly vulnerable to tab nabbing is our banking sites because they automatically go inactive after a certain amount of time and then automatically log us off. If this happens, DON’T log back in using the same tab. Completely close the tab and log back in using a fresh tab.

Why? Because scammers have figured out a way to redirect us to what looks like our legitimate bank site. Logging into the fake site allows hackers to log into our real site with our credentials.

Many financial institutions are starting to use two-factor authentication. That’s an added security measure requiring a code be sent to your phone via text that you then use to login with a username and password. That way, even if a hacker has your login, they don’t have your code.

To protect your accounts, remember to close those tabs once they go inactive.

•••

CREDIT CARD STATEMENT SCRUTINY: If you shop online, you may be leaving yourself vulnerable to cybercrime and scam artists. Why? Criminals tend to target online retailers who allow customers to set up accounts and save their credit card or payment information to their accounts.

Here’s the reality: While you may think your personal information is safeguarded, con artists are more sophisticated than ever. They’re easily able to target unsuspecting consumers with fake online purchases.

A reader called to say he had ordered something on Amazon and three weeks later, when it hadn’t arrived, he called Amazon to find out why. Turns out the item had been shipped to Boise. Upon closer investigation, so had a big screen TV along with a few other electronic items for about $3,400.

Because these items were paid for by the customer’s credit card on file, he received a replacement for his stolen merchandise and a refund from his credit card company for the other items. His credit card company is going after the crooks but he’s left wondering how the scammers got his password.

Check your credit card statements regularly to make sure there aren’t any unauthorized charges on your account.

•••

AMAZON ISN’T IRONCLAD: And they aren’t immune to hackers hijacking their emails, either. I’ve received several complaints from local consumers who have received an email from Amazon entitled “Your Recent Order Cannot Be Shipped.”

When the consumer clicks on the email, they’re directed to “click here” to find out why their package cannot be shipped. That link embedded in the email asks the customer for their name, physical address and credit card information, and then to click and save to continue.

From there the customer is redirected to the actual Amazon site. This all looks authentic and sanctioned by Amazon, but beware: It is not. These emails are scammers on the prowl looking to steal our personal information.

Amazon is aware of the problem. Their recommendation is to not click on these emails but instead log into your Amazon account directly and check the status of your order under “Your Orders.”

Amazon started these emails as a convenience to customers but, unfortunately, scammers have found a way to make it convenient for them to steal your personal information.

•••

MAKE THOSE ROBOCALLS STOP! I get a few calls a week from local readers asking how they can make those annoying robocalls stop. Well, there’s good news on the horizon. To help us out, most major carriers are starting to offer free services to vet out those pesky calls.

Here’s a list of major carriers offering robocall blockers: AT&T has something called Call Protect App; Verizon is using Caller Name ID; T-Mobile has Scam Block; and Sprint is initiating a service called Premium Caller ID, but this one will cost you about $2.99 per month and it’s a little different because you register your name and phone number as legitimate then it vets out the spam calls.

Some phone makers are also starting to help. For example, Samsung Galaxy, starting with their S7 phone, has something called Smart Call but you must activate it. The Google Pixel phone comes with a Google phone app to help manage robocalls.

Finally, there are third-party apps that offer services too. Truecaller and YouMail are free services. YouMail is designed to trick robocallers into thinking you don’t exist. Yay! Nomorobo is a service that costs about $20 per year to help you identify and block robocalls. Oh, and I like the name of this one: RoboKiller. This app is about $1 per month.

The worst thing you can do is choose to opt out by either pressing 9 or saying a word as instructed to opt out. This is a trick designed to get you to engage. Once you do, the calls will actually increase rather than decrease.

•••

Remember: I’m on your side.

•••

If you have encountered a consumer issue that you have questions about or think our readers should know about, please give me a call. As The CDA Press Consumer Gal, I’m here to help. You can either email me at terridickersonadvocate@gmail.com or call me at 208-274-4458. Please include your name and a phone number or email. I’m available to speak about consumerism to schools, and local and civic groups. I’m a copywriter and consumer advocate living in Coeur d’Alene.