MONEY

5 Easy Ways to Avoid Getting Hacked at ATMs

A customer uses an automated teller machine (ATM) outside a Lloyds Bank branch, a unit of Lloyds Banking Group Plc, in London, U.K., on Tuesday, May 12, 2015. The U.K. government sold about 634 million pounds ($987 million) of shares in Lloyds Banking Group Plc, cutting its stake to less than 20 percent a week after elections. Photographer: Jason Alden/Bloomberg
Jason Alden—© 2015 Bloomberg Finance LP. A customer uses an automated teller machine (ATM) outside a Lloyds Bank branch, a unit of Lloyds Banking Group Plc, in London, U.K., on Tuesday, May 12, 2015.

Scammers are having a heyday. Here's how to stay safe.

That ATM you’re using may not be safe.

As my colleague Daniel Roberts points out, citing a report in the Wall Street Journal: “withdrawing money from an ATM is more dangerous than it’s been in a long time—specifically, the worst it has been in two decades.”

The story features some alarming statistics from credit-scoring company FICO. Security compromises of debit card data that have been traced to ATMs on-site at banks rose 174% from the beginning of the year to April compared to the same time last year. And off-site ATM fraud spiked 317% in that time versus the same period last year.

In other words, criminals are having a heyday. So how can you remain safe when banking on the go? Here are Fortune’s top tips to keep you from getting ripped off:

1. Cover up your personal identification number

Shielding the ATM keypad as you type in your security code will help prevent onlookers from glimpsing your PIN. It’s a simple solution but one of the best ways to thwart so-called shoulder surfers from stealing your passcode. (Be careful of video cameras, too.)

2. Check for compromised machines

One of the most popular means by which criminals steal payment card data is through a device known as a “skimmer.” A crook will plant one of these gadgets on the “swipe” or “dip” port on an ATM, where it may read the magnetic strip on your card and rip its data. The thief can then create counterfeit cards, or use the card information to make purchases online.

3. Use ATMs on bank premises

ATMs that are on-site at your bank are less easily tampered with than ones outside. Just look at the numbers provided by FICO, as mentioned above: 174% increase in compromises for bank-based ATMs versus 317% increase for the rest.

4. Limit your exposure

Using ATMs less frequently will lessen the risk that you’ll encounter a bad machine. Try taking out larger sums of cash less often, or conducting more business at the counter or via mobile apps.

5. Promptly notify your bank of any bad transactions

If you suspect that something is amiss, call your card-issuing bank immediately. Many of them require that you notify them of unauthorized transactions within a 60-day period after you receive your banking statement.

Heed this advice, and stay safe out there, friends.

TIME Security

5 Easy Ways to Avoid Getting Hacked at ATMs

A customer uses an automated teller machine (ATM) outside a Lloyds Bank branch, a unit of Lloyds Banking Group Plc, in London, U.K., on Tuesday, May 12, 2015. The U.K. government sold about 634 million pounds ($987 million) of shares in Lloyds Banking Group Plc, cutting its stake to less than 20 percent a week after elections. Photographer: Jason Alden/Bloomberg
Jason Alden—© 2015 Bloomberg Finance LP. A customer uses an automated teller machine (ATM) outside a Lloyds Bank branch, a unit of Lloyds Banking Group Plc, in London, U.K., on Tuesday, May 12, 2015.

That ATM you’re using may not be safe.

As my colleague Daniel Roberts points out, citing a report in the Wall Street Journal: “withdrawing money from an ATM is more dangerous than it’s been in a long time—specifically, the worst it has been in two decades.”

The story features some alarming statistics from credit-scoring company FICO. Security compromises of debit card data that have been traced to ATMs on-site at banks rose 174% from the beginning of the year to April compared to the same time last year. And off-site ATM fraud spiked 317% in that time versus the same period last year.

In other words, criminals are having a heyday. So how can you remain safe when banking on the go? Here are Fortune’s top tips to keep you from getting ripped off:

1. Cover up your personal identification number

Shielding the ATM keypad as you type in your security code will help prevent onlookers from glimpsing your PIN. It’s a simple solution but one of the best ways to thwart so-called shoulder surfers from stealing your passcode. (Be careful of video cameras, too.)

2. Check for compromised machines

One of the most popular means by which criminals steal payment card data is through a device known as a “skimmer.” A crook will plant one of these gadgets on the “swipe” or “dip” port on an ATM, where it may read the magnetic strip on your card and rip its data. The thief can then create counterfeit cards, or use the card information to make purchases online.

3. Use ATMs on bank premises

ATMs that are on-site at your bank are less easily tampered with than ones outside. Just look at the numbers provided by FICO, as mentioned above: 174% increase in compromises for bank-based ATMs versus 317% increase for the rest.

4. Limit your exposure

Using ATMs less frequently will lessen the risk that you’ll encounter a bad machine. Try taking out larger sums of cash less often, or conducting more business at the counter or via mobile apps.

5. Promptly notify your bank of any bad transactions

If you suspect that something is amiss, call your card-issuing bank immediately. Many of them require that you notify them of unauthorized transactions within a 60-day period after you receive your banking statement.

Heed this advice, and stay safe out there, friends.

MONEY Scams

Feds: Millions Targeted By ‘Phantom’ Debt Collection Scheme

couple on cell phones
Getty Images

A Georgia firm called millions of consumers attempting to collect on "phantom" debts, federal investigators allege.

A Georgia firm called millions of consumers attempting to collect on “phantom” debts, and tricked consumers by citing personal information purchased from payday loan lead generators, federal investigators allege.

A lawsuit against Universal Debt and Payment solutions and a host of related companies was revealed Wednesday, alleging the firm’s tactics included purchasing personal information from data brokers that operators could use to convince victims to pay debt they didn’t owe. Agents would use names like “LRS Litigation Group,” “Worldwide Requisitions,” and “Arbitration Resolution,” and tell consumers they risked jail time if they didn’t pay immediately. The claims were bolstered by operators’ citing personal information, including bank account numbers, the CFPB alleges, that had originally been obtained by payday loan lead generation websites and sold to data brokers.

“Our lawsuit asserts that consumers were harassed, threatened, and deceived as part of a reprehensible scheme to collect debt that was not even owed,” said CFPB Director Richard Cordray. “We are taking action against the many parties that allegedly contributed to this phantom debt collection operation. The ringleaders of the scheme, the telemarketing company that broadcast millions of robo-calls, and the companies that processed the payments should all be held accountable for taking advantage of vulnerable consumers.”

In one example cited in the lawsuit, a consumer complained that he received a threatening call while he was asleep.

“The caller stated that he had a ‘restraining order against (the consumer) to appear in court if I didn’t settle with them.’ The caller said the consumer had 24 hours to pay $500 on a $1,600 debt to Bank of America, or the collector would ‘contact (the consumer’s) employer to levy (his) wage, and they were also contacting the local police to serve papers,’” the lawsuit alleges. “According to the complaint, because he was scared, the consumer provided his bank card information. After making the payment, the consumer’s wife informed him that they had never done business with Bank of America.”

A phone call to the number listed for Universal Debt was answered by a man who said he was sick and was unable to answer questions about the lawsuit. Asked if he had a lawyer, he said he couldn’t afford one.

The CFPB lawsuit also names several service providers, including Global Payments, which processed the debt collector’s credit card payments.

“Payment processors provided substantial assistance … enabling the Debt Collectors to accept payment by consumers’ bank cards when the Payment Processors knew, or should have known, that the Debt Collectors were engaged in unlawful conduct,” the CFPB alleges.

The firm did not immediately respond to requests for interview.

The CFPB also named Global Connect, LLC in the lawsuit for enabling the debt collectors to initiate millions of calls.

“(It) provided this service when it knew, or should have known, that the messages it broadcast for the Debt Collectors were unfair or deceptive, and materially contributed to the Debt Collectors’ scheme,” the lawsuit says.

Global Connect did not immediately respond to a request for comment.

The alleged scheme plays on a common problem — consumers who don’t know if a debt collection call is legitimate. If you’re worried about whether you have any debts haunting you, you can check your free annual credit reports for collection accounts. And if you want to see how a collection account can hurt your credit, you can check two of your credit scores for free on Credit.com.

More from Credit.com

This article originally appeared on Credit.com.

MONEY Taxes

Last-Minute Tax Filers: Beware of This Obamacare Scam

pill bottles with money in them
Adrianna Williams—Getty Images

If you don’t have health coverage, you pay a penalty to the government. And scammers are ready to take advantage of that.

For all stripe of rip-off artist, tax season might as well be called open season. Scams are legion, and navigating a solution after the fact can be somewhere between maddening and negotiating an Iran deal that everyone likes. Last month the IRS issued a warning that received scant attention from the media, but nonetheless could impact millions of taxpayers this year — particularly targeting low-income, elderly and Spanish-speaking taxpayers.

The scam takes advantage of the Individual Shared Responsibility Provision of the Affordable Care Act. It’s a penalty, but one with many exemptions. Because it is somewhat complicated, the new provision has become the object of many fraudsters’ affections, especially during tax season.

This is the first year that taxpayers must confront this new liability. In the simplest of terms, if you don’t have health coverage, you pay a penalty to the government.

The provision is intended to induce people to get coverage, since individual shared responsibility is all about increasing the number of Americans enrolled in health insurance plans in order to enlarge the pool to spread risks and reduce costs. Regardless of what you think of that theory, that’s the informing principle.

So what is the penalty? While at first blush it doesn’t sound like a huge amount of money, it’s not nothing either — especially to a family who is forced to live paycheck to paycheck. It can be 1% of a family’s annual income (minus the tax return filing threshold for your filing status), with a maximum penalty being the national average cost of a bronze plan, or it can be calculated as $95 per adult and $47.50 per child under the age of eighteen, capping out at $285 for a family. The amount per adult will increase each year. In 2016, it will be $695 per adult and $347.50 per child, capping at $2,085 per family.

For an unscrupulous tax preparer the Shared Responsibility penalties can add up to quite a caper. How so? Because the scam involves A) taking advantage of the inherent complexity of the exemptions and B) pocketing the penalties. Sometimes the scammer claims he or she can reduce the cost of the penalty because they have created a pool for leverage, or they simply claim that paying them directly instead of the government is “how it’s done.”

The only thing you need to know is: That’s not how it’s done. The easiest way to avoid this scam is to remember one rule: Only pay the IRS. Period.

There is some good news. While you are required to report whether or not you have health care coverage on your tax return, the majority of filers will not have an issue here. It has been estimated that only four million of the estimated 30 million uninsured will have to pay the Shared Responsibility Provision in 2016. But here is where fraudsters see their honey pot, using complexity to fleece honest taxpaying citizens while exposing them to penalties when the IRS circles back to get money that was stolen from them.

Are you off the hook for paying the penalty? Here’s the list of exemptions to see if they might apply to you (consult your tax preparer as this column is not meant to serve as a substitute for professional tax advice):

  • There were no “affordable” options for you, because available annual premiums were in excess of 8% your household income.
  • You had a gap in coverage less than three consecutive months.
  • Your household income was below the return-filing threshold ($10,150 for an individual on a 2014 tax return).
  • You are not a U.S. citizen, a U.S. national, nor an alien lawfully present in the United States.
  • You belong to a health care sharing ministry.
  • You belong to a federally-recognized Native American tribe.
  • You are in a jail, prison or another qualifying institution — such as a psychiatric hospital, etc.
  • You belong to a qualifying religion existing prior to December 31, 1950, recognized by the Social Security Administration (SSA).
  • You qualify for a hardship exemption.

Hopefully it’s not news that you need to choose a tax preparer wisely. There are many fly-by-night operations that are literally gone in the blink of an eye the minute April 16th rolls around.

That said, most tax preparers work hard to get you the best possible refund (or the lowest possible amount due) while remaining scrupulous and sticking to the letter of the law—and that is no easy task given the complexity of the Internal Revenue Code of 1986. If you are unsure about a tax preparer, you should ask for references or, even better, consult the IRS’s searchable database of tax preparers that are recognized by the agency.

This story is an Op/Ed contribution to Credit.com and does not necessarily represent the views of the company or its partners.

More from Credit.com

This article originally appeared on Credit.com.

TIME Security

5 Surefire Signs That Craigslist Ad is Fake

man-behind-laptop
Getty Images

How to tell if that post is legit

This story was originally published at the Daily Dot.

If the Internet is like the Wild West, Craigslist is one of its most lawless saloons.

Illustrating this perfectly was a recent ad that appeared on the site offering dog-walking services. Coming out of Seattle, the ad quickly went viral, with many praising it as basically the best thing ever. However, the narrative surrounding the ad has quickly taken a turn, as the Seattle poster has suggested it was a joke, and the Internet quickly labeled it a hoax. However, author Jason O. Gilbert has come forward to say that he originally wrote it sincerely, albeit comedically, four years ago in New York.

Regardless of ownership, however, the viral dog-walking ad poses interesting questions about Craigslist, and the Internet at large. How do you know what is fake, and what is real anymore online? Fortunately, when it comes to Craigslist, there are several helpful signs to help you figure it out.

1) It seems like it’s trying to be funny

In its recent form, the Craigslist dog-walking ad was lauded for making fun of rich people, student loans, and life after college. However, Gilbert’s version is supposedly more about just being broke and the appeal of laying all your cards out on the table. It’s pretty funny stuff either way, but according to Gilbert, the ad is less satire than it is an attempt to be playful and clever. Nevertheless, it’s worth noting that the overt silliness of the ad should be an indicator that it’s not your average Craigslist posting.

A better example of this may be a supposed American Airlines ad from March of last year, looking for a pilot and crew for some jets coming in from Brazil. Coming out of Dallas, the almost assuredly fake post mentions that the planes “are extremely shiny and they have that new plane smell that pilots love.” It further tells the reader: “Contact me anytime. Seriously. Anytime. I’m desperate here . . . I may already be screwed. Ugh. Please call. Please? Hello?”

In any case, the fact is that while Craigslist is ridiculous, and people post all manner of crazy yet entirely real stuff on it, most users aren’t going to take the time to craft a long, comedic ad, if they have something legitimate they want to accomplish on the site.

Read the rest of the story at the Daily Dot.

MONEY identity theft

18 College Students Arrested in Tax Identity Theft Ring

Vice President Joe Biden, center, speaks during a graduation ceremony at the Miami Dade College in Miami, Saturday, May 3,2014.
Javier Galeano—AP

Students in Florida allegedly stole tax refunds.

In November, the U.S. District Attorney of Southern Florida charged 18 Miami Dade College students for allegedly using stolen identities to file fraudulent tax returns and receive the refunds on their student bank accounts, but investigators think there are more people who have carried out the scheme, the Miami Herald reports.

Higher One accounts allow students to receive their financial aid or student loan refunds directly to a bank account, usually with an associated debit card, rather than wait for the school to cut a check. Many students use their loan refund (the amount left over after the school has taken what it requires for tuition and fees) to handle their education-related expenses like housing, textbooks, food and extracurricular activities.

The investigation identified more than 1,000 student accounts at Miami Dade College, most of which were Higher One accounts, that were used in a tax-fraud scheme, according to a news release from the district attorney’s office. Identity theft is a common crime in Florida — it has the most fraud complaints per capita of any state, according to the Federal Trade Commission, and tax-related identity theft is the most common kind of fraud reported.

It’s unclear how this crime seems to have become a pastime for college students, but it wouldn’t be surprising if it was something students see as an easy way to make money: One of the Miami Dade College cases includes a student who allegedly received $53,272 of fraudulent tax refunds to his Higher One account.

That’s a significant sum to most people, let alone a college student, but identity theft and tax fraud are serious crimes, not just for the perpetrators, but also for the victims. First of all, it makes tax season that much more complicated for people whose personal information has been stolen and used to file fake tax returns, and they’ll almost certainly see a delay in receiving their legitimate refund. Some people really count on that money, making the crime a financial burden for victims.

Then there’s the lifelong stress of knowing your personal information has been stolen. You have no idea who has your Social Security number and if it’s being used fraudulently. You can minimize the negative impact of some types of identity theft by monitoring your credit, because any unexpected changes could be an indicator of fraud, but you often can’t detect anything until damage has already been done. Still, keep a close eye on your credit by getting your free credit report summary every 30 days on Credit.com.

The investigation revealed some student accounts were used for more than just tax fraud — they seemed to have stolen Social Security benefits, as well. If convicted, the students involved in the fraud could face federal prison time.

Some students’ alleged involvement was limited to allowing their accounts to be used to launder the stolen money in exchange for a few hundred dollars, the Miami Herald reports, and U.S. Attorney Wifredo Ferrer said he believes this issue isn’t limited to Miami Dade College.

“We applaud the announcement by the authorities in connection with tax refund fraud at Miami Dade College,” wrote Lauren Perry, spokeswoman for Higher One, in a statement emailed to Credit.com. “We have been working with the authorities on these types of cases in southern Florida for some time now. … We will continue to be vigilant in safeguarding our customers’ personal and financial information and will work with our bank partners to report these illegal activities to authorities.”

More from Credit.com

This article originally appeared on Credit.com.

MONEY Taxes

How Identity Thieves Stole $5.2 Billion from the IRS

Invisible Man at computer
Getty Images

And how to make sure you won't be their next target.

More than $5 billion, with a B: that’s how much the IRS estimates it mistakenly paid to identity thieves last year, according to a new study from the Government Accountability Office. The thieves filed fraudulent tax returns on behalf of unsuspecting citizens, and the IRS didn’t catch the fraud until after long after the refund checks had been sent. The only good news? It could have been a lot more money. The IRS estimates it identified and stopped another $24.2 billion in attempted fraud — but the agency acknowledges it’s hard to calculate the full extent of the problem.

Here’s how thieves get away with it: You usually receive a W-2 from your employer by the end of January, then file your tax return by April 15. During that time, thieves steal your identifying information, file fake returns on your behalf, and collect the refund check. It all happens pretty quickly, since the IRS tries to issue your refund within three weeks of receiving your return.

Employers have until March to send their W-2s to the Social Security Administration, which later forwards the documents to the IRS. The IRS doesn’t begin checking tax returns against employers’ W-2s until July. The GAO has found that it can take a year or longer for the IRS to complete the checks and catch the theft.

The easiest way you can deter this kind of fraud? File early, and file electronically. Once the IRS receives a return with your social security number, the agency will reject any duplicate filings and notify you right away. The IRS is also piloting an initiative to issue single-use identity protection PIN numbers to taxpayers who have verified their identities.

Still, the danger could be growing: As recently as 2010, tax– and wage-related identity theft made up just 16% of all ID-theft complaints at the Federal Trade Commission. Last year that portion rose to 43%. Below are four more common ways ID thieves can strike — and what you can do to protect yourself.

1) Purloined paper.

Have tax documents sent to a P.O. box or delivered electronically so they can’t go missing. Shred extra copies. “Your tax return needs to be treated as an item of extreme privacy,” says Staten Island CPA John Vento.

2) Unsecure networks.

Never file electronically over public Wi-Fi or a network that’s not password-protected. Make sure you have up-to-date antivirus software and a firewall on your home computer.

3) Dodgy emails.

Be leery of any email claiming to be an IRS notice of an outstanding refund or a pending investigation; the IRS will never email you to request sensitive information. Forward suspect messages to phishing@irs.gov. Other electronic traps: fake websites similar to irs.gov, and tweets purporting to be from the IRS (@IRSnews is the verified handle).

4) Phone fakes.

In October of last year, the IRS warned of a sophisticated phone scam in which callers already knew the last four digits of your Social Security number and mimicked the IRS toll-free number on your caller ID. If the IRS calls you out of the blue, hang up and call back (800-829-1040).

This advice was excerpted from MONEY’s 2014 Tax Guide.

TIME Malaysia

Malaysia Is Becoming a Global Hub For Internet Scams Preying on the Lovelorn

IAC Will Turn Match Dating Service Into a Separate Business
Andrew Harrer—Bloomberg/Getty Images The Match.com website is displayed on laptop computers arranged for a photograph in Washington, D.C., U.S., on Thursday, Dec. 19, 2013.

The ease of obtaining visas, opening bank accounts and arranging money transfers are all part of Malaysia's newfound criminal appeal.

Lax student visa regulations and a high-tech banking system has made Malaysia a global hub for Internet scams, according to U.S. officials, with money being swindled out of unwitting Americans and Europeans by racketeers prowling online dating sites.

The conmen typically hail from Nigeria or Ghana and dupe lonely, middle-aged men and women from the U.S. and Western Europe through matchmaking services like Match.com, reports Reuters. A dozen new cases are reported to the U.S. embassy in Kuala Lumpur every week, with scam complaints forming four-fifths of new work for duty officers.

“This is a serious issue hurting many Americans financially and emotionally,” said a U.S. embassy spokesperson. “We would hope that through publicity more Americans would be made aware of these scams.”

While most Internet users have received — only to swiftly mock and discard — some crude Nigerian scam emails, these tricksters are more sophisticated, and slowly build trust as a budding romance ripens. Then the request for money comes, normally a relatively small amount at first; but once the hooks are in, the victim struggles to turn down subsequent heftier demands without admitting to having been hoodwinked.

“Some victims find it very hard to break away from the relationship, even when they’ve been told it’s not real,” says Professor Monica Whitty, an expert on Internet fraud psychology. “So the criminal admits to scamming the victim but says that they also fell in love with them at the same time, and they get back into the same scam.”

But it is not just lovelorn Americans who are being swindled; other foreign embassies in Kuala Lumpur are dealing with similar complaints, reports Reuters. Whitty says that at least 500,000 U.K. citizens have fallen prey to such “sweetheart scams” since the phenomenon was first reported around 2007.

Slightly more men than women are duped by fraudulent lovers, but men are less likely to seek recompense out of embarrassment.

“Some people mortgage their houses to pay these criminals,” Whitty says, “but often the devastation they feel is more about the loss of the relationship than the money — of realizing they’ve been duped.”

And worryingly, such scams appear to be growing more common; last year, U.S.-based IT security developer SOPHOS ranked Malaysia as sixth globally in terms of cyber crime threat risks, as the total cyber crime bill topped $300 million. The ease of obtaining visas, opening bank accounts and arranging money transfers are all part of the nation’s criminal appeal.

“Scammers are increasingly using targeted social engineering attacks against their victims due to the extremely high success rate,” Ty Miller, an Australian security expert and founder of Threat Intelligence, tells TIME. “This not only affects individuals, but also organizations.”

Awareness and technology are key to tackling this scourge, says Miller, who is running a fraud-prevention course in Kuala Lumpur in October. “Techniques can be deployed that allow malicious individuals to be tracked,” he says, “which as time goes on will build intelligence to unveil the identity of the perpetrators.”

Amirudin Abdul Wahab, CEO of CyberSecurity Malaysia, an agency under the Ministry of Science, Technology and Innovation, says all involved nations must share information and jointly investigate cases according to agreed procedures and technical processes.

“Various authorities from the various countries involved should work together rather than blaming each other,” he said by email. “These countries need to synergize their efforts, in order to effectively address this scam problem.”

TIME Crime

Infomercial Star Kevin Trudeau Jailed For 10 Years

Kevin Trudeau
Chicago Tribune/Getty Images Kevin Trudeau walks through the Dirksen U.S. Courthouse in Chicago, Illinois

The judge called Trudeau "deceitful to the core" at sentencing Monday, after the author violated a 2004 court order prohibiting him from running misleading ads for his bestseller "The Weight Loss Cure 'They Don't Want You To Know About"

Too-good-to-be-true TV infomercial star and best-selling author Kevin Trudeau was sentenced to 10 years in federal prison Monday for defrauding millions of people with a phony weight-loss book.

“Since the age of 25, [Trudeau] has attempted to cheat others for his own personal gain,” U.S. District Judge Ronald Guzman said at the 51-year-old’s sentencing Monday, adding that the scam artist was “deceitful to the core.”

A jury convicted Trudeau for violating a 2004 court order that prohibited him from running misleading ads for his bestseller The Weight Loss Cure ‘They Don’t Want You To Know About, which encouraged 500-calorie-a-day diets and hormone treatments. In spite of the order, Trudeau reportedly ran infomercials for the book 32,000 times.

The NYT bestseller sold 850,000 copies and created $39 million in revenue, but when Trudeau was fined $37 million he claimed to be broke — and that he didn’t know where he put $100,000 in gold bars he bought.

While Trudeau’s defense claimed that the 10-year sentencing over a $30 book was “overblown and unfair”, Guzman noted that the huckster had been violating similar court orders since the 90’s.

Trudeau sold millions of other books including Debt Cures ‘They’ Don’t Want You to Know About and Natural Cures ‘They’ Don’t Want You to Know About and was fined $2 million by the FTC for claiming that Coral Calcium could cure cancer.

Trudeau’s attorneys plan to appeal the case.

TIME Security

New Netflix Phishing Scam Threatens the Internet

Robert Galbraith—Reuters

Computer security experts are warning about an elaborate new tech support scam where thieves pose as Netflix and Microsoft employees to steal from unsuspecting victims.

Computer security experts are warning about an elaborate new tech support scam where thieves pose as Netflix and Microsoft employees to steal from unsuspecting victims.

In the phishing scheme, potential victims’ login credentials are stolen by a fraudulent Netflix website. Scammers will then tell you that your account has been suspended for “unusual activity,” suggesting you call a toll-free phone number to address the issue.

Of course, that phone number doesn’t connect to Netflix – it’s a direct line to a call center in India trained to trick you into giving hackers access to your computer. If you’ll let them, the scammers will not only steal sensitive files from your computer, but swindle you out of $400 to “fix” your hacking problem.

The best way to avoid this scam is to know about it. It’s also worth investing extra caution when dealing with any kind of email alert about an account, online or otherwise. Don’t click on links in emails – type the company’s URL in your address bar manually. There are even more great tips in our guide to protecting yourself against online threats, helping you avoid all sorts of other scams.

The full, winding details of the scam are available on the Malwarebytes Unpacked blog. You can see a walkthrough of the scam in the Malwarebytes video below.

This article was written by Fox Van Allen and originally appeared on Techlicious.

More from Techlicious:

Your browser is out of date. Please update your browser at http://update.microsoft.com