New type of tech support fraud: Email tells you to call toll-free number

In the last few years, web service providers like Google, Yahoo and Facebook have started sending emails to users to warn them when there is a possible security risk to their account, like an impersonator logging in from an unknown computer.

In the past, bad guys would copy these emails into phishing messages that trick you into logging in to a fake website where they steal your user name and password. Now, these fake security emails give you a toll-free (800) number that they claim you need to call immediately.

If you call the number, two things could happen:

• You get to talk with a real cyber criminal, typically with a foreign accent, who tries to scam you. He or she claims there is a problem with your computer then "fixes" it and asks for your credit card info. 
• You get sent to to voice mail or are put on hold until you hang up, but your phone number was recorded and stored in a queue; the bad guys then call you back and try the same scam. 

Remember, if you get emails that either promise you something that is too good to be true, or provoke you to act urgently in order to prevent some type of negative event, stop! Think. Don't click... or, in this case, don't pick up the phone.

If you ever need to call a vendor, use your web browser to navigate to the trusted vendor URL and call the number listed on the legitimate web page. Never use a phone number provided in an email.

Here is a link to a sample (and humorous) fake phone call, click here: http://cdn2.hubspot.net/hubfs/241394/phone_phish.mp3.