Some people think they’re immune to cybercriminals. “I’m not even on their radar,” they think. “What are the chances that I’ll get targeted? It’s not like I’m famous or have zillions of dollars.”

Well, let me tell you a cautionary tale: A gentleman named Bob recently called my national radio and television show. He owns a Homeland Security consulting company, so he’s about as knowledgeable about online precautions as a person can be. For work, Bob was using a Yahoo Small Business account, and he needed to upgrade his service.

His instincts were correct. There had been a well-documented Yahoo breach, so Bob was doing his due diligence and updating his software. Tap or click to learn about the Yahoo data breach.

The new cost for doing business in Tulsa.

For those who care about business and this community, we have a deal for you. Start a digital subscription for only $0.99. Sign up now at tulsaworld.com/subscribe.

He had a few questions, did a Google search for Yahoo’s small business helpline and called. Little did he know the listed number wasn’t for Yahoo tech support at all. Scammers found a way to push their fake number to the top of his Google search, and Bob was tricked into calling a convincing-sounding technician. When the person on the other end asked for his login information, including password and home address, he didn’t question the request. After all, Bob called them.

The person on the helpline informed Bob that his account was being hacked “as we speak.” But when they offered to fix the problem by selling a $645 firewall package — which could only be purchased through Google Play Bucks — Bob hung up and shut everything down, including his Wi-Fi.

When he rebooted, Bob discovered ransomware on his hard drive, which prevented him from accessing anything on his computer. He took the machine to some experts, who broke through and eliminated the ransomware. The whole charade cost $210, plus a bruised ego.

Yahoo isn’t the only one to fall prey to this scam. Facebook recently had to contend with a fake hotline that duped many of its social media users. Tap or click to read about the Facebook fake hotline story.

In short: cyber-criminals have become so sophisticated that they can even fool professionals. While I’m sorry that Bob had to experience this firsthand, he was kind of enough to share his story, and there are several great lessons to be learned.

Know how to get help

I know, the world’s most powerful search engine should be able to weed out potential cons, but that’s not how it works. Hackers are brilliant at gaming the system, and they’re just waiting for someone to find that fake number and call.

The truth is, tech support for a company like Yahoo doesn’t usually have a simple 800 number. They would have to field thousands, or even millions, of calls every day. Instead, they typically correspond by email or through a live chat.

So if you find a number at all, be suspicious. At the very least, reverse search any phone number you find through Google or any search engine and look for reported scams. Better yet, use a tool made for the job. Tap or click for 5 tools to find a phone number online.

Check and double-check

Bob’s adversaries used a common scare tactic: They insisted that his computer had been hacked, and he should act quickly before any more damage was done. Desperate to fix the problem, Bob was only skeptical when they asked for an unusual form of payment, Google Play Bucks.

Bob’s computer had been hacked because he had readily given the criminals his login information. For many online services, similar information is regularly given in order to confirm the identity of the customer.

Bob learned his lesson: He should make sure the person on the other end is real. This can be challenging if the criminals are persuasive actors who seem to know what they’re talking about.

Be wary when they call

The same way that tech companies don’t often provide a hotline; they never call you. Unless you have scheduled an appointment or asked for help on a specific problem, tech companies are far too busy to give you a courtesy call.

Many people don’t realize this, and they have fallen for a scam. A prime example is a rash of calls that purportedly came from Microsoft, but were actually phishing operations.


Listen to Kim Komando’s show from 1-4 p.m. Sundays on KRMG am740 or fm102.3. Read her columns or get her newsletters at komando.com.

Subscribe to Daily Headlines

* I understand and agree that registration on or use of this site constitutes agreement to its user agreement and privacy policy.