We all spend so much of our time online these days. It’s estimated that the average adult spends the best part of seven hours per day glued to their screens. When we’re finished with work, we’re hitting up our apps to watch TV, do our online banking, play games, socialize with friends – even visit the doctor.
Cybercriminals and fraudsters know all this. They know we’re comfortable with digital interactions, and that we routinely hand over personal and financial information to the organizations we interact with online. And they’ve invented a variety of ways to get ahold of that info, and our hard-earned cash.
This is where we all need to get a bit more digital savvy. By learning what typical tactics the bad guys use, we can stay safer online and keep our personal data and money under lock and key.
We’ve rounded up some of the most common warning signs that should set your alarm bells ringing.
·
The message is unsolicited: These are the classic phishing emails or even texts (smishing) that form the basis of many fraud and cybercrime attacks. There is an almost limitless variety of themes, but phishing generally works via social engineering, a way that fraudsters trick victims into doing their bidding – for example by forcing them into making a rushed decision, and/or pretending to be a representative from a reputable organization like the government, a tech vendor or bank. The end goal is usually to steal logins and personal and financial information, or get the victim to unwittingly download malware.
Fake email notification
·They call you out of the blue: Also known as voice phishing, or “vishing”, scam calls are on the rise. One report claimed they surged 550% in volume year-on-year in Q1 2022. Fraudsters often use these calls as part of a multi-stage phishing attack, with victims tricked into calling the number via a scam email. These “hybrid” vishing campaigns now number 26% of all vishing calls. Popular tactics include cold-calling victims pretending something is wrong with their computer (tech support fraud) or that there is something wrong with one of your valuable online accounts, i.e., typically those containing your personal and financial data.
Transcript of a vishing voicemail message (source: Twitter)
·You’re being rushed into action: This is a common tactic used in social engineering and phishing attacks, designed to pressure the victim into making a rash decision. It could be a prize draw that’s about to end. It could be a fake delivery notice which says the item will be returned to sender unless a tax is paid. The idea is to force that user into opening a malicious attachment, clicking on a malicious link and/or entering their personal details.
Something doesn’t feel right: While fraudsters are working hard to sound more convincing and are bound to co-opt tools such as ChatGPT for their own ends, don’t expect all social engineering scams to suddenly use perfect English. If an email opens with a generic salutation like “Dear client” and/or is laden with grammar mistakes, you’re most likely dealing with a scammer. A message that is sent from a legitimate organization is unlikely to contain a large number of misspelled words or odd mistakes.
Out-of-the-blue requests to download a new update: Software updates are important for your secure and optimized user experience, but you need to make sure you’re downloading your updates from the right source. In other words, be wary of installing anything on your computer that isn’t properly vetted or is not listed for downloaded on a legitimate vendor site/app marketplace. Phishing tactics often try to persuade you to do so. The original message may be spoofed to appear as if sent from a legitimate vendor or service provider like a mobile carrier. https://twitter.com/ESETresearch/status/1384167283644264457
·An alert popup with a number to call in order to cleanse your device of malware: Fake alerts are sometimes designed to facilitate scams, especially tech support scams. Here, fake popups might appear on your screen after visiting a malicious site. The message may incorrectly say the machine has been compromised with malware and that you must call a support number to get their machine cleaned. In fact, doing so will take them straight through to a fraud call center.
Example of a tech support scam
·An offer that seems too good to be true: Scammers frequently take advantage of the credulity of many internet users. It could be high-value products for sale that are significantly marked down in price. Or lavish prizes being offered for participation in surveys. Or even investment opportunities in cryptocurrency with no downsides. The bottom line is that if it looks too good to be true, it usually is.
Fake lottery win announcement
You’re lavished with love after just a few interactions: Lonely hearts who try their luck on dating sites should be aware that many of the profiles they interact with may be fakes. Scammers befriend their victims online and then swiftly move the conversation onto unmonitored channels like encrypted messaging apps. They soon profess their love then try to extract money from their victim, usually for spurious reasons like medical bills, or plane tickets to see their Valentine.
·A request to fill out a survey in return for a gift: As mentioned, survey scams are an increasingly popular way for crooks to elicit personal and financial information from victims. One criminal campaign is netting US$80 million per month from fake surveys and giveaways. Beware those offering generous gifts and too-good-to-be-true offers. There will always be a catch, whether it’s handing over your personal info, or paying a small fee in return for a prize that never materializes.
This fake survey was part of a scam campaign we wrote about in 2018
Upfront requests for money: Instant money transfer apps like Zelle, Cash App and Venmo have made it child’s play to pay friends and family. But scammers are also requesting payment via these apps – for non-existent items they may be selling online, or in romance scams like the one above. They may even pretend to be friends/family requesting emergency funds, or might impersonate a legitimate company and send an invoice for payment. The bottom line is that, unlike card payments, these apps don’t allow the user to recover funds if stolen via fraud. Like cash, once the money’s gone, it’s gone.
With these and any other scams, it pays to be skeptical online. Don’t download anything you haven’t verified is legitimate. Don’t reply to unsolicited emails or texts. Don’t hand over any info over the phone. And pay by credit card wherever possible.
Stay safe!