Don’t be their next victim – here’s a handy roundup of some of the most common signs that should set your alarm bells off
We all spend so much of our time online these days. It is estimated that average adult expenditure the best part of the seven hours per day glued to their screen. When we get off work, we use our apps to watch TV, do online banking, play games, socialize with friends – even visit the doctor.
Cyber criminals and scammers know all of this. They know that we are comfortable with digital interactions, and that we regularly share personal and financial information with organizations with whom we interact online. And they’ve found a variety of ways to get to that info, and our hard-earned money.
This is where we all need to be a little more digitally savvy. By learning what typical tactics bad guys use, we can stay safer online and keep our personal data and money safe.
We’ve rounded up the 10 most common warning signs that should set your alarm clock off.
1. Unsolicited message
This is classic phishing email or even text (smishing) which form the basis of many fraudulent attacks and cyber crimes. There are almost unlimited variations on the theme, but phishing generally works through social engineering, a way that fraudsters trick victims into doing their bidding – for example by forcing them to make hasty decisions, and/or pretending to be representatives of a reputable party. organizations such as governments, technology vendors, or banks. The end goal is usually to steal your login and personal and financial information, or get you to unknowingly download malware onto your device.
2. They call you out of the blue
Also known as voice phishing, or “vishing”, scam calls are on the rise. One report claim they jumped 550% in year-over-year volume in Q1 2022. Fraudsters often use these calls as part of a multi-stage phishing attack, with victims tricked into calling the number via a fraudulent email. These “hybrid” vishing campaigns now account for 26% of all vishing calls. Popular tactics include cold-calling victims who pretend, for example, that something is wrong with their computer (tech support fraud) or that something is wrong with your valuable online account, ie, usually one that contains your personal and financial data.
Example of a telephone scam in which the fraudster attempts to convince the target that their identity has been stolen (both samples displayed pre-recorded messages, but in the second sample the target ended up connecting to an actual person.)
3. You are in a hurry to act
This is a common tactic used in social engineering and phishing attacks, designed to pressure victims into making rash decisions. This could be a prize draw that is about to end. This could be a bogus shipping notice saying item will be returned to sender unless taxes are paid. The idea is to force users to open malicious attachments, click malicious links, and/or enter their personal details.
4. Something went wrong
While scammers work hard to sound more convincing and are bound to co-opt tools like ChatGPT for their own purposes, don’t expect all social engineering scams to suddenly use perfect English. In other words, if an email message is sent from a free email service like Gmail, opens with a generic greeting like “Dear client” and/or is loaded with grammatical errors, you are most likely dealing with a scammer. Messages sent from legitimate organizations are unlikely to contain lots of misspelled words or strange errors.
5. Sudden request to download new update
Software updates are important for a safe and optimized user experience, but you need to make sure you download updates from the right sources. In other words, be wary of installing anything on your computer that isn’t properly vetted or isn’t listed for download on legitimate app vendor/market sites. Phishing tactics are often trying to persuade you to do it. Genuine messages may be spoofed to appear as if they were sent from legitimate vendors or service providers such as mobile carriers.
“#What is it Pink” trojan can now auto-reply messages received not only on WhatsApp, but also Signal, Skype, Viber and Telegram. The reciprocating links to malicious websites further distribute malware. #ESETresearch @LukasStefanko 1/3 pic.twitter.com/B5X0DEQTx2
— ESET Research (@ESETresearch) April 19, 2021
6. A pop-up alert with a number to call to clean your device from malware
Fake alerts are sometimes designed to facilitate fraud, especially tech support scams. Here, fake pop-ups may appear on your screen after visiting malicious sites. The message may falsely say that the machine has been compromised with malware and you should call the support number to clean their machine. In fact, it will lead them directly to a scam call center.
7. An offer that seems too good to be true
Scammers often take advantage of the credibility of many internet users. These can be high-value products for sale that have been significantly reduced in price. Or the lavish prizes offered for participating in surveys. Or even an investment opportunity in cryptocurrency without any losses. The point is if it looks too good to be true, it usually is.
8. You are showered with love after just a few interactions
Lonely hearts trying their luck on dating sites should be aware of the many profiles they interact with maybe fake. Scammers befriend their victims online and then quickly move the conversation to unmonitored channels such as encrypted messaging apps. They immediately profess their love and then try to take money from their victims, usually for trumped-up reasons such as medical bills, or plane tickets to see their Valentine.
9. Requests to complete surveys in exchange for prizes
As mentioned, survey scams are an increasingly popular way for criminals to obtain personal and financial information from victims. One criminal capture campaign US$80 million per month from fake surveys and giveaways. Be wary of those who offer generous prizes and offers that are too good to be true. There will always be obstacles, whether it’s giving up your personal information, or paying a small fee in exchange for a gift that never materializes.
10. Request money in advance
Instant money transfer apps like Zelle, Cash App, and Venmo have made it child’s play to pay friends and family. But scammers also demand payment via these apps – for items that don’t exist, they might be selling online, or in a romance scam like the one above. They may even pretend to be friends/family asking for emergency funds, or they may impersonate a legitimate company and send out a bill for payment. The point is that, unlike card payments, this app does not allow users to recover funds if stolen through fraud. Like cash, once it’s gone, it’s gone.
With this and other scams, you should be skeptical online. Don’t download anything you haven’t verified is legit. Don’t reply to unsolicited emails or texts. Do not provide any information over the phone.