Scammers have been around as long as history has been recorded. Think about the famous ‘Trojan Horse’ for example. A perfect scam that allowed attackers to get behind the city walls. The same is still happening, although the technology has evolved from wooden horses to digital ones. Even with the change in technology, deception, especially that which uses emotions to deceive, has not.
Modern scams perpetuated through email, text messaging or social media are some of the most common and damaging scams we see. Here are some recent tricks and scams to watch for:
Social Media Deals Are Sometimes Too Good To Be True
A great deal on something awesome comes up on social media, maybe it is a PlayStation 5 or some adorable purebred puppies, and even better, it is on the social media page of someone you know. You DM them quickly and they ask you to make a deposit via CashApp or another money service that is in someone else’s name so they can hold it for you. When you go to pick up the item, it turns out it never existed. Scammers are taking over social media accounts to pull off things like this. Always make sure when you send money, even if it is to someone you know, that it is being sent to an account that matches their name, and if they are a friend, text them or call them if the deal seems too good to be true. Protect your own accounts with strong passwords and two-factor authentication (2FA) to keep this from happening to your friends and family.
Stay Alert of Text Message Scams
You get a text message from your bank telling you that a small debit purchase, often less than $10, has been completed from your checking account. It conveniently includes a link for you to see the details of the charge. You click on the link, log into your account, only to find there is no charge. Scammers have really just tricked you into logging into a fake site that then forwards you to your bank. That fake site has stolen your username and password, which they now use to empty your account for real. If you get an unexpected text message that says a withdrawal or payment has been made from your account, log directly into the website, or open the banking app on your phone, the information will be there if it is legitimate. Do not ever follow a link in one of these text messages.
Email Security - Always Think Before You Click!
When HR sends an email, it is often time for concern, however it is currently time for annual reviews, raises and bonuses, so the calendar invitation is a welcome message. You click on the link to accept the invitation for the meeting and enter your credentials so the meeting can be added to your calendar. You smile as you think about how well you have done this year, and about the trip to Bora Bora you will take with your annual bonus. Unfortunately, what you did is give bad actors access to your email account. They swiftly create email rules that forward emails with certain keywords to their other accounts, then delete or hide the original email. They use this to take over email conversations, spread malware within the organization, reset passwords on an account with access to sensitive employee information, then steal that information and use it to steal the identity of co-workers. Due to losses from the breach, bonuses are canceled, and Bora Bora is not going to happen. When receiving emails, even those that are internal, be careful where links take you, especially if entering credentials.
Clearly scams and cybercrime are here to stay, and as our lives become more digital, scammers will have more opportunities to attack us. While there are technical tools to help in the battle, learning to spot these scams and report them to social media platforms or to security teams within your organizations is the single most effective way to avoid falling for them. As we enter the holiday season this year, you know scammers are not taking a break, but are instead planning their own trips to Bora Bora with the money they steal from others during this season.
Be careful, pay attention, know that if a deal is too good to be true, it probably is. Stay safe!
Stay up to date on the rest of this evangelist series to help keep you and your users safe during Cybersecurity Awareness Month and beyond!