Category: Safety | Internet Security

In Part 1 and Part 2 of our series on scams we have explored many of the common scams that cybercriminals use to steal our data. It may result in an instant financial loss or later down the road when you least expect it.  Some scammers simply sell your information.  Being scammed once may not effect you greatly, especially if you have secured your accounts.

However, the more information that is gathered about you can eventually result in identity theft.  At the very least, more scams will come your way. So, in our final article in this series (part 3) we look at additional scams that affect individuals and businesses alike. It’s a reminder for all of us to be internet savvy and spread the word about false information and scams.

Creative Scams Compromising Security

CEO Fraud

CEO fraud, also known as Business Email Compromise (BEC), has evolved from emails to text messages, tricking employees into divulging sensitive information, transferring funds, or interacting with malware.

Employees are advised not to respond to suspicious text messages that appear to be a CEO fraud attempt. Instead, it’s best to inform IT, and the impersonated executive of the incident, and then delete the message.

Cybercriminals can easily obtain personal and company information for their scams through social media networks.  Social media networks, especially those focused on business and employment, provide cybercriminals with a wealth of personal and company information.

Making social media profiles private, and being cautious about connection requests, can help protect against CEO fraud.  This reduces the amount of personal information that is publicly available and can be used by cybercriminals to carry out their scams.

BEC Scams are no longer limited to message from someone impersonating a CEO, emails may also come from fake suppliers and business associates.

Job Scams

A job scams has a very basic promise.  A scammer poses as a company that wants to hire you. They prey on the emotion that you are excited to get the job. The pay is good, and you can start right away. It may be a full time, part time, or temporary job.

Cybercriminals use the lure of work to trick job seekers into providing personal Information.

A resume plus a photo ID is more or less a complete picture of a person’s personal identity, which is what makes these types of scams so dangerous.

In order to make this scam work, cybercriminals are counting on our level of comfort in providing personal information to potential employers, as well as our motivation to earn extra cash.

These two components allow this scam to operate, so it is important to stay ware.

The Fee-Based Scam:   When a cybercriminal posing as a legitimate employer will insist that a job seeker pay a small fee for “start up” materials.​ Or they are asked to pay twenty or thirty dollars for things like training or a background check, only to have the prospective employer vanish into thin air.

For a remote salesperson job opportunity, job seekers may be asked to pay for access to a list of sales leads could never lead to a scam.

Even if a job is only temporary or seasonal, it’s important to take the time to confirm that the company is legitimate before forwarding personal information to the potential employer.

The Use of Images in Phishing Email

When most of us think about phishing email, we consider the subject line and the message that as been cleverly written to fool us. But what if there isn’t much text at all in an email.  Instead, there is an image.

Your standard phishing email doesn’t usually come with an image. Which is why a gift card phishing email that includes images looks so legitimate.

Visual marketing is just as successful in the professional world as it is in the cybercrime industry.  Visual marketing is defined as a strategy used to depict concepts that would otherwise be hard to explain through text.

To add to the confusion, 67% of scammers opt to leave the subject line empty in malicious emails. Empty subject lines are quick and easy for cybercriminals to send out and have an engaging air of mystery for the user.

Phishing emails that have blank bodies and blank subject lines are known as “blankets.” These type of phishing emails are known as “probes,” and are sent as a quick way for cybercriminals to identify active email accounts.

Scams Related to Selling Items Online

The Fake Payment, or Bogus Fund request:  It’s when a scammer poses as a buyer and asks to pay via a mobile payment app, but then sends a fake payment notification. They hope you will send the item before you notice the payment never occurred. Or the scammer will insist that they actually paid you twice and ask for a refund for one of the fake payments they sent you.

Fake Check Overpayment Scams:  A scammer will send you a check for more than the sale of your items.  They will ask you to refund back the difference.  The check you deposited won’t bounce for a few days, long after you have given the scammer your hard-earned money. They will also have the item that you were selling if you have already sent it to them.

Verification Code Scams

If you have been wise and set up multi-factor authentication for your accounts, there is a way scammers can trick you into sending them that code. It’s called the verification code scam.  They will call you pretending to be someone official associated with your account. They will say there is an issue and for it to be solved, you first need to verify yourself by sending them an authentication code.

You agree.

From there, the scammer will try to login into your account. This will trigger the code to be sent to you.  You think the person on the phone sent you the code, but it; s actually your legitimate account that the scammer is truing to clog into.

This scam can also be carried out when selling items online.  The scammer will claim to be nervous about online scams and send you a verification code. They will then ask you to send them the code, which, if you do, will allow them to open a new account linked to your phone number.

One-Time Password Scams

A one-time password (OPT) is a form of multi-factor authentication that provides a unique code each time a user tries to log into an account. These newly created passwords are sent to a user’s mobile device or email. They are triggered after a user tries to login to an account, providing an extra layer of security.

Scammers are now trying to dupe people into giving them this password. The scammer may have learned your phone number and email from various sources. They will try to log in to your account, which will generate a password being sent to you. The scammer will then call pretending to be the company of your account. They’ll say they need your password to verify you as the account holder. This is a scam. You should never share your one-time password with an unsolicited caller.

These one-time passwords are automatically sent to you as a convenience. No legitimate organization will call unsolicited, asking for your OPT.  Signs of a potential scam is if your email inbox is flooded with one-time passwords. You should consider resetting your main password as a precaution.

For additional security, companies are utilizing enterprise password management on premise to manage passwords, credentials, and sensitive data centrally within their own infrastructure. This is instead of using cloud-hosted services.  Setup ensures that all data, including as passwords and encryption keys remains stored and managed on the company’s servers or data centers.

Caller ID Spoofing

We have covered phone scams in other parts of our scam series, but it’s worth noting that caller ID spoofing takes things to a new level as scammers try to get people to let their guard down when answering calls.

With online communication services like Google Voice, cybercriminals can change their area code or even their full phone number to match that of the person they are calling.  If you identify a call as spoofed, you should not answer it. When a scam call is answered, it will often lead to more calls in the future.

If you do answer an unknown call that appears to be from the government, remember; employees do not call unsolicited, especially to ask for money or account information. If someone calls claiming to be a friend or family member in urgent need of money, it is recommended in this training that you proceed with caution.  Consider confirming with the person through another method of contact before taking action.

Public Wi-Fi Scams

The main security issue with public Wi-Fi is that it is public.  Their public nature becomes a tempting environment for cybercriminals, as a password given out by a barista or written on a chalkboard is the same as no password at all.

It’s important to always verify the network you are using.  Cybercriminals can set up fake or spoofed networks disguised as a public hotspot.  The spoofed network may even have a name similar to the network in question and allow you to browse normally.  However, it may send you to a fake website and ask for login or payment information.  Or it may simply spy on you.

Always verify the network you are using with a staff member and look for encryption.  Encryption, such as SSL, helps to make network connections more secure. Website should begin with https. A padlock icon also indicated that the network is secure.

It’s good practice to turning off the Wi-Fi on your mobile device when you are not actively using it. This will prevent it from automatically connecting to public networks in places you’ve visited before.

How Scams Increase Cyber Attacks

While cyber criminals are looking for a quick easy profit by scamming money directly from you, there are many other reasons why your personal information alone is of great value to them.

An email address and a password can be worth as much as $1000 on the dark web.  The information gathered in scams increase the effectiveness of cyber attacks against people and companies,

Here are a few ways just one piece of information can compromise your data many times over.

Credential Stuffing Attacks

In this this type of cyberattack a cybercriminal uses previously exposed account information across other unrelated services to try and gain access to multiple accounts.

Credential stuffing can be highly effective, as many of us who don’t use a password manager rely on the same, or similar, passwords.

Preventing a credential stuffing attack is focused primarily on not re-using passwords. Utilizing truly unique passwords across all accounts is the way to go, which is where a password manager tool can be so effective.

Credential stuffing is similar to a brute force attack, but with credential stuffing, the cybercriminal is using a password they already know.

This creates a much more targeted and successful attack if their target reuses the same, or similar, password.

Brute Force Attacks

The tools associated with a brute force attack are relatively easy for a cybercriminal to get their hands on, which makes them common.  Brute force attacks are a trial-and-error method of trying to decode a password or encryption key to access a device or account, which can also lead to a hijacking attack.

Using automated tools, cybercriminals can systematically test thousands to millions of password combinations every second. Even adding a few extra characters can help extend the overall decoding time significantly and may be enough to deter an ongoing brute force attempt.

Cybercriminals have been using artificial intelligence technology to train their tools to target passwords more efficiently by feeding it previously exposed passwords as a reference point.  By using these previously exposed passwords, mixed with our tendencies to use common passwords, cybercriminals can improve their success rate in their attacks.

Ex-Scammer and Conman Frank Abagnale reveals the red flags that every scam has. They made a movie about him starring Tom Hanks and Leonardo Dicaprio called ‘Catch Me If You Can’.

Read Part 1 and Part 2 of our scam series to learn specifics about how to:

• Be alert about common scams.
• Create unique passwords for each of your accounts.
• Use a password manager so you don’t have to remember your complicated passwords.
• Set up multi-factor authentication.
• Ensure your Wi-Fi connection is secure.
• Enable automotive updates for all devices and software installed on those devices.
• Learn the SLAM method to prevent clicking malicious links.
• Don’t respond to unknown texts.
• Don’t call back anonymous phone numbers.

Part 1:  Common scams to be aware of and prepare for.
Part 2: Common scams and common sense prevention.

The digital revolution has enlightened us with a wealth of opportunities, but it has also opened the floodgates to a myriad of threats that we need to be acutely aware of. For families particularly, making our way through an online world can be akin to a safari through an electronic jungle. It’s fraught with hidden dangers that could strike when you least expect it.

But before you panic, there are steps you can take to protect you, your family, your home, and the multiple devices connected to the internet.  We’ll dissect and discuss the digital threats that families face, arming you with the knowledge to safeguard your loved ones.

Unraveling the Enigma of Cybersecurity for Families

When we hear the term “cybersecurity,” we often think of high-level breaches at large corporations or the data breaches that make the headlines. However, the digital domain is not confined to these big spectacles of hacking or espionage. When facing data loss, a common question that arises is: Can you recover lost data? – and the answer often depends on factors such as the cause of the data loss, the extent of damage, available backup solutions, and the effectiveness of data recovery tools or services. In the daily lives of families, cybersecurity takes on a more personal form, where the threats are numerous and, in some cases, increasingly sophisticated.

For families, cybersecurity should be approached with a layered defense strategy. The core is your home network, which must be well-protected by a robust firewall and encryption. The next layer concerns the devices you and your family members use. These should have quality antivirus software, regular updates, and secure passcodes. Beyond these is the outer layer, which includes the human element – education and awareness are key to reducing the risk.

Starting with the Fortress: Your Home Network

The home network is where all online activity begins and ends. It’s the digital living room where the entire family gathers, but if it’s not secure, it’s like leaving the front door open for cybercriminals. Ensuring the security of your Wi-Fi network is the first step in safeguarding your family’s online presence. Start by changing the default network name and password to a unique, strong passphrase. Use the latest Wi-Fi encryption and consider hiding your network’s SSID to make it less visible to potential intruders.

Another vital aspect of securing your home network is ensuring the physical security of your network equipment. Place your router in a central location but away from windows to limit the reach of your signal outside the house. If possible, use security locks or place it out of reach of young children to prevent accidental tampering.

Shielding the Devices in Your Digital Home

Smartphones, tablets, laptops, and smart devices are the gateways to the digital world for many families. Each one represents a potential point of entry for a cyber threat. Ensuring these devices are secured is essential. This means not only enabling and updating device-specific security features such as firewalls but also being mindful of the apps and programs you install. Stick to trusted sources like Google Play Store or Apple’s App Store, keep an eye on permissions app requests, and regularly review the list of installed software for anything that seems suspicious.

Parental controls are also a powerful tool for protecting young users from inappropriate content and online interactions. Many devices and systems offer built-in controls, or there are numerous third-party solutions that cater to different needs and levels of oversight.

The Human Element and Online Education

Even the most secure digital fortress is only as strong as the individual members that defend it. No device or network can protect against every threat, so educating your family about online safety is crucial. Start with the basics of creating strong, unique passwords for each online account, avoiding suspicious links and downloads, and being cautious about what information they share online, especially in public forums or on social media platforms.

For younger children, start with foundational lessons about not sharing personal information, not talking to strangers, and always seeking a parent’s help or advice when unsure about something online. It’s also important to encourage an open dialogue about online experiences so that family members feel comfortable sharing if they encounter something that makes them uncomfortable or seems dangerous.

Weaving the Web of Family Privacy in a Public Domain

Privacy is another significant concern in the online space, and the stakes are never higher than when it involves our families. From personal data misuse to unsolicited access to children’s lives, the smallest breach can have devastating consequences. In the era of oversharing and always-on connectivity, maintaining a semblance of privacy can be a battle. However, there are concrete steps families can take to bolster their privacy defenses.

The Delicate Tapestry of Personal Data

Our personal information is crucial in the digital age, driving internet algorithms and possibly leading to security threats. It’s vital for families to discuss online data sharing and understand how to protect sensitive information. Evaluating the necessity of sharing personal details, like home addresses in gaming apps or location tags in photos, is key to maintaining privacy and security online.

The Dual-Edged Sword of Parental Controls

Digital services now offer robust parental controls, like Google Family Link and Apple’s Screen Time, allowing parents to manage their children’s online activities, including setting time limits and approving app downloads. However, the effectiveness of these controls depends on active parental involvement. It’s important for parents to not only set these controls but also to engage with their children about their online behaviors and the reasons behind the rules, ensuring kids’ online safety.

The Eternal Vigilance of Staying Informed and Updated

In the digital jungle, the map is constantly changing. New threats emerge regularly, and old ones evolve. Staying informed and being proactive with updates can often mean the difference between safety and compromise. This is true for both devices and knowledge.

The Ongoing Battle Against Technological Obsolescence

Older devices pose efficiency and security risks due to manufacturers ceasing updates, leaving them open to exploits. Families should monitor device lifecycles for timely upgrades or replacements. If buying new devices isn’t an option, keeping them updated, preferably through automatic updates, is crucial for security. These updates can offer protection against the latest threats.

Knowledge Is Power: Staying Informed About the Latest Threats

Keeping the family safe online requires a commitment to ongoing education. The world of cybersecurity is vast and complicated, with new threats and best practices emerging regularly. Fortunately, there are numerous resources available to help families stay informed.

Follow cybersecurity blogs and news outlets that often report on new developments. Educate yourself on cloud security and encourage family members to share articles or insights about online safety with each other. Empower kids by teaching them about online safety and discussing real-life examples of cybersecurity risks.

The digital world is an inexorable part of our lives, and for families, understanding and addressing the associated risks are non-negotiable. By treating the online environment with the same prudence, we do our physical one, we can forge a safer, more secure experience for our families. Encourage open discussions, remain vigilant, and foster a culture of digital responsibility, and the internet can remain the wondrous tool of education, connection, and fun that it is meant to be.

Welcome to Part 2 in our series of scams to be aware of. With a bit of knowledge and some common sense,  you can be equipped to protect your identity, your devices, and your bank account.  I’m sure scammers sleep, but their schemes and systems set in motion that attempt to infiltrate cyber security forces, do not.

Some scams are carried out in person with a live scammer on the phone. Or, they may be on the other side of a text.  However, many scams are spam emails, spam texts, robocalls, fake websites, malware and virus attachments.  Some even involve mail fraud.   The list of of old and new scams seem endless but before you panic, take a deep breath.

There are simple things you can learn that apply common sense to prevent you from being fooled.  So, let’s get into it shall we?

Imposter Scams

Imposter scams, also known as impersonation scams, are scams involving cybercriminals who are pretending to be someone, or something, they are not. The most commonly reported impersonation that scammers will utilize is that of a government official.  Other examples are a scammer posting as someone you work with or trust, such as a bank, technology company, or a relative.

Signs of an imposter scams is a sense of urgency to act now to avoid of being arrested, threats of account deactivation, or additional fees being charged. Threatening language and requesting payment in obscure ways, such as with a gift card, are also common signs of an imposter scam.

Artificial intelligence (AI) is also being used to make these scams more authentic by cloning voices or creating deepfake videos.

Wrong Number Text Scams

Receiving unsolicited phone calls from unknown numbers has been common for years.  Recently, text messages from unknown numbers or entities are on the rise. Often, the messages appear to be mistakenly sent. Many people may text back with “wrong number”, but this will only verify your number to scammers. Never respond to these messages or you will begin to receive more of them.

Unsuspecting receivers of these messages who beginning communicated with the scammer will eventually receive a malicious link after trust is gained. Never click any link sent to you in a text unless you verify that you are in fact speaking to someone you know. Confirm with them if they sent you the link.

Scammers may send messages for days or weeks before doing anything suspicious.  When you receive these messages, check for blocking or reporting options on your mobile phone.

Deepfake Scams

These types of scams are also known as synthetic media or an imposter scam. A deepfake is a type of artificial intelligence that uses machine learning algorithms to manipulate images, audio or videos.  You may receive an email from your friend or boss, followed up by a phone call where the scammer has used AI to mimic their voice. Video is often used on social media to give credibility to an offer in an advertisement.

To help spot a video deepfake, experts recommend looking for irregular blinking and eye motion, inconsistent lip synching, flickering around the edges of the subject, and odd-looking teeth.

To help spot an audio deepfake, experts recommend listening for irregular high and low pitches within the audio, lack of background noise, and awkward pauses.

If you received a frantic phone call from a family member in trouble and something seems off, let them know you want to verify that it’s really them calling. Ask them a few questions that a scammer could not possibly know.  Such as, what is the color and year of your car?  Where did we go on vacation last year?  Or, name three of your best friends.

Mail-in Scams

Most people may not think of a scam coming in your mailbox.  We are so used to junk mail that much of it is thrown away.  But just like phishing through an email, scammers send out bulk mail in hopes of catching someone who is not paying close attention. It may be a fake bill stating that you are behind in your mortgage, or a fake utility bill requesting payment on a fake website or by mailing payment directly.

Fraudulent mail may also come as handwritten notes from a scammer pretending to be a friend.  Think of all the ways phishing emails you receive. These can just as easily come in the form of junk male.   A scam known as the “Hard Luck Story” takes the form of a scammer impersonating a friend or stranger needing assistance, but this letter is really coming from a scammer.

Social Media Phishing Attacks

Most of us feel comfortable on social media.  After all, it’s where we connect with friends and family. There is also the potential to make new friends in community groups.  The more relaxed we are in the social media environment, the easiest it is for cybercriminals to scam us.

These scams are dangerous for both an individual and an organization. The takeover of a business or brand’s social media account by cybercriminals can have devastating consequences.  Many social media phishing attacks begin with cybercriminals gathering publicly available information.  They will use this to fool you into clicking a link or forwarding a message to all your friends.

Use the privacy controls on personal and business social media accounts to keep personal information out of public view.  Including your location, full name, and lists of connections.  You can also take from the SLAM Method (used to inspect possible phishing emails) and adapt it to social media.

Social Media Cyber Safety

Fake Customer Service Accounts

Scammers will create fake customer service social media accounts of real companies and respond to help requests with a link to fake login pages where they can steal the user’s credentials or ask for payment for repair services.

Reporting all unusual activity you notice or suspect on social media helps keep the whole community safe.

Account Hijacking

Account hijacking happens when someone gains unauthorized access to a user’s social media account, usually through a weak password. Hijacked accounts are actively used by scammers to impersonate the user, send phishing messages to followers, post harmful content, or steal the user’s personal information.

Malicious links that could infect your device with viruses or malware can also come through social media via messages, comments, and posts by other users. If hacked, your account can be used to distribute scams and malware to your friends.

How to Prevent Account Hacking

Scammers often use information from multiple online profiles, such as answers to common security questions, to gain access to your other accounts.  Disconnecting third-party apps that you no longer use can help keep your social media account secure.

Don’t use the same password for all your social media accounts. Using the same password across multiple platforms means if a hacker uncovers your password to one account, they also gain access to any additional accounts that use the same password.

Learn how my daughter’s Instagram account was hacked because of malicious link:

Teach the SLAM Method reviewed in part 1 to children so they won’t become another victim of a scamming text that preys on emotions.

Visual Spoofing

Visual spoofing is an action performed by a cybercriminal to disguise a website or email.  Domain spoofing can also occur when a website is made to look like a legitimate website. Link in emails can also be cleverly disguised to catch you off guard.  Looking closely at the URL will reveal that there are additional characters in the domain that seem to fit at first glance.

Scammers may also use different characters from other languages or accents over letters in the domain name. Something as simple as using the capital letter O instead of the number 0 can fool people.

Scammers don’t stop there.  If you happen to end up on one of the scam websites, it may be copied from the original website to look real, including the design and products listed.

Be cautious of all links. It’s always better to access any website directly instead of clicking a link.  Look for fake logos, poor website design or spelling errors.  Keep your browser up to date allowing for automatic updates for all software and operating systems on your devices.

Pig Butchering Scam

This sounds like a weird name for a scam.  In pig butchering scams, the scammer first builds trust through a new business relationship or friendship.  It can happen through email or text.  So, just like a farmer fattens up a pig before it’s time to send it to the butcher, the scammer is prepared their victim to eventually give them money.

Typically, they use the lure of guaranteed quick profits from cryptocurrency investments to convince the victim to invest.  If you find yourself in this situation, conversations may go on for weeks or months until your defenses are totally down and you won’t think twice about investing or helping your new friend.

Be cautious of “wrong number” text scams, which may be a ploy to start a friendly conversation and eventually launch the scam.

Formjacking Scams

In a formjacking scam, cybercriminals target a website and insert malicious code to skim sensitive information from the sites form pages.  Form pages can be anything, from a basic contact form to an online shopping cart, or payment form.

The information that scammers are after are passwords, login credentials, and payment information. These can include bank account numbers and credit card data.

Unfortunately, consumers are at the mercy of companies to ensure their forms are not being used to skim information.  There’s no way of knowing is a web form is compromised or not, even for the most tech savvy person.

However, there are ways to mitigate the effects in the event your data is skimmed.

Best Practices for Protection Include:

Monitoring your credit card statements, banks accounts, and credit scores for unauthorized, unfamiliar and suspicious activity.

Use banking apps that alert you through SMS or push notifications in real time about transactions made on your account.

Notify your bank as soon as possible if you noticed fraudulent transactions.

Using multi-factor authentication on all accounts when possible.

These methods won’t stop form jacking but they make it difficult for criminals to siphon funds from a compromised account.

Signing up for identity theft protection that monitors your credit score, will let you know about changes connected to your finances.  For example, it will email you when a new account is opened in your name.  These services also identity theft insurance and provide services to help you clean up the mess made some any cyber breach that causes you financial harm.

Common Sense for Common Scams – Wrap Up

There will never be a shortage of scams to write about.  As technology grows and changes, someone somewhere in the world is thinking about a new year to use it for malicious purposes.  However, we hope you have seen a common theme of how some basic tips, combined with common sense, can help to be prepared. Always take a second look when something strange comes to you in an email, a text, or app.

Learn more about Scams – Part 1 and Creative Scams Part 3

So many scams, too little time to stay ahead of them all. Cyber criminals are not nice people, but they certainly are creative; always thinking of new ways to scam you. Scammers are opportunists working in multiple areas at the same time. Their motivation is money. They will either access your personal information and sell it to others or easily steal your money outright.

You may not know about every scam that’s on the internet or offline in the real world. But there are common ways of how you can be aware of and prepared for all potential scams. That doesn’t mean you shouldn’t try to learn about old scams and new ones that are created.

Common Scams to Be on the Look Out For

In Part 1 of our scam awareness series, we look at common scams and new scams that are ever emerging.  Through this education on scams, you’ll notice a persistent theme of how you can be prepared. Even if a brand-new scheme designed to fool you rears it’s ugly head for the first time, there are consistent things you can do to protect yourself.

Most people become victims of scans through email and texts.  The first defense against malicious messages is to follow the SLAM Method.

SLAM stands for Sender, Links, Attachments, and Message. All of these elements should be scrutinized.  

Sender: Don’t accept message requests from outside of your known circle of friends or connections.  Don’t accept friend requests from anyone you don’t know.

Links:  Do not click on any links in social media posts, profiles or messages unless you can see the full URL and be certain that the site is legitimate.

Attachments: Never download or open attachments from social media posts, profiles or messages.

Message:  Look carefully at the body of any social media message or post that you are interacting with. If it feels off, contains misspellings, off grammar or even uncharacteristic emojis, you might be looking at a phishing attempt.  Be wary of messages that push you to take some urgent action or another.

Remember the SLAM Method throughout our scam educational series.  But we’ll also be looking at scams that also happen via direct communication with scammers.  Let’s begin!

Charity Scams

Types of charity scams include:

Crowd Sourcing Scams:  Don’t take for granted that all is legit. Scrutinize the validity of the crowding funding request.

Post Tragedy Scams:  When a tragedy strikes, scammers will sometimes spoof the website or create a site that closely resembles the site of a legitimate donation site.

Firefighter, Police and Military Scams:  These scammers will often use familiar or local organizations to build trust and take people off guard.   Some will directly target military veterans and their families.

Warning Signs of Charity Scams:

1. Requests for cash, money wire, or gift card donations can be a red flag. Use a credit card instead.
2. Non-tax deductible donations are a red flag that a charity may not be legitimate.
3. Pressure Tactics: Real charities will never use a hard sell or pressure tactics to solicit a donation.
4. Fake information: Charitable donation websites almost always end with .org and domains will always start with https:// not http:// without the “s”.

Beware of fake charities based related to common world issues, such as what happened during the pandemic. Scammers prey on the emotions of people who want to help those in need of disaster relief, such as during war or refugees fleeing their country for safety or a better life.  Charity and disaster fraud often increases during the holiday season.

Cybercriminals will also call people thanking them for a previous donation, a donation which may have not been made. Veteran fraud and disaster fraud are often the premise used for fake charity scams.

Marketplace Scams

There are two categories within marketplace scams.

Non-Payment Scam:   In a non-payment scam, cybercriminals will use a phony screenshot of a completed cash transfer to trick a victim into shipping an item.

Non-Delivery Scams:  Scammers trick victims into paying for goods and services that are never delivered.  They offer prices that are almost too good to be true.

Non-delivery scams advertise popular items and services at deeply discounted prices and ask for payment using gift cards or cash payment through a payment app.

Marketplace scams come in many forms so always be cautious.  These creative types of scams also happen when individuals are selling items online.

Prevention Tips:

1. Know your marketplace:  When shopping online, do so on trusted sources with secure processing and payment policies that protect consumers.
2. Use a credit card:  Credit card companies have systems and policies in place to protect against a fraud.
3. Stay on the platform you are shopping on:  Scammers will try to bait their victims into leaving the marketplace platform for messaging and payment.

Gift Card Scams

It may seem obvious to many that that any legitimate organization would ask to be paid in gift cards.  Still, it’s a common scan that pulls people in. Scammers create a sense of fear and urgency pressure their targets into acting quickly without thinking. Asking to keep the transaction a secret is a warning sign of a gift card scam.

Cyberthieves prefer gift card payments because they offer anonymity.  Unlike other forms of payment, transactions can be anonymous and are difficult to trace or reverse, unlike bank transfers.  Gift cards are also widely available and offer immediate access to funds once the victim buys a gift card at a local store and send the scammer the number and pin to redeem the funds.

What To Do If You Are Targeted

Any gift card payment request is likely a scam and should be ignored. If you receive a phone call, email, or text message requesting a gift card as payment, immediately hang up or delete the message.

Contact the company directly using a known number or email address instead. If you have an account with the organization, log into your account to see if there are any notices, such as an overdue payment.

Display Name Scams

Display name spoofing occurs when the cybercriminal manipulates the sender’s display name or makes the display name look like an email address.  Seeing a legitimate display name deceives you into believing that it’s from a trusted email source.

If a sender looks familiar, but the message makes unusual requests, it is best to contact the person or company directly through another method of contact.

Delivery Scams

Types include:

Pet Delivery Scams: These are fake ads where payment is required upfront.

• Protect yourself asking to see the pet in person before you pay.

Fake Delivery Notifications:  Here, scammers mimic big name online shopping or shipping companies in their delivery scam messages. They claim there is a problem with the delivery of your package, or you need to confirm something has been delivered.

• Be cautious of clicking on links or downloading attachments.  Never enter personal information when requested. Verify the tracking number and status of a delivery through the companies’ official website. 

Non-Delivery Scams:  An example of a non-delivery scam in this training involves making a purchase online, but never receiving the order or confirmation details of the purchase.  Only make purchases on reputable websites.

• When you do make an order, follow up immediately if you don’t receive a confirmation of your order. Check the address on the website and phone number. 

If you are unable to make contact and your credit card was charged by a non-delivery scammer, you should call your credit card company and consider deactivating the card.

Transportation Scams

Scammers will make phone calls or send messages via text or email claiming that your flight has been delayed or cancelled. Messages will likely include links that offer a refund for the flight or an opportunity to rebook for a small fee.  Airlines will never ask for a fee to rebook. Contact your airline directly on their website or call them to enquire about the status of your flight.

Cyberthieves also set up fake websites or send messages offering deals on rental cars as well. Always verify the URL and company phone number before booking. In your unsure, going to directly to the official website is always better than clicking a link.

Learn the dangers of freight scams.  Be on the look out for gifts and rewards being offered by transportation companies. Tread carefully and do your research before jumping on a deal that may be a scam created to steal your information or your money.

Technical Support Scams

Technical support scams often involve cybercriminals pretending to work for well-known companies to fix non-existent issues. They manipulate victims to build trust and convince them to comply with their demands.

A scammer gaining remote access to your device remotely can install harmful software or access sensitive data, leading to significant privacy and financial risks.

Requests for payments to be made via gift cards or cryptocurrencies should always be treated as a scam.

Technical support scams often start with unsolicited pop-ups or phone calls warning of an issue with your device.  These tactics are designed to create urgency and trick victims into engaging with the scammer.  Malware may contain a fake phone number urging you to call to fix issues you are having with your device.

Pop-ups may happen when visiting infected websites.  Or, they can occur if your computer is infected by malware. To guard against these issues, install anti-malware software to both prevent and remove malware.

Even if you are certain that you may be dealing with a legitimate company who has called about your account, express your concern and state that you wish to call them back directly using a phone number posted on their companies official website.

Never give our personal information to anyone that calls you.  Legitimate companies will not call you and ask you for personal information.  Remember, that with much of our personal information being available on the dark web due to data breach, scammers can easily sound like they are legitimate when they state facts about your personal info.

Conclusion

Most scams come to us when we have our guard down. They prey on our emotions by using fear filled headlines or threats of potential loss of accounts or hard-earned dollars. It’s not uncommon to receive an email, phone call, or text that is related to something we have already done.

You may be expecting a package that you ordered a few days earlier. You may have booked a flight.  Maybe you happen to be needing of a product or service. That fact that relevant messages come to us are simply a coincidence. When you receive a text or email out of the blue, always ask the question; “Is this real? Or is it a scam?”

Some scams also encourage users to download malicious apps in order to receive a reward or discount. This does not prey on our fear, but entices a natural human desire for personal gain. Be cautious of all app downloads in every situation.

In one second you could infect your devices with malware to give away personal login information. However, it only takes a few seconds more to carefully review the message to verify it’s legit. When in doubt, go to Google and search for the company. Visit their website directly. Or, login to trusted websites directly at the source from a personal bookmark, not though an email link.

If an email or text message lines up with a legitimate notice about a login verification or purchase you just made, it’s still a good idea to only click the link after you’ve double checked that it’s not going you to a different site.  This can be done by hovering over the link to see the destination.

Continue to educate yourself on how to spot scams, while being mindful that exercising caution is your first best step to protecting yourself.   Be prepared by thinking twice before you click or react to any message or phone call. Take a breath and take the time to do a bit of research. I will save you a world of trouble.

Continue your education, read about Common Scams – Part 2.