The internet is the most widely used communication network ever constructed. It’s used by millions of humans and machines every second of every day. There are good and bad things happening on the internet and one of the most prolific bad things are the ongoing attempts to scam innocent people out of their money or identities. We’ve written a series of articles dealing with various types of common internet scams and have rounded them all up together in this article. Each of these articles deals with the detection and avoidance of nefarious scams such as phishing, credit card scams, and tech support scams.
Common phishing scams
The common element in almost all types of internet scams is the initial “phish” which is the act of tricking you into providing some kind of information that is later used to scam you. In most cases, phishing emails attempt to direct you to a clone of a trusted website where you’re likely to enter login credentials, or try to make you download malware.
In order to scam someone, the bad guy must make contact with a large pool of potential victims. The odds of pulling off a successful scam are low, so the pool of potential victims has to be very large. The easiest way to contact a large number of people with almost no effort is through email.
Comparitech writer Dave Albaugh brings us through what the process looks like in his article about common phishing scams. There are different types of phishing, such as Spear Phishing and Vishing, each with its own characteristics. This article contains practical advice on how to recognize phishing attempts, how to avoid them, and how to repair the damage if you have already been successfully phished.
Credit card scams
Credit card theft is big business. It’s tempting to think that it boils down to one person who stole your credit card details and once you report it, it’s over. In reality, credit card theft is a multi-million dollar industry in many countries and is tied heavily to organized crime. If your credit card details have been stolen, that’s just the tip of the iceberg. It will probably be sold in a batch of other stolen cards, and may also be used in attempts to steal your identity.
This article describes the various ways in which credit card theft happens, as well as some practical steps you can take to protect yourself. There is also information on red flags to look for which can indicate your credit card data has been stolen, as well as steps to take if that has happened.
Email scams are a type of fraud. While it’s true that a fraudulent offer can be contrived with almost any story, there are a few “tried and true” cons that seem to crop up repeatedly over time. In this article, I cover off common scams such as Advanced fee fraud, Over payment fraud, Work from home scams, and others.
The broad strokes tend to remain the same, but the details of these types of fraud change over time. There are resources to keep on top of the ever changing scams, and steps to take to defend against them.
The article also contains information on how to report email fraud if it has happened to you already.
Spotting a fake or spoof phishing email
As Mr. Miyagi said in the movie Karate Kid “best block, no be there”. In internet scams, the best defence is to simply not get tricked in the first place. Scammers can be clever, though, and it can be hard to spot the fake phishing emails sometimes.
In this article Gillian Jones provides some tips to help. She points out that it’s not enough to see that the email appears to come from someone you know, you’ll need to actually see the email address itself. Other telltale signs such as uncharacteristic greetings and suspicious links are red flags indicating that you might be dealing with a phishing email.
Read more: How to Spot a Fake, Spoof or Phishing email
Tech support scams
This type of scam usually starts with a phone call from someone purporting to be from Microsoft or some other recognizable tech firm. The scammer’s mission is to trick you into allowing them remote access to your computer so that they can do whatever they want with it. In most cases, the scammer will tell you that your computer is infected with a virus and instruct you how to give them access. If that happens, it’s game over.
Once a scammer has control of your computer they can steal any information and documents from it. They can also install malware such as key loggers to copy your website logins, and even leave your computer configured to accept future incoming access requests from the scammer.
Dave Albaugh shows us the most common types of tech support scam tactics and the steps most frequently used to trick victims. He also describes how these types of scams can be detected and stopped in their tracks, and what to do if you’ve fallen for a tech support scam already.
How to recognize secure sites
Many scams require a legitimate looking website for victims to interact with and provide the information the scammer is looking for. Since virtually anyone can purchase almost any domain name and then visually re-create any site on the planet, how can anyone be sure they’re using a safe site? This is a good question and Sam Cook has some answers for you in his article about recognizing scam or fake websites.
Some techniques are technical, such as checking that the domain name shown in your browser’s address bar matches the site you think you’re visiting. Others are more holistic such as verifying the site has legitimate contact information on it and isn’t riddled with spelling errors.
There is no single silver bullet that can indicate the trustworthiness of a site, but there are a number of things you can check that will help you make a judgement call.
Elder fraud is fraud specifically aimed at senior citizens. Seniors are disproportionately targeted for identify theft and fraud. Typically, this is because they generally have good credit ratings and are less familiar with the internet which can make it easier for scammers.
In this article, I delve into why elder fraud is so prevalent, and how to identify if it is happening to yourself or a loved one.
There are also practical tips on how to avoid fraud to begin with, I also provide steps on what how to report it to the appropriate agencies.
Read more: How to avoid and detect Elder Fraud
Ticket and travel scams
A slightly newer type of scam that is gaining momentum is the travel scam. Many people purchase airline tickets, hotel rooms, and even entire vacation packages online these days. Scammers know this and there has been a rise in fraudulent travel sites selling fake tickets and non-existent vacations.
This type of scam can be particularly problematic because you may not find out you’ve been scammed until you arrive at your destination or the airport. There is no record of you having a booking at all. Now you’re out the original money and also might have to come up with more to continue on your vacation, or simply pack up and go home.
As with all scams, the best defence is to be suspicious when purchasing online. Aimee O’Driscoll offers some steps to identify travel scam websites and some practical steps you can use to protect yourself from becoming a victim.
SMS Scams (Smishing)
It’s fashionable to make a portmanteau out of new ways to phish, and “SMS Phishing” contracts down to simply “Smishing”.
SMS, or Text Messaging, is built into just about every phone on the planet. As phones become more internet connected, many of us have transitioned to instant messaging apps like WhatsApp and Facebook Messenger. But good old SMS messaging is almost always available. Scammers know that and can use it to target you.
Smishing texts usually have much the same aims as any other kind of fraud. Scammers usually want you to click a link to download malware or adware, or bring you to a convincing looking phishing page in order to trick you into providing your login credentials for a website.
Comparitech’s Sam Cook explains Smishing in more detail, including steps to take if you are a victim of Smishing, and how to report it in your country.
Voice Phishing (Vishing)
Vishing is a form of scam which involves voice contact, usually phone calls. The scammer calls the victim and attempts to use social engineering techniques to trick the victim into doing something — usually, send money to the scammer.
Sending email spam and SMS spam is very easy and costs almost nothing. Calling an intended victim personally, on the other hand, takes a great deal of time and effort. For that reason we are less accustomed to vishing and the stakes are usually much higher in order to justify the scammers time.
To make matters worse, it is almost trivial to spoof a caller ID number these days. If a scammer wishes to present themselves as an official with your country’s tax bureau, it would be easy for them to show you a legitimate tax bureau number on your caller ID.
Sam Cook explains the details of vishing including techniques to spot it, and avoid it, in this article.
CEO Fraud, or “Whaling”, is a type of Spear Phishing which means it is a targeted attack, rather than a widespread “fishing” expedition to see who can be caught. At first blush it may seem like CEO Fraud is aimed at the CEO or other C-level executive in a company, but in fact the attack is usually aimed at the finance department. This type of attack attempts to impersonate a C-level exec in order to provide leverage against someone in the finance department to transfer money to the scammer.
This type of phishing requires some preparation because the scammer needs to act convincingly like the executive she is purporting to be. The fraudster will then contact someone in the company who has the authority to move money and direct that person to transfer funds to the scammer. As with most phishing scams, CEO phishing is most effective when there’s a sense of urgency or emotionalism applied to the request. Therefore, many CEO phishers will zero in on new members of the finance department in the hopes that person does not yet know all the safeguards that may be in place to prevent the scam from working.
Lee Munson describes the intricacies of CEO Fraud in greater detail, including ways to avoid it and report it.