November 4, 2019
Phishing, Nigerian letter fraud, and ransomware are scamming tactics that have been used for years, but they’re capturing new victims through an ever-increasing degree of sophistication. This year, phishing – an attempt to get your sensitive information through seemingly trustworthy electronic communications – accounted for 90% of all data breaches, having grown by 65% in just 12 months.
Business Email Compromise (BEC) scams racked up $12 billion in losses, and security breaches have risen by 11%. As scary as all that sounds, avoiding these scam tactics is not as hard as you might think.
Phishing tricks users into handing over passwords, social security numbers, or other important personal information through convincing emails and faux websites. One scam trend that is on the rise is impersonation: phishers that pose as your friends, family, and colleagues. As a tactic to gain a victim’s trust, the scammers craft and duplicate social media accounts with friends’ images and usernames.
Another form of impersonation is familiarity fraud, where phishers pose as brands or businesses you are familiar with. Communications take on the same look as legitimate communications you receive from these companies. Victims are then redirected to malware-infested websites or fake customer service accounts demanding personal details.
Avoiding these scams takes work, but can be done if you stay aware by doing the following:
- Look for minor detail differences in communications (misspellings, missing information, etc.)
- Check the main website of businesses to see if incentives offered are actually available.
- Never accept friend requests from strangers.
- Don’t click links that ask for personal information.
- Check for an “HTTPS” protocol in the URLs of the sites you use, particularly those you’ve clicked into from emails or social media.
- Use two-factor authentication for logging in if the site offers it.
- Be wary of secondary friend requests from friends or family you are already friends with on social media.
- Reach out to friends and family directly, not through social media, if you receive a friend request to confirm that it’s really them.
The Nigerian Prince Scam
The Nigerian Prince Scam became prominent in the 90s, but it remains one of the most popular scams on the web. Traditionally, the scammer poses as an investor, distant family member, or Nigerian prince offering a lucrative deal in exchange for you investing money upfront. The return on your “investment” never materializes.
This social engineering attack has become more complex in recent years. Today’s fraudsters pose as employers, doctors, or family members, so the only way to avoid the scam is follow your intuition, and stay a bit wary of “incredible” opportunities. Research claims whenever and however possible to make sure they are legitimate (a quick Google search of names, contents of emails, etc. can prove to be a great source of similar scams), and never make payments via social media links.
IRS scammers come at their victims from many different angles. People receive mail, emails, calls, and texts. These communications set the victim up. These fraudsters have also begun to target tax professionals.
So, what is the purpose of the communications? They do this to try and get your personal and financial information. Some of their tactics revolve around:
- Impersonation (getting your financial information to pay off owed taxes).
- Receiving money from people who want to help natural disaster victims.
- Someone who “prepares” taxes; called ghost preparers (a false tax professional).
It’s important to note these scams occur year-round, and are on the rise. A way to avoid the trap is to know that the IRS will never:
- Threaten to have you arrested by local law enforcement.
- Ask for credit or debit card numbers over the phone.
- Demand that you pay immediately with prepaid cards, gift cards, or wire transfer.
It’s also helpful to stay up to date on current IRS scams.
As the web becomes more complex and fraudsters become savvier, so does the threat of becoming a victim to phishing and other scams. Today’s consumer must readjust to the threats by becoming more suspicious of attempts to gather personal and financial information. Your intuition is a powerful ally. If a message, phone call, or text feels suspicious, listen to your gut.