Scammers have been around as long as history has been recorded. Think about the famous Trojan Horse, for example. It was a perfect scam that allowed attackers to get behind the city walls. The same is still happening, although the technology has evolved from wooden horses to digital ones. Even with the change in technology, deception, especially that which uses emotions to deceive, has not. The key to protecting yourself is simple (cue the MC Hammer song and parachute pants): “Don’t Click That!
Modern scams perpetuated through email, text messaging or social media are some of the most common and damaging scams we see. But one thing about these scams is universal: they require our participation. So, the key is to be cautious and suspicious. And Don’t Click That!
Here are some recent tricks and scams to watch for:
Social Media Deals That are Too Good to be True
A great deal on something awesome comes up on social media, maybe it is a PlayStation 5 or some adorable purebred puppies, and even better, it is on the social media page of a retailer or friend you know.
You DM them quickly and they ask you to make a deposit via CashApp or another money service that is in someone else’s name so they can hold it for you. When you go to pick up the item, it turns out it never existed. The social media account was hacked and crooks took your cash.
Scammers are taking over social media accounts to pull off things like this. If you are sending money to anyone, even somebody you know, always make sure that it is being sent to an account that matches their name, phone number, and other associated details. Even better, text or call the retailer or friend if the deal seems too good to be true.
Text Message Scams: Don’t Click That!
You get a text message from your bank telling you that a small debit purchase, often less than $10, has been completed from your checking account. It conveniently includes a link for you to see the details of the charge. You click on the link, log into your account, only to find there is no charge. Scammers have just tricked you into logging into a fake site that then forwards you to your bank. That fake site has stolen your username and password, which they now use to empty your account for real.
If you get an unexpected text message that says a withdrawal or payment has been made from your account, log directly into the website, or open the banking app on your phone. If the text was legitimate, the information that you need will be available.
Do not click links in text messages. Instead, go to a browser and log directly into the bank or retailer whom you think has just contacted you. You can quickly surmise if the communication was real or fake.
Email Security: Think Before You Click!
Cybercriminals have long used fake HR accounts to dupe employees into giving them access to a company’s network. However, it is currently time for annual reviews, raises and bonuses, so a calendar invitation can seem like a predictable and welcome message. You click on the link to accept the invitation for the meeting and enter your credentials so the meeting can be added to your calendar. You smile as you think about how well you have done this year, and about the trip to Bora Bora you will take with your annual bonus.
Unfortunately, what you did is give bad actors access to your email account. They swiftly create email rules that forward emails with certain keywords to their other accounts, then delete or hide the original email. They use this to take over email conversations, spread malware within the organization, reset passwords on an account with access to sensitive employee information, then steal that information and use it to steal the identity of co-workers. That is a big mess that YOU caused! (How’s that bonus looking now?)
Due to losses from the breach, bonuses are canceled, and Bora Bora is not going to happen. When receiving emails, even those that are internal, be careful where links take you, especially if entering credentials.
Be Suspicious: Don’t Click That!
Clearly scams and cybercrime are here to stay, and as our lives become more digital, scammers will have more opportunities to attack us. While there are technical tools to help in the battle, learning to spot these scams and report them to social media platforms or to security teams within your organizations is the single most effective way to avoid falling for them.
As we enter the holiday season this year, you know scammers are not taking a break, but are instead planning their own trips to Bora Bora with the money they steal from others during this season.
KnowBe4 and Savvy
Savvy is a preferred provider of all KnowBe4 training products and services. And, to my knowledge, we are the number-one certified partner for the legal industry. Lucky for you, that means we can offer a cornucopia of free online security tools from KnowBe4.
We are also offering all new KnowBe4 clients 5% off their first year with any KnowBe4 product or service. Call me at 303-800-5408, email me at Doug@SavvyTraining.com, or book a demo at your convenience on Calendly.