Understand the Basics of Scams and How to Protect Yourself
What are scams?
Scams are everywhere. If you haven’t been a victim of a phone, mail, or Internet scam, you’ve probably at least come in contact with one. Thanks to the vast nature of the World Wide Web, Internet scams have become especially prevalent in today’s world, and scammers continue to work toward obtaining monetary gains and valuable personal information from unsuspecting victims.
Definitions of Scam Terms
Before we continue, it is important that you understand four key terms:
- Scam: a game or fraudulent scheme with the intention of stealing money or personal information
- Social engineering: the manipulation techniques behind phishing and vishing
- Phishing: posing as a legitimate person or company online with the intention of stealing money or personal information
- Vishing: posing as a legitimate person or company over the phone with the intention of stealing money or personal information
The idea of a scam is to push you into a corner and force you to make a decision on the spot — pay the money and/or provide pieces of your personal information, or face the consequences. Scammers use the media to fuel these scams, possibly posing as a local retailer that you frequent or as an organization that has had a recent breach that could have compromised your information, in hopes that you give up your money, or worse, your personally identifiable information (PII).
Analysis of Scam Terms
Scammers continue to fine-tune their social engineering skills, coming up with new ways to convince you to hand over your most valued possessions: your money and your PII. Here are a few techniques that scammers use:
- Familiarity: If you’ve seen someone around or heard their name before, you’re more likely to trust that they are legitimate. (Ex: An email appearing to be from a big name company or a call from someone claiming to be your local senator’s campaign manager)
- Hostility: It’s human nature to comply with someone who expresses hostility toward you. If you consider somebody as a threat, you are more likely to do what they tell you. (Ex: A virus that threatens to destroy all your computer files if you don’t pay a fine or somebody posing as a police officer over the phone demanding a fine in exchange for the expunging of an arrest warrant)
- Playing detective: It’s easier than you think for someone to gather information about you. All they have to do is go onto your social media accounts to find out your location and interests or rummage through your trash for credit card forms and bank statements. Those are only two of the many places that cybercriminals can obtain personal information about you.
Phishing, Vishing, and smishing
Experienced scammers apply their social engineering techniques to two types of scams: phishing and vishing. Phishing consists of someone posing as a specific person or company through the Internet with the intention of stealing PII or money. According to the FBI Internet Crime Report, there are more victims of phishing, vishing, and smishing scams than any other type of cyber fraud, costing consumers $57 million in fraud losses.
Phishing can be executed on several different platforms: emails, phone calls or text messages, and deceptive websites.
Phishers create emails that are seemingly legitimate and rely on you to click on the link provided. Scammers will often present a “sense of urgency,” which will urge you to click now rather than later. The link will send you to another fraudulent page, usually bearing legitimate businesses’ logos or brand names to further convince you of its authenticity. Phishing emails can also launch damaging malware or spyware that is activated after clicking a link, sometimes without you even being aware.
Deceptive websites sometimes follow phishing emails. You’re asked to click on a link that claims to take you to the specific company’s website. Beware, for these are usually websites that have been designed to fool you into inputting information such as your credit card number, email address, phone number, Social Security number, and more. It’s like the old saying — hook, line, and sinker — once you’ve clicked the link and are convinced that the site is legitimate, you’re more likely to divulge personal information to scammers.
Vishing, or voice phishing, is a form of phishing by phone. Scammers will pose as your bank’s representative, a friend of a friend, a restaurant, and more in an attempt to steal your money or your PII. The stark difference between phishing and vishing is the platform that the scam is presented through. Technology advancements have proven that it’s easier to hide behind a screen as opposed to a phone receiver, making vishing slightly less common than email or text phishing attempts.
Learn more about vishing.
The third type of phishing is smishing, when a scammer sends phishing links by SMS or text message to unsuspecting victims, similar to a phishing email. Given the shorter nature of a text message compared to an email, smishing attacks try to get the victim to click on the link by offering more details to claim a prize, a refund, or other messages to create urgency on behalf of the recipient.
Learn more about smishing.
Applying the Scam Terms
You may think that only gullible people fall for phishing and vishing scams, but it’s about the social engineering tactics used by the scammer, and even the savviest cybersecurity professional can be tricked.
Two examples of these real-world scams targeting individuals include the Nigerian scam/419 fraud scam and lottery scams.
Nigerian Scam/419 Fraud Scam
These particular types of scams involve upfront or advanced-fee payments that originated in Nigeria, hence the name. The “419” component of the name derives from a section of Nigeria’s Criminal Code that pertains to the country’s fraud laws. It’s common for a scammer to contact you through email, sending you numerous messages through automated spambots designed to continuously send you spam. Oftentimes, the sender poses as a member of royalty from a foreign country asking for your help to escape unjust prosecution. These types of emails may even contain official government emblems from the originating country.
Learn more about the Nigerian/419 Scam here.
We’d all love to win the lottery and gain the financial freedom that the mega millions would provide. Unfortunately, emails saying you’ve won the lottery are most likely scams. The World Lottery Association describes a lottery-based scam as one that uses the lottery reputation and/or lottery products as the means to deceive. Simply put, you receive an email announcing you’ve won millions and in order to receive your winnings, you are instructed to send a “processing fee.” Lottery scams can also be used with the intention to steal your PII for future spamming purposes.
How can you protect yourself?
Here are some quick facts about phishing, vishing, and other scams:
- The lottery will NEVER ask you for your personal information through an email.
- Financial institutions will NEVER ask for your personal information through an email.
- There are no such things as “free promotional drawings.” Organizations will never freely give away money prizes without a person’s current active participation.
In addition, here are some things to remember if you receive a suspicious email or call:
- If you don’t know the sender, DELETE the email.
- If somebody is claiming to be an organization or financial institution asking for personal information over the phone, call the organization’s number back to make sure the call is from a legitimate source.
- Check for spelling and grammar mistakes. Oftentimes, phishing emails originate from other countries where English is not the primary language.
- NEVER click on any pop-up screens or links within the email.
- NEVER call a phone number that is sent to you within a suspicious email.
- NEVER reply to a spam email.
- NEVER be afraid to ask why your personal information is necessary.
- If you want to check or report a link you receive in an email, ALWAYS type the URL directly into the address bar of your browser.
Sontiq continually reports on the latest scams in our Scams News Summary. You can be a valuable contributor to the war against hackers and scammers by keeping up-to-date with the latest criminal scam techniques and sharing this information with others. If you think you have been a victim of a scam, file a report with the Federal Trade Commission (FTC).