Scams are everywhere as criminals try to cash in by stealing money or valuable personal information from victims. And given our modern reliance on technologies like smartphones and the internet, if you haven’t been a victim of a scam, you’ve likely been targeted by one.
There are four key terms that are important to understand when discussing scams:
Many modern scams try to push you into a corner so you’re forced to make a decision on the spot — i.e. pay the money or provide personal information, or face the consequences. Scammers will use recent headlines to fuel their scams, they’ll pose as a local retailer that you frequent or even a family member in need in hopes that you’ll give up your money or your personally identifiable information (PII).
Scammers continue to fine-tune their social engineering skills, coming up with new ways to convince you to hand over your money and PII. A few techniques that scammers use include:
Scammers frequently apply their social engineering techniques in online, phone and text messaging scams — respectively known as phishing, vishing and smishing. According to the FBI’s 2021 Internet Crime Report, phishing, vishing and smishing scams affected the most victims than any other type of cybercrime, and cost consumers $44 million in fraud losses.
Phishing can be executed on several different platforms: emails, phone calls or text messages, and deceptive websites.
Phishers create emails that are seemingly legitimate and rely on you to click on the link provided. These emails are designed to look official and often create a sense of urgency so victims act quickly, clicking an embedded link before thinking. Those links typically send you to another fraudulent page, usually bearing legitimate businesses’ logos or brand names to further convince you of its authenticity. Phishing emails can also launch damaging malware or spyware that is activated after clicking a link, sometimes without you even being aware.
Phishing websites are designed to look like legitimate sites in order to fool visitors into inputting information such as a credit card number, email address, phone number, Social Security number, etc. Anyone who is convinced that the site is legitimate is more likely to divulge personal information to scammers.
Vishing, or voice phishing, is a form of phishing by phone. Scammers will pose as a bank representative, a friend of a friend, a restaurant or another trusted person in an attempt to steal your money or PII. The difference between phishing and vishing is the platform that the scam is presented through. Rather than answering unexpected calls, today it is easy for everyone to hide behind a call screener, making vishing slightly less common than email or text scams.
Smishing is when a scammer sends links by SMS or text message to unsuspecting victims, similar to a phishing email. Given the shorter nature of a text message, smishing attacks try to get the victim to click on the link by offering more details to claim a prize, a refund or other messages to create urgency on behalf of the recipient.
Scammers have gotten quite good in their social engineering tactics, which means even the savviest cybersecurity professional can be tricked.
Two real-world examples of these scams include the Nigerian scam/419 fraud scam and lottery scams.
This type of scam involves upfront or advanced-fee payments that originated in Nigeria, hence the name. The “419” component of the name derives from a section of Nigeria’s Criminal Code that pertains to the country’s fraud laws. It’s common for a scammer to contact you through email, sending you numerous spam messages through automated bots. The sender may pose as a member of royalty from a foreign country asking for your help to escape unjust prosecution. These types of emails may even contain official government emblems from the originating country.
We’d all love to win the lottery, emails saying you’ve won the lottery are likely scams. A sweepstakes/lottery scam uses the reputation of the lottery to deceive victims. An email announces the victim has won millions but in order to receive their winnings, they must send a “processing fee.” Lottery scams can also be used with the intention to steal your PII for future spamming purposes.
Here are some quick facts about phishing, vishing and other scams:
In addition, here are some things to remember if you receive a suspicious email or call:
You can be a valuable contributor to the war against hackers and scammers by keeping up-to-date with the latest criminal scam techniques and sharing this information with others. If you think you have been a victim of a scam, file a report with the Federal Trade Commission (FTC).