There are a lot of scams in the world, and they seem to be proliferating at an exponential rate. Anyone trying to sell something on Craigslist quickly learns that it is overrun by scammers. If you apply for a job these days, there is a stronger chance that it is a scam job just trying to learn your personal details and get money from you. And who has not been approached by a cryptocurrency scammer claiming they can make you rich, rich, rich for just a small investment?
Protecting Yourself, Co-Workers, Friends and Family
The best thing you can do, at the individual level, is to teach yourself (and everyone else) how to spot a scam. You want everyone to have a healthy level of skepticism and evaluate all incoming messages, no matter how they arrive (be it email, web, SMS, social media, voice calls, etc.), and look for potentially suspicious signs of a social engineering scam. A scam is a scam is a scam. Most scams have the following traits:
- They arrive unexpectedly
- The ask the receiver to do something the sender has never asked the receiver to do before
- They indicate a sense of urgency, claiming the receiver will be penalized if they do not take action immediately
- The requested action could be harmful to the receiver or their organization if the requested action is taken and is malicious
The scam warning signs are summarised in the following flow chart below:
Teach yourself, your co-workers, your friends and family these four traits of scams. They should evaluate all incoming messages, no matter how they arrive, and see if the message has all of these traits. And if it does, then the receiver should confirm the validity of the request before performing any further actions. Please share this message and graphic with as many people as you can. We are all in this war against hackers and social engineers. Spread the message.
One note of caution. Not all scams contain all four traits. There are some advanced scams where these traits do not apply. For example, in a mortgage escrow scam, an intruder has usually successfully compromised a mortgage lender’s (or escrow agent’s) computer, scans for pending housing sales and then sends bogus bank money wiring instructions to the party buying the house on the day they were expecting to be told to make a loan escrow payment. The request arrives from the person they were expecting it to arrive from, on the day they were told to expect it, for the amount they were expected to have to pay to get the loan. Everything looks legit, but they do not know that the bank wiring account information leads to the attacker’s bank account.
So, not all scams have the four traits above, but 99% do. And being aware of these four traits of scams will stop most of it.
Let’s make it significantly harder for scammers to be successful. Now go fight the good fight!
from an article by Roger Grimes, https://blog.knowbe4.com/traits-of-most-scams
About an hour or so ago my mobile phone rang - it was an 800 number calling. I was dubious, but answered just in case (I've got a couple of things on the go right now). It was a recorded message from Visa Security advising me of two charges to my credit card today. It listed the amounts, mentioned that one was for gift cards and the fact that I had no history of purchasing gift cards had triggered the call. Press 1 to accept the charges, press 2 to decline (or the reverse... I can't remember.). It was clear, professional, and so absolutely convincing that I hung up and called my bank. They were quite interested and eventually confirmed that it was indeed a phishing call.
I don't know what would have happened if I'd pressed the decline number but I suspect I'd have been connected to an agent who would have confirmed my details, etc.. and then they'd have owned my credit card. (assuming I gave them my details, that is) The call was convincing enough that I'll bet many people do. I'm lucky - I work in IT Security and I learned long ago not to trust anything, especially when it's a phone call and it involves my personal / financial information. Even then, it was hard.
So...what should you do?
Start by listening very carefully to what is being said. You'll likely pick up clues that suggest the call is random; things that a real caller should know. Second, especially if the caller is a real person and not a recording, take note of all the instructions, details, etc. and then hang up and call your bank (or whomever the caller impersonated) on a number you get from a bank statement, Internet search, etc.. Do not call back using a number provided by the caller. Your bank WILL be very happy to hear from you and they will confirm for you whether or not the call was legitimate. If the suspicious caller is a real person, and they're a scammer, they will try very hard to keep you on the line. A legitimate caller will understand your plan and will encoiurage you to hang up and call back via a published phone number. Don't let yourself be bullied.
What happens if you realise, after the fact, that you may have been scammed? Your first call is to your financial institution (or whomever the caller was impersonating) to report what happened. After that you may, depending on what happened, end up reporting the incident to your local law enforcement agency. It's very important that you do so. Behind the scenes, law enforcement at different levels are compiling / sharing intelligence on the gangs that do these sorts of crimes and every bit of information they receive is helpful so please make the call and report what happened.
When you hear “romance scam” you may think of a little old lady falling for the classic “Nigerian Prince” scam. But romance scams have become far more complex and difficult to recognize, adapting to today’s online dating landscape. With the popularity of platforms like Match.com, Tinder, and Bumble, scammers have set their sights on these popular apps and even social media. In fact,consumers have lost $770 million to fraud scams started on social media in 2021, according to the US Federal Trade Commission. In the first half of 2021,the FBI Internet Crime Complaint Center (IC3) received over 1,800 complaints related to online romance scams, resulting in losses of approximately $133.4 million.
Romance scams can be part of a much larger cybercriminal ecosystem.International cyber gangs will even use dating sites to recruit victims as “money mules” and use them to unknowingly launder funds, according to AARP.
Often, scammers prey on victims experiencing loneliness, which has not been uncommon during COVID-19 pandemic lockdowns. If your friend or relative has started a new online relationship, or even if they’ve been in one for several months, it’s important to check in and look for any red flags.
Some red flags may include:
- A request for money. A request for money is a major red flag of a scam. Scammers may pressure you into sending money for “urgent” matters, such as medical expenses. They may also say it’s for a plane ticket to visit you. Never send money to someone you haven’t met in person. Scammers may also ask for payment in the form of pre-loaded gift cards or wire transfers.
- They may often make and break promises to come see you in person. The person claims to live far away, overseas, or be in the military.
- The relationship is moving fast and the person professes love quickly.
- There’s pressure to move the conversation off the platform to a different site or want to continue the conversation through text. Dating platforms search for scammers on their sites. Scammers will want to move their victim off-platform to avoid any detection.
If you believe a loved one is the victim of a scam, it is important for them to take the following steps:
- Cease communications with the scammer immediately and take note of any identifiable information you may have on them, such as their email address.
- Contact your bank or credit card company if you've given them money.
- File a police report with your local police department / RCMP Detachment.
- Report the scammer to the Canadian Anti-Fraud Centre.
- Notify the website or app where you met the scammer.
Remember that romance scams can happen to anyone at any age and falling for a scam is nothing to be ashamed of. By speaking out, reporting scams, and encouraging others to do the same, you can help protect others from becoming victims. For more information, visit staysafeonline.org/romance-scams.
Test your knowledge! Challenge yourself with the Love Security quiz!