Phishing (and other) Scams and How to Avoid Getting Caught in the Net
By Melissa Somers, Executive Director,
Crime Prevention Program of Southern California*
Financial crimes continue to be a leading threat globally as fraudsters are doing their best to capitalize on the massive amount of information being shared online. The huge increase in online and phone commerce in the past few years has created a tempting environment for scammers while their devotion to a dishonest day’s work has emboldened them to branch out. Many of the schemes we’re experiencing today are far more advanced than in previous years while others still rely solely on exploiting vulnerability or simply cashing in on a crime of opportunity.
The definition of fraud, “wrongful or criminal deception intended to result in financial or personal gain”, encompasses so many types of crimes these days, it can be overwhelming. The Federal Trade Commission states that “consumers reported losing nearly $8.8 BILLION to fraud in 2022, an increase of more than 30% over the previous year”. The FBI’s Internet Crime Complaint Center (IC3) reports that they received a total of 800,944 reported complaints, with losses exceeding $10.3 billion. While the total number of complaints decreased by 5%, dollar losses increased by 49%. And surprisingly, victims aged 30-39 were the largest reporting group, while the greatest dollar loss was incurred by people over the age of 60. Let’s face it: Imposters are more advanced and emboldened now more than ever and it shows- not just in the staggering amount of fraud in our everyday lives, but in the sheer number of ways they are trying to stick it to us.
While we can’t control the evildoers behind these scams, we can arm ourselves with information. Phrases like “When in doubt, throw it out” and “Suspect deceit? Hit delete!” are helpful hints to employ and share. It’s also helpful to educate ourselves about some of the more common scams around today in hopes to avoid falling for these scams – hook, line and sinker.
Phishing – The use of authentic-looking emails, often purporting to be from a bank or government agency, generally sent en masse, to persuade a recipient to respond with sensitive personal data.
Spear phishing – Phishing with personalized email, often appearing to be from someone you know.
Smishing – Phishing attempts that go to your mobile device via text message (SMS/ short message service).
Spoofing – When someone disguises an email address, sender name, phone number, or website URL – often just by changing one letter, symbol, or number – to convince you that you are interacting with a trusted source.
Vishing – Phishing attempts that happen over a phone call, voice mail, or VoIP (voice over internet protocol) calls.
Pharming – The use of malicious programs to route you to a fake website, even if you’ve correctly typed in the address of the site you want to visit. These are often convincing look-alikes of well-known sites.
BEC / Business Email Compromise – One of the most financially damaging online crimes where criminals send a message that appears to come from a known source, making a legitimate request (changing mailing address, request the purchase of gift cards).
Clickbait – A story or link designed to attract a reader’s attention. By clicking the link, you may share your information unwittingly or inadvertently download malware or spyware.
Malware – Short for malicious software, this term encompasses computer viruses and other types of programs that criminals use to disrupt or access your computer, typically with the aim of gathering sensitive files and accounts.
Spyware – A type of malware installed on devices to track your actions and collect information without your knowledge.
Here are some tips from sources like the FBI and Federal Trade Commission to protect yourself:
- Remember that companies don’t generally contact you to ask for you username or password
- Don’t click on anything in an unsolicited email or text message. Look up the company’s phone number on your own (don’t use the one a potential scammer is providing), and call the company to ask if the request is legitimate.
- Carefully examine the email address, URL, and spelling used in any correspondence. Scammers use slight differences to trick your eye and gain your trust. ([email protected] vs. [email protected]).
- Be careful what you download. Never open an attachment or link from someone you don’t know.
- Whenever possible, set up two-factor authentication on your accounts.
- Think twice before you share online or post on social media. Avoid sharing things like pet names, schools you attended, family member names, and your birth date as the info can give a scammer what they need to guess your passwords or answer your security questions.
- Exercise caution if someone making a request is pressing you to act quickly.
- When using social media, check your privacy settings to reflect that only the information that you want is openly shared.
- Customize your privacy settings to minimize the amount of biographical and other information others can view on the website.
- Avoid accessing any accounts on public wireless connections as it is very easy for evil doers to eavesdrop on internet traffic.
- If you do have to access accounts on a public wireless network, be sure to completely log out to terminate your session.
- Know that legitimate tech companies won’t contact you by phone, email, or text message to tell you there’s a problem with your computer.
- Security pop-up warnings from real tech companies will never ask you to call a phone number of click on a link
- If it sounds too good to be true, it is.
- And finally, remember that passwords are like underwear – change them often, don’t share them, and don’t leave them lying around!
I can’t stress enough the importance of reporting it to authorities when you or a loved one has fallen victim. While it’s impossible for authorities to resolve every reported instance of scams, the information provided is shared with other agencies and used to investigate and bring cases against the criminals. “Cyber -enabled crime has been around for many years, but methods used by perpetrators continue to increase in scope and sophistication emanating from around the world, “ says FBI Springfield Office Special Agent in Charge David Nanz. He adds “When individuals and entities report incidents to the IC#, they provide valuable information that helps fill gaps crucial to advancing our investigations.”
Knowing the type of scam you’re dealing with will help with knowing where / how to report it. Here are some of the more common places to report a scam:
- FBI online reporting: tips.fbi.gov
- Federal Trade Commission (FTC): ReportFraud.ftc.gov
- Reach out to your local FBI field office
- Report internet-enabled fraud schemes to ic3.gov (FBI’s Internet Crime Complaint Center)
While the issue can feel overwhelming, arming ourselves with information will help us recognize these scams and hopefully go a long way in making sure we don’t take the bait!
*The Crime Prevention Program of Southern California (CPP) is a non-profit organization working with our members, law enforcement, the construction industry and area auto theft task forces to educate, empower and engage in a community fighting construction crime. For information on how you can join the CPP community, contact Melissa Somers, Executive Director @ 562-860-9006 or email: [email protected]. “Together, We Make a Difference”.
Leave a Reply