We’ve all been warned of the number of things online scammers will do to make us fall victim to their latest schemes. As we learn, we adapt and can better avoid their tricks. Unfortunately, it’s not fool-proof and before we know it, we’ve been duped again with a new rendition of their scams.
Cyber criminals affected the online businesses and individuals since the internet networks first appeared and spread all over the world.
Internet services and websites make it easy for us to pay bills, shop, make online reservations and even work. And you can do any of these actions from any place in the world. Old boundaries and human limitations were dropped, in order for us to have access to almost any information. Our lives became so much easier.
But the same thing is true for CRIME.
Our freedom to navigate and access a wide number of online locations represents in the same time a main vulnerability, because an open door always allows access in both directions.
Criminal minds can reach these days further than before, into our private lives, our homes and work offices. And there is little we can do about it.
Even with all of the publicity and the supposedly “common knowledge” that you should not click on links or open attachments in email unless you know for certain what you’re clicking on, email still tends to be a very popular way for viruses and malware to spread. That’s because the scammers are getting more and more clever about how they try to trick you.
Attack methods and tools vary from traditional attack vectors, which use malicious software and vulnerabilities present in almost all the programs and apps (even in the popular Windows operating systems), to ingenious phishing scams deployed from unexpected regions of the world, where justice can’t easily reach out to catch the eventual perpetrators.
The most common ways for you to become vulnerable to a malware attack or phishing scam take place when you:
- shop online
- check your email
- access social media networks
For this reason, we need to know what are the most popular schemes and techniques used by cyber criminals in order to obtain our private information and financial data.
We must not forget their final target is always our money and there is nothing they won’t do to accomplish their mission.
1. Phishing email scams
Phishing scams are based on communication made via email or on social networks. Cyber criminals will send you messages and try to trick you into giving them your login credentials – from your bank account, social network, work account, cloud storage or any other personal data that can prove to be valuable for them.
In order to do that, the phishing emails will seem to come from an official source – it can be bank authorities or other financial institutes, but also delivery companies or social networks representatives.
This way, they’ll persuade you to click on the links contained by their messages and access a website that looks legit, looks like the real one, but it’s actually controlled by them. You will be sent to a fake login access page that resembles the real website.
This way, if you’re not paying attention, you might end up giving your login credentials and other personal information.
In order for their success rate to grow, scammers create a sense of urgency. They’ll tell you a frightening story of how your bank account is under threat and how you really need to access as soon as possible a web page where your must insert your credentials in order to confirm your identity or your account.
Of course, the provided link will only lead you to the fake web location and not to the real login page.
After you fill in your online banking credentials, cyber criminals use them to breach your real bank account or to sell them on the dark web to other interested parties.
It’s one of the main scamming techniques used to spread financial and data stealing malware. There isn’t any reason why you shouldn’t be very well prepared for this attempt. However, even if you install a good antivirus program, there is no better way to stay safe from this threat but to avoid the initial infection phase.
2. The “You’ve Won the Lottery” scam
This is one that you would think would be so obvious that people wouldn’t fall for it any more. But never underestimate the power of telling people something they REALLY want to believe. It’s the same concept as the scammers selling diet pills (“Just take this pill – you’ll lost weight and look great in a swimsuit this summer!”). Even people that never play the lottery, and they know actual lottery winners don’t get notified by email, want to believe that there’s a chance that it might be true. They can’t stand the thought that maybe this time it really happened, and they would really be kicking themselves if they just deleted the email without verifying that it’s true. It’s not true.
3. Greeting card scams
This is another old scam: the greeting cards that you receive in your email inbox and seem to be coming from a friend.
If you open such an email and click on the card, you usually end up with malicious software that is being downloaded and installed on your operating system.
The malware may be an annoying program that will launch pop-ups with ads, unexpected windows all over the screen. However, it can also be ransomware or one of the worst financial malware that’s been around, part of the infamous Zeus family.
If your system becomes infected with such dangerous malware, you will become one of the bots which are part of a larger network of affected computers. In this unfortunate event, your computer will start sending private data and financial information to a fraudulent server controlled by IT criminals.
To keep yourself safe from identity theft and data breach, we recommend using a specialized security program against this type of dangers.
4. The “Your New ATM card” scam
You remember you ordered a new ATM card from your bank, right? Well, you must have, since the “bank” is now emailing you to tell you that it’s ready for you. Kind of funny, because I don’t remember that my bank sends out an email with the subject line in all caps. In fact, when my ATM card is ready, they don’t email me at all – they just send me the card in the mail. But for a certain small percentage of people, the need to click the attached file and see what it is. By then it’s too late – they’re infected.
5. A guaranteed bank loan or credit card scam
Difficult times push people into getting trapped by “too good to be true” bank offers that guarantee you large amounts of money and have already been pre-approved by the bank.
If such an incredible pre-approved loan is offered to you, simply use your common sense to judge if it’s for real or not.
How is it possible for a bank to offer you such a large sum of money without even knowing your financial situation?
Though it may seem unlikely for people to get trapped by this scam, there’s still a big number of people who lost money by paying the “mandatory” processing fees required by the scammers.
6. The “We Can’t Deliver Your Package” scam
When I saw this one, I knew they were starting to get more clever. There are some variations with this. The email could be coming “from” Walmart, Costco, UPS, Fedex – any company that could have some kind of package that they are trying to get to you. That in itself is a pretty smart trick, because a pretty good percentage of the population actually IS waiting on a package to be delivered from somewhere. So this email shows up, and – oh no, they can’t get the package to you because of a messed up address! All you have to do is complete the attached form and send it to them with the proper address. But guess what happens when you click to open that attachment. Virus alert!
7. Hitman scam
One of the most frequent scams you can meet online is the “hitman” extortion attempt. Cyber criminals will send you an email threatening you in order to obtain money.
This type of scam may come in various forms, such as the one threatening that they will kidnap a family member unless a ransom is paid in a time frame provided by the scammers.
To create the appearance of a real danger, the message is filled with details from the victim’s life, collected from an online account, a personal blog or, more and more frequently, from a social network account.
That’s why it’s not wise to offer sensitive, personal information about you on social media. It might seem like a safe and private place, where you’re only surrounded by friends, but in reality you can never know for sure who’s watching you.
That’s why sometimes it’s better to be a little bit paranoid.
8. The “We’re Trying to Protect You” scam
This one takes a little bit of a different angle. It supposedly comes from Gmail (or your choice of internet providers, but Gmail is probably the most popular choice because so many people use it). They are alerting you that they have noticed some “illegal activity” happening on your Gmail account, and that your account is currently being monitored. So the first question I ask is, if my account was not being monitored earlier, how did they notice the “illegal activity”? Regardless, they are requesting that you “re-verify” your account by clicking on the link and filling out the form. The form you are to submit usually includes information such as your Gmail password, your Social Security Number, your data of birth, your mother’s maiden name – basically all the information that some scammer needs to be able to steal your identity.
9. Fake antivirus software
We all saw at least once this message on our screens: “You have been infected! Download antivirus X right now to protect your computer!”.
Many of these pop-ups were very well created to resemble actual messages that you might get from Windows or from a normal security product.
If you are lucky, there is nothing more than an innocent hoax that will bother you by displaying unwanted pop-ups on your screen while you browse online.
In this case, to get rid of the annoying pop-ups, we recommend scanning your system using a good antivirus product.
If you are not so lucky, you can end up with malware on your system, such as a Trojan or a keylogger.
This kind of message could also come from one of the most dangerous ransomware threats around, such as CryptoLocker, which is capable of blocking and encrypting your operating system and requesting you a sum of money in exchange for the decryption key.
To avoid this situation, we recommend using a specialized security product against this kind of financial malware, besides your traditional antivirus program.
10. The “Your Legal Documents” scam
I have to admire the creativity behind this one. I mean, just about anyone would pay attention if they get a letter from a lawyer, a judge, or a court secretary, right? And this one is titled a “Pretrial Notice” – sounds scary! The scammer uses a little bit of customization by inserting a date that is recent, making it seem a little more genuine. The “Court” is just requesting that you review the complaint and confirm it, by simply clicking on the link in the message. But as soon as you click that link, it’s Game Over.
11. Facebook impersonation scam (hijacked profile scam)
Facebook is today the most popular social media network. For this reason, important companies and businesses use it to communicate with customers and promote their products.
With so many friends and connections on this online platform, we use Facebook not only to check our friends’ activities and updates, but also to chat with them.
If most friends, colleagues and social connections are on Facebook, it is perfectly normal for such a place to also attract the unwanted attention of online scammers.
Just imagine your account being hacked by a cyber criminal and gaining access to your close friends and family.
Since it is so important for your privacy and online security, you should be very careful in protecting your personal online accounts just the way you protect your banking or email account. Set a double authentication method as soon as possible. This will act as an additional layer of security, besides your password.
11. The “So Sorry For Your Loss” scam
I couldn’t write a blog post like this and not include this particular one. This comes from a local funeral home (one that you’ve never heard of obviously, unless you live in Canton, Texas). They have a nicely formatted message, and they’re offering their condolences on the loss of your loved one. They are advising you about the date and time of the memorial service for your friend. In reading this, a lot of people are wondering, “Who died?” and in many cases, their curiosity is just too overwhelming to ignore the red flags. The link in the message offers more details, so it will often get clicked. Result: virus.
I got this spam scam email not too long ago, and within a few days I got a phone call from a client whose computer had suddenly been taken over by all kinds of bad stuff. When I looked at her computer, I saw this email and asked her about it. She was still confused about it because the message didn’t give any details, and when she clicked the link that didn’t offer any new information as well. But shortly after that was when she started getting so many pop-ups that her computer was rendered virtually useless. The important thing to notice here: she didn’t connect the two events (the email, and the virus infection) until I told her that was what caused the problem. THAT’S how clever these scammers are.
12. Make money fast scams (Economic scams)
The following common online scam is extremely popular: cyber criminals will lure you into believing you can make easy money on the internet. They’ll promise you non-existent jobs, plans and methods of getting rich quickly and money from official government sources.
It is a quite simple and effective approach, because it simply addresses one’s basic need for money, especially when that person is in a difficult financial situation.
From this point of view, this scamming method is similar to the romance scam mentioned above, where the cyber attackers address the romantic needs of the victim.
The fraudulent posting of non-existent jobs for a variety of positions is part of the online criminals’ arsenal.
Using various job types, such as work-at-home scams, the victim is lured into giving away personal information and financial data with the promise of a well paid job that will bring lots of money in a very short period of time.
Online scams developed using increasingly sophisticated means of deceiving users, especially in the rich Western countries.
According to FBI, online scams have increased over the last 10 years and the total losses doubled in the recent years, affecting both private individuals and large scale businesses. For this reason, cyber criminal activities are now subject to federal investigations and are treated as a very serious problem that affects us all.
You may think that you can’t be fooled by these online scams, since some of them are quite hilarious, such as the one promising to send you money or the one where the scammers pretend to be FBI agents.
But some stories are so convincing for the potential victims that it is difficult to know how to deal with them.
Since some scams are so well organized and convincing, and the people behind so difficult to catch, we need to always keep our guard up. Stay informed about the latest scamming strategies.
Have you met some of the above scams while browsing or in your email inbox? What were the most convincing ones?