If you’re like most people, going online is a natural part of your day and you don’t focus on the dangers that may lurk there. But the unfortunate truth is that crooks and scammers around the globe have become very good at tricking us out of our information and money. They do this by taking advantage of both the open nature of the internet, and our own willingness to share.
One of the main techniques they use is called “social engineering.” This is when scammers use deception or misinformation to get us to reveal personal information, make a security mistake, or even send money. Let’s take a look at some recent online scams to learn how these methods work, and how to avoid them.
Phishing Attacks—The spelling may be a little different, but the concept of online “phishing” is the same as fishing in water. Phishers throw out bait, such as phony offers, sensational headlines, and free products, in the hopes of hooking us.
For instance, one recent scam uses fake emails that appear to come from the popular streaming service Netflix, asking users to update their billing information. It hooks users in two ways: it uses familiar Netflix branding, and frightens diehard fans by telling them that their account is suspended unless they provide credit card details to renew their subscription.
Another popular scam involves fake messages from the IRS, saying the recipient has a tax refund waiting and just needs to supply some personal information, or download an email attachment to receive the money. Sadly, victims often have their data stolen, their computer or device infected with malware, or both.
Social Media Scams—Social media networks are designed for sharing, but we often share too much. This can include private and identity information, as well as our exact location. Scammers love to take advantage of this openness to try to get us to share even more, including our money.
One recent Facebook scam appears as a post from Delta Airlines, offering two free tickets to everyone who fills at a survey and shares the post, so it can potentially hook their friends too. The survey asks for their personal information, and no free tickets are ever given.
Even taking what looks to be fun and harmless quizzes, with no freebies attached, can be risky. For instance, a recent quiz widely circulated on Facebook called “10 Concerts I’ve Been To” turned out to be a scam designed to tease out answers to users’ login security questions.
Fake Virus Alerts & Tech Support Scams—Having computer or device problems is a real headache, and scammers know that we’ll do almost anything to avoid the loss of data and downtime. That’s why their tech-related scams are so effective.
Fake virus warnings, saying that your computer or device is infected, and you need to call a support hotline to fix the problem, are the latest version of this scam. Once the user calls the number they are asked for their credit card information, and sometimes they request remote access to the computer to fix the problem. Once they get access, they can potentially steal private information or infect the machine with malware.
Some bogus virus warnings even include a pop-up dialog box saying, “We’re here to help,” with a call button. If you press the button using your smartphone it dials the scam line.
Given the prevalence of tech support scams, if you have an issue it’s always best to contact your security provider’s support department through official channels, either listed on their website or included in product packaging.
Order & Delivery Scams—It used to be that package and delivery scams were the most prevalent over the holidays, when many people order gifts online, but thanks to the popularity of Amazon.com these scams are appearing year-round.
Traditional package scams usually involve fake messages claiming you have a package arriving and need to provide personal information, or click on what turns out to be a dangerous link. Modern scammers are even mimicking official Amazon notices, with a spoofed Amazon email address. But the latest scam goes one further, tripping up Amazon’s own package tracking service.
When some Amazon users order items from third-party sellers the dodgy sellers ship an empty box to an address near the person who ordered the product, and the delivery is signed for. To Amazon, it appears as though the package was legitimately ordered and received, so they send an email delivery notification to the buyer. The buyer, of course, has not received the product they paid for. Meanwhile, the dodgy third-party seller keeps the money. To respond to these growing scams, Amazon is now supplying users with helpful information on how to spot and report spoofed emails.
Since online scams are evolving and becoming more sophisticated all the time, here are a few tips to help keep you safe:
- Be careful about what you post online, and never respond to a request for personal information sent via email, text, or social media message unless you personally know and trust the contact.
- Avoid “free” offers since they are usually a scam.
- If you receive a message that appears to be from your bank, credit card company, or the government saying there is a problem with an account, call them directly to confirm the issue.
- Before buying something online, check the seller’s reviews first, and stick to reputable websites and app stores.
- Always use comprehensive security software and keep it up-to-date.
Follow us to stay updated on all things McAfee and on top of the latest consumer and mobile security threats.