Next Avenue Logo
Advertisement

New Scams Target People Trying to Avoid Scams

Cloned websites, improved grammar and offers of free credit monitoring are making even careful internet users vulnerable to fraud

By Bev O’Shea

I had just ordered a dog toy online during a major sale event — and I got a text purportedly from Amazon saying my account had been accessed from India. Was this really me, the email wanted to know, instructing me to click on a button if I placed the order.

A couple reading a scam text message on a plane. Next Avenue, phishing scams, older adults, scam
It's easy to let the scammers' partial information, possibly gained in a breach or from the dark web, trick you.  |  Credit: Getty

I didn't click, assuming it might have been an attempt to download a virus onto my computer, but sending it to me at that particular moment made me wonder for a moment whether it was a legitimate query.

Actually, the text's arrival at that moment wasn't as impressive as it seemed to me, says Bruce Schneier, a lecturer at Harvard Kennedy School and author of "A Hacker's Mind." If the text had a one in a million chance of landing right after I ordered, the math is simple: Send 100 million texts. It's free, and AI has made it so much simpler to create texts and emails that look legitimate.

Scammers Get Better

No matter how much we learn about phishing, smishing, vishing and quishing, (fraudulent emails, text messages, voice messages and QR codes, respectively) we remain vulnerable. Cloned websites mean that looking for things like HTTPS in the URL or a padlock in the address bar are all but useless. The poor grammar and syntax that used to be giveaways of scammers are all but gone.

The poor grammar and syntax that used to be giveaways of scammers are all but gone.

Even scam experts are vulnerable. Cory Doctorow, a Canadian-British blogger and science-fiction writer, has written several novels about cyber fraud. He details how it happened to him — and promises to write about it again if/when there is a next time. Anybody can become a victim.

Adam Levin, co-founder and host of the "What the Hack" podcast, says one big scam that targets the careful is free credit monitoring. Just about all of us have had information compromised in a breach, and companies typically respond with a year of free credit monitoring. Scammers also read the news. And at about the time real offers of free monitoring arrive, so do scams. Victims of that particular breach (or the scam that follows) sign up because they want protection.

Why We Are Still Vulnerable

Too, all the cyber helpers that businesses use for customer service have more or less trained us to enter personal information, often over and over.

A couple of things make us a little more vulnerable, especially during the holidays. We are rushed and often distracted. "Everyone is vulnerable under the right set of circumstances," says Eva Velasquez, president and CEO of The Identity Theft Resource Center.

Because of that, we need what Levin calls cyber humility, which he defines as the willingness to be inconvenienced to determine the validity of a text, email or ad because it's preferable to becoming a crime victim. Or, if you prefer advice that rhymes: "To avoid remorse, go to the source." It's a lot more trouble than clicking.

Wait a Second . . .

The FBI is hoping to convince us to step back for a moment before responding with its "Take A Beat" campaign. The idea is to pause to assess the situation and resist pressure to act quickly. Velasquez recommends consulting a friend or a trusted resource like the Identity Theft Resource Center, the Federal Trade Commission or AARP's Fraud Watch Network. Scams thrive on isolating people and persuading them to act quickly and often emotionally.

If you click and immediately wish you had not, on a mobile device, turn it off immediately. You can turn it back on, potentially stopping the installation of malware. Velasquez notes that iOS updates often prevent such installations in the first place. If you're using a PC, you should use security software to scan it. (If your device warns you that you are going to an insecure site and asks if you want to proceed, the answer needs to be no.)

If you click and immediately wish you had not, on a mobile device, turn it off immediately.

If you respond to a text message asking for your address or other seemingly harmless information, they may just be testing the waters, says Velasquez. It's valuable to know who will respond to texts or emails from people they don't know.

Other texts or messages are not so innocuous and you may be asked for money or for personal information that is needed right away to prevent harm or even theft of your credit card accounts. Busy and distracted, it's easy to let their partial information, possibly gained in a breach or from the dark web, trick you. Once they've "proved" that they are authentic, you may be asked to prove you are you. (Levin says they may be collecting missing pieces of information to create a virtual mosaic of you. But in the moment, it can seem logical.)

Advertisement

What if I Get Scammed?

If you get scammed, report it. Some people may feel like they should have done more, should have waited or that they otherwise made a mistake. But if you get scammed, you are a victim, and reporting it may help someone else.

There's no reason to blame yourself. Think about it this way, says Scheier: "How much time should you have to study avionics before you recognize a faulty aircraft? Why should it be our responsibility? I expect the government to make sure (flying) is safe and pharmaceuticals are safe, and pajamas don't catch on fire." And yet when someone steals from us, it's easy to think it's because we somehow failed.

Levin recommends transaction alerts for credit cards, freezing credit and using two-factor authentication. He also suggests that you lie when asked security questions about your mother's maiden name or your childhood pet's name (borrow from a friend or celebrity if you'd like). If you buy online, experts suggest using a virtual private network and credit cards. Many offer protections for consumers.

No Holiday for Vigilance

Because so much money changes hands during the holiday season, scammers are eager to get in on the action. Here are some ways to help cut them out.

  • If you are buying or donating online, Levin suggests going to the retailer's website rather than clicking a link you see on social media.
  • Tell recipients of gift cards just before you send them. No fun surprises — but you avoid accidentally training anyone to click without first verifying. "If I send something to my mom, my 81-year-old mom will take a screenshot and be like, 'Is this you, honey?' So she will verify," Velasquez says. It's never too soon — or too late — to develop those habits.
  • For charitable donations, Velasquez recommends going directly to the charity's website. She said that during the recent presidential election, many donors unknowingly contributed to scammers.
  • If you send packages, be sure to get a tracking number and/or delivery confirmation. If you receive an email about additional information being required for a delivery to you, know that this is typically a scam.
Bev O’Shea
Bev O’Shea is a freelance writer specializing in personal finance topics. She is a mother of two adult children and lives in Georgia with her husband, cockapoo and calico. Read more of her work at bevoshea.com Read More
Advertisement
Next Avenue LogoMeeting the needs and unleashing the potential of older Americans through media
©2024 Next AvenuePrivacy PolicyTerms of Use
A nonprofit journalism website produced by:
TPT Logo