We all spend so much of our time online these days. It’s estimated that the average adult spends the best part of seven hours per day glued to their screens. When we’re finished with work, we’re hitting up our apps to watch TV, do our online banking, play games, socialize with friends – even visit the doctor.
Cybercriminals and fraudsters know all this. They know we’re comfortable with digital interactions, and that we routinely hand over personal and financial information to the organizations we interact with online. And they’ve devised a variety of ways to get ahold of that info, and our hard-earned cash.
This is where we all need to get a bit more digital savvy. By learning what typical tactics the bad guys use, we can stay safer online and keep our personal data and money under lock and key.
We’ve rounded up 10 of the most common warning signs that should set your alarm bells ringing.
1. The message is unsolicited
These are the classic phishing emails or even texts (smishing) that form the basis of many fraud and cybercrime attacks. There is an almost limitless variety of themes, but phishing generally works via social engineering, a way that fraudsters trick victims into doing their bidding – for example by forcing them into making a rushed decision, and/or pretending to be a representative from a reputable organization like the government, a tech vendor or bank. The end goal is usually to steal logins and personal and financial information, or get you to unwittingly download malware onto your device.
2. They call you out of the blue
Also known as voice phishing, or “vishing”, scam calls are on the rise. One report claimed they surged 550% in volume year-on-year in Q1 2022. Fraudsters often use these calls as part of a multi-stage phishing attack, with victims tricked into calling the number via a scam email. These “hybrid” vishing campaigns now number 26% of all vishing calls. Popular tactics include cold-calling victims pretending, for example, that something is wrong with their computer (tech support fraud) or that there is something wrong with any of your valuable online accounts, i.e., typically those containing your personal and financial data.
Transcript of another vishing voicemail message (source: Twitter)
3. You’re being rushed into action
This is a common tactic used in social engineering and phishing attacks, designed to pressure the victim into making a rash decision. It could be a prize draw that’s about to end. It could be a fake delivery notice which says the item will be returned to sender unless a tax is paid. The idea is to force that user into opening a malicious attachment, clicking on a malicious link and/or entering their personal details.
4. Something doesn’t feel right
While fraudsters are working hard to sound more convincing and are bound to co-opt tools such as ChatGPT for their own ends, don’t expect all social engineering scams to suddenly use perfect English. In other words, if an email message was sent from a free email service such as Gmail, it opens with a generic salutation like “Dear client” and/or is laden with grammar mistakes, you’re most likely dealing with a scammer. A message that is sent from a legitimate organization is unlikely to contain a large number of misspelled words or odd mistakes.
5. Out-of-the-blue requests to download a new update
Software updates are important for your secure and optimized user experience, but you need to make sure you’re downloading your updates from the right source. In other words, be wary of installing anything on your computer that isn’t properly vetted or is not listed for downloaded on a legitimate vendor site/app marketplace. Phishing tactics often try to persuade you to do so. The original message may be spoofed to appear as if sent from a legitimate vendor or service provider like a mobile carrier.
6. A popup alert with a number to call in order to cleanse your device of malware
Fake alerts are sometimes designed to facilitate scams, especially tech support scams. Here, fake popups might appear on your screen after visiting a malicious site. The message may incorrectly say the machine has been compromised with malware and that you must call a support number to get their machine cleaned. In fact, doing so will take them straight through to a fraud call center.
Example of a tech support scam
7. An offer that seems too good to be true
Scammers frequently take advantage of the credulity of many internet users. It could be high-value products for sale that are significantly marked down in price. Or lavish prizes being offered for participation in surveys. Or even investment opportunities in cryptocurrency with no downsides. The bottom line is that if it looks too good to be true, it usually is.
No, you haven’t won a lottery
8. You’re lavished with love after just a few interactions
Lonely hearts who try their luck on dating sites should be aware that many of the profiles they interact with may be fakes. Scammers befriend their victims online and then swiftly move the conversation onto unmonitored channels like encrypted messaging apps. They soon profess their love then try to extract money from their victim, usually for spurious reasons like medical bills, or plane tickets to see their Valentine.
9. A request to fill out a survey in return for a gift
As mentioned, survey scams are an increasingly popular way for crooks to elicit personal and financial information from victims. One criminal campaign is netting US$80 million per month from fake surveys and giveaways. Beware those offering generous gifts and too-good-to-be-true offers. There will always be a catch, whether it’s handing over your personal info, or paying a small fee in return for a prize that never materializes.
This survey, which was part of a scam campaign we wrote about in 2018, isn’t real
10. Upfront requests for money
Instant money transfer apps like Zelle, Cash App and Venmo have made it child’s play to pay friends and family. But scammers are also requesting payment via these apps – for non-existent items they may be selling online, or in romance scams like the one above. They may even pretend to be friends/family requesting emergency funds, or might impersonate a legitimate company and send an invoice for payment. The bottom line is that, unlike card payments, these apps don’t allow the user to recover funds if stolen via fraud. Like cash, once the money’s gone, it’s gone.
With these and any other scams, it pays to be skeptical online. Don’t download anything you haven’t verified is legitimate. Don’t reply to unsolicited emails or texts. Don’t hand over any info over the phone.