What are scams?
Scams are everywhere as criminals try to cash in by stealing money or valuable personal information from victims. And given our modern reliance on technologies like smartphones and the internet, if you haven’t been a victim of a scam, you’ve likely been targeted by one.
Definitions of Scam Terms
There are four key terms that are important to understand when discussing scams:
- Scam: a fraudulent operation that has the intention of stealing money or valuable financial or personal information
- Social engineering: the techniques used to manipulate a victim into divulging information or taking a specific action
- Phishing: when a scammer poses as a legitimate person or company online with the intention of stealing money or personal information
- Vishing: when a scammer poses as a legitimate person or company over the phone with the intention of stealing money or personal information
Many modern scams try to push you into a corner so you’re forced to make a decision on the spot — i.e. pay the money or provide personal information, or face the consequences. Scammers will use recent headlines to fuel their scams, they’ll pose as a local retailer that you frequent or even a family member in need in hopes that you’ll give up your money or your personally identifiable information (PII).
Analysis of Scam Terms
Scammers continue to fine-tune their social engineering skills, coming up with new ways to convince you to hand over your money and PII. A few techniques that scammers use include:
- Familiarity: If you’ve seen someone around or heard their name before, you’re more likely to trust that they are legitimate. (Ex: An email appearing to be from a big name company or a call from someone claiming to be your local senator’s campaign manager)
- Hostility: It’s human nature to avoid conflict by complying with aggressive people. If you consider somebody as a threat, you may be more likely to do what they tell you. (Ex: A call from somebody posing as a police officer demanding a fine be paid in exchange for the expunging of an arrest warrant)
- Playing detective: It’s easier than ever for someone to gather information about you. By going onto your social media accounts, they can find your location and interests. They also can rummage through your trash for credit card forms and bank statements. There are many places that cybercriminals can obtain your personal information that can help in their scams.
Phishing, Vishing, and smishing
Scammers frequently apply their social engineering techniques in online, phone and text messaging scams — respectively known as phishing, vishing and smishing. According to the FBI’s 2021 Internet Crime Report, phishing, vishing and smishing scams affected the most victims than any other type of cybercrime, and cost consumers $44 million in fraud losses.
Phishing can be executed on several different platforms: emails, phone calls or text messages, and deceptive websites.
Phishers create emails that are seemingly legitimate and rely on you to click on the link provided. These emails are designed to look official and often create a sense of urgency so victims act quickly, clicking an embedded link before thinking. Those links typically send you to another fraudulent page, usually bearing legitimate businesses’ logos or brand names to further convince you of its authenticity. Phishing emails can also launch damaging malware or spyware that is activated after clicking a link, sometimes without you even being aware.
Phishing websites are designed to look like legitimate sites in order to fool visitors into inputting information such as a credit card number, email address, phone number, Social Security number, etc. Anyone who is convinced that the site is legitimate is more likely to divulge personal information to scammers.
Vishing, or voice phishing, is a form of phishing by phone. Scammers will pose as a bank representative, a friend of a friend, a restaurant or another trusted person in an attempt to steal your money or PII. The difference between phishing and vishing is the platform that the scam is presented through. Rather than answering unexpected calls, today it is easy for everyone to hide behind a call screener, making vishing slightly less common than email or text scams.
Smishing is when a scammer sends links by SMS or text message to unsuspecting victims, similar to a phishing email. Given the shorter nature of a text message, smishing attacks try to get the victim to click on the link by offering more details to claim a prize, a refund or other messages to create urgency on behalf of the recipient.
Learn more about smishing.
Applying the Scam Terms
Scammers have gotten quite good in their social engineering tactics, which means even the savviest cybersecurity professional can be tricked.
Two real-world examples of these scams include the Nigerian scam/419 fraud scam and lottery scams.
Nigerian Scam/419 Fraud Scam
This type of scam involves upfront or advanced-fee payments that originated in Nigeria, hence the name. The “419” component of the name derives from a section of Nigeria’s Criminal Code that pertains to the country’s fraud laws. It’s common for a scammer to contact you through email, sending you numerous spam messages through automated bots. The sender may pose as a member of royalty from a foreign country asking for your help to escape unjust prosecution. These types of emails may even contain official government emblems from the originating country.
We’d all love to win the lottery, emails saying you’ve won the lottery are likely scams. A sweepstakes/lottery scam uses the reputation of the lottery to deceive victims. An email announces the victim has won millions but in order to receive their winnings, they must send a “processing fee.” Lottery scams can also be used with the intention to steal your PII for future spamming purposes.
How can you protect yourself?
Here are some quick facts about phishing, vishing and other scams:
- The lottery will not ask you for your personal information through an email.
- Financial institutions will not ask for your personal information through an email.
- Organizations do not give away money prizes without a person’s current active participation.
In addition, here are some things to remember if you receive a suspicious email or call:
- If you don’t know the sender, delete the email.
- If an organization or financial institution calls asking for personal information over the phone, hang up and look up the organization’s customer service number online — then call back to make sure the original call was from a legitimate source.
- Check emails and text messages for spelling and grammar mistakes. Phishing emails often originate from countries where English is not the primary language, so the grammatical mistakes and typos can be warning signs.
- Do not click on any pop-up screens or links within the email.
- Do not call a phone number that is sent to you within a suspicious email.
- Do not reply to a spam email.
- Do not be afraid to ask why your personal information is necessary.
- Before clicking on a hyperlink, verify the URL first. Hover over the link to see if the URL looks legitimate. Be wary of “tiny URLs” that hide the actual URL.
You can be a valuable contributor to the war against hackers and scammers by keeping up-to-date with the latest criminal scam techniques and sharing this information with others. If you think you have been a victim of a scam, file a report with the Federal Trade Commission (FTC).