This page was updated on July 20, 2021
DDoS Attacks | Goverment Department Scams | Tech Support Scams | Social Media Scams | Cryptocurrency and Mining Scams | Phone Scams | Porn Scams | Phishing Scams | Webpage Clones | Relatives or Acquaintances Scam | Ransomware
Today’s Most Popular Scams: How to Spot Them and How to Avoid Them
Some companies thrive on selling services that are useless and misleading. A good example is this beauty right here: An annual website domain listing that in fact is not necessary. You don’t need to pay to be listed in reputable search engines such as Google and Bing. If you look at this “bill” closely, you’ll see that it states that you are under no obligation to pay unless you accept the offer.
If you receive one of these invoices, don’t pay it! Make sure to pass it along to your accounting department so they are on the lookout for these types of fraudulent invoices and file a complaint with the FTC and/or your state’s Attorney General.
According to a PortSwigger post from September 2020, “organizations in the finance, travel, and e-commerce sectors worldwide have been targeted with attempted extortion since mid-August…”. While it’s impossible to know whether or not a hacker will follow through with a threat, the potential for a targeted, Distributed Denial of Service is enough to make any company consider paying the fee. To avoid attacks like this, make sure to use a traffic monitoring service and DDoS mitigation service such as Cloudflare.
A widespread scam is a recording of someone saying that there are actions against your social security account. They suggest that you must call them immediately and presumably provide sensitive information regarding your SSN. Remember that these are simple phishing contacts trying to prey on your fear and emotions to elicit a response that will get them the information they want. If you have any concerns about a suspicious phone call, email, or text message from a government branch, you can always inquire using the proper channels. Know that the S.S.A will never call you and will instead send any official communication via U.S. Mail.
While these scams were much more popular a few years back, scammers are still making the rounds with this type of fraud. Usually via a phone call or pop-up message on your computer, a perpetrator will inform you that your computer needs servicing. They will frequently claim to be a service technician from a large tech company like Apple or Microsoft. First and foremost, you should know this: big tech companies will never reach out to you directly via phone or text about an issue on your machine. Upon receiving any communication to this end, hang up and run an antivirus/antimalware scan immediately.
Social media is both a gift and a Pandora’s box full of curses one must avoid. Remember to use caution and all of your safe browsing knowledge as you view and create posts on your favorite platform. Check hyperlinks before following through to their destinations, avoid spammy groups, and never click on or share circulating sensation pieces. If you suspect that your or a friend’s account has been hacked or spoofed, report the profile to the social media platform immediately.
There’s little more convoluted and confusing in this world than cryptocurrency; without getting into the details, we recommend you remain cautious in your mining endeavors and cryptocurrency payments. An unregulated form of currency is difficult to trace, making it all the more alluring for hackers and spammers to exploit. Educate yourself and know the dangers involved should you get into cryptocurrency markets.
Antennas Up! Don’t Be a Victim of These Scams
Scammers are targeting mobile phone users aggressively, knowing it’s hard for someone to both conduct a call and check the veracity of what they are being told. Some scammers simply call a number and hang up. If the person calls them back, it validates the number is genuine and they can use it to perpetrate fraud. Others call and say, “Can you hear me?” When the recipient says yes, they record the number and use it to provide verification the individual approved a purchase or monetary transfer. Others claim to be tech support with Google, Microsoft, or Apple, telling them they need to gain remote access to a device to repair a problem. Some may urge them to visit a website to resolve the issue but lead them to a fake website that steals their credentials, instead. Rest assured that Microsoft, Apple and Google will never call you and need remote access to your machine!
Cyber criminals know how to push the embarrassment button. In the case of pornography scams, they send you an email threatening to expose you for watching porn unless you pay them. In some cases, they even go as far as saying that they took over your webcam and have visuals of you pleasuring yourself.
For more on the specifics of sex scams, check out our blog post Are Porn Scammers Watching You? Don’t Be Caught by the “Sextortion” Con.
What is phishing? Phishing is a form of cybercrime where someone posing as a legitimate institution contacts you by email, phone or text to bait you into providing personal data such as passwords, banking information, credit card details, or other personally identifiable information.
While phishing attempts can occur via phone or text messaging, the majority (96%) of phishing attacks come from email messages, and they won’t always land in your spam folder. There are several types of phishing attempts:
- Spear-phishing (targeted towards a specific person)
- Whaling (spear phishing specifically targeted at rich, high-level business personnel)
- Angler phishing (using social media and fake links)
- “Smishing” occurs via text, “vishing” by phone call, and, as mentioned previously, the rest are emails.
When looking to avoid falling for a phishing scam, it is important to ask yourself three questions:
- Was I expecting this request?
- Do the hyperlinks route to a legitimate site? (You can check this without following through by right-clicking and copying the URL.)
- Is this a service or program I actually use?
If you answer “no” to any of these questions, you can always go directly to the supposed company’s support page and inquire about your account. For more information on phishing, please take a look at our blog post: Phishing Alert! New Email Scam Preys on Internet Users Who Engage in a Very Common Behavior.
For some major companies, people are constantly trying to replicate homepages and sign-in pages. Unlucky internet surfers who are lured to these pages will find that their credentials are logged and used for nefarious purposes; bank sites and social media logins are often cloned in these scams. To avoid falling trap to webpage clones, always to check the web address you are at before entering sensitive information like bank account numbers, passwords and your SSN.
If enough of your personal information is online, it would be easy for someone to target you in a spear-phishing attempt. One of the most common types of spear attempt is when a perpetrator claims to be a someone you know, usually requesting money or access to a certain account. Remember, if correspondence is important enough, people will usually call you or use legal counsel in their proceedings.
Ransomware is a type of malicious attack that uses software to block your access to your data. These cyber criminals demand some sort of ransom, usually money, from the victim, to reinstate access to the data.
While ransomware has been around for a few years, its most successful attacks have been on hospitals and tech companies. The Federal Bureau of Investigation has posted information on how best to avoid ransomware infection on their website. Should you ever get hit with ransomware (the best strategy would be, undoubtedly, to avoid it), it is beneficial to have been backing up your data to a cloud server that uses versioning.
For more information on ransomware, visit our recent blog post: Cyberthieves Have a Laser Focus on Ransomware. Are You in Their Crosshairs?