Scams are very much on the rise. Like many others, most of the calls I get on my landline are from people claiming to be my Broadband provider concerned that I am experiencing problems, but for a fee …. well, you know the drill. The other very common one I’ve had is a call supposedly from the Tax man or similar demanding that either I pay some tax right now or I face immediate arrest. It is tempting to engage and vent a bit, but it really is best not to bother. Anything I might say is not exactly news for these guys.
So where am I going with this?
I have a list of my top five tips on how to avoid being scammed coming up. I’m not selling you anything, these are just practical things you should be doing. Before we leap into that, it is perhaps appropriate to understand what is actually going on out there. Obvious questions are these:
- Who is being successfully scammed?
- How are they being scammed?
- Where are these scammers operating from?
- What are the popular tactics utilised to trick you?
To answer these, I’m leaning upon a report that the identity-verification service, Social Catfish, has just released. It’s a smart move by them. By publishing something really interesting they get a bit of free advertising because people like me go “Oh, that’s interesting” and write about it. To be clear, I’m not writing about them because I have some financial interest in doing so, their report all about scams truly is very interesting, and contains a few surprises.
First, before we get into it, let’s ask ourselves this?
What did they do to compose their report?
They do explain …
- We analyzed data released by the Internet Crime Complaint Center (IC3), Federal Trade Commission (FTC), and the Federal Bureau of Investigation (FBI) in 2021.
- We included proprietary survey results after polling nearly 722 members of the Facebook group from SocialCatfish.com called Social Catfish (SCF) Seekers. This group comprises Facebook users who have been scammed out of money.
- We interviewed cybersecurity experts and a detective as well as polled our SCF Seekers Group on Facebook and sent a poll out via our subscribers to get these results.
That second point, the facebook poll, is why I’m a bit skeptical about one of their results. I’ll explain why when we get to it.
What do they highlight?
They list out how much scammers are managing to get, and break it down by state. No huge surprises here. Areas with more wealth and high populations leads naturally to scammers getting more from those locations. For example CA and NY have been scammed for sums that dwarf what happens to folks in Iowa or North Dakota.
Overall the official total lost to scammers in 2020 was $4.2 billion.
Now a surprise. That total is most probably not the whole story. By reaching out and interviewing people who had been scammed, they discovered that only about a quarter officially reported it. Most did not because they were simply too embarrassed to admit it.
In other words, it really is a far larger problem that the official statistics suggest, so while the official total of $4.2 billion is high, very very high, the actual total is most probably far greater.
If asked, I would not have personally guessed it was $4.2 billion. For context, that total loss averages $5-$12K per victim. This is not small change.
Something that is perhaps also not a surprise is learning that most of those operating scams are outside the US, hence beyond the reach of the law.
Who is being scammed?
This was another big surprise for me. If asked prior to reading the report, I would have suggested that the typical victim would be elderly and not very tech savvy, hence prone to being conned. In other words, seniors.
Well … both yes, but also no.
Here is what they reveal …
However, if you had suggested that seniors were the most at risk group, then you are actually correct.
I’ve seen a couple of media stories covering the under-20 part. For example “Tech-savvy teens falling prey to online scams faster than their grandparents”
What perhaps puts those percentages in a different light are the actual numbers…
- In 2020 the number of under 20 victims was 23,186 and together they suffered a total loss of $70,980,763 (That is an average of roughly $3,000 per victim)
- In 2020 the number of over 60 victims was far far higher at 105,301 and together they suffered a total loss of $966,062,236 (That is an average of roughly $9,000 per victim)
Clearly far larger numbers of seniors are been actively conned for what are larger sums. They truly are the high-risk group.
What appears to have happened is that rapidly increasing numbers of under 20s are now also being scammed.
What social media platforms are people being scammed on?
Here is what the report reveals …
The above comes via the poll they ran. Permit me to join up the dots here. They polled a Facebook group and got 726 responses from a group of people on Facebook and discovered that the majority of them are people who were scammed on Facebook.
I think it is perhaps wise to treat this specific set of results with an appropriate degree of skepticism.
How do the Scams actually work?
The age of the Nigerian Prince who needs to borrow your bank account and in return will let you keep 10% of the funds, is such an old trope that most would laugh if actually faced with it.
The tools of the trade are principally these …
Phishing Emails / Texts:
An email or text message from a supposedly reputable source that is worded in a manner that encourages you to click on a link that takes you to their supposedly official website. It might look like eBay, Paypal, or whoever they are pretending to be, but it is actually a fake that is designed to trick you into entering your username and password. Once they have those details, then they log into the real one and clean out your funds.
An alternative to the above is to simply click on a link to play a free “fun” game. The game works, it is fun. It also installs a key logger. Later when you log into your bank, it logs those details and then transmits them to the scammer.
Signs you are often warned to look out for are badly english, pour spellings, and had dodgy grammars. Nope, that’s bullship, or to correct that, it is in fact guidance that is bovine waste. You can’t rely on it. Scammers know all this. What some can’t, many of the more successful fraudsters can also spell.
Next up is this.
VoIP Phone Numbers:
You can spoof any number. Fraudsters can call, claim to be ABC Bank and sure enough, the number on the caller id is indeed the customer service number for ABC Bank. The caller explains that your account has been compromised and the police have asked if you could move your funds to a special account. Well yes, I need not spell it out any further, you can see where that is going. It is money on a one way ticket into oblivion.
Basically rinse and repeat for a countless array of variations. They can pretend to be anybody anywhere in any location. If somebody calls you for any reason, and you don’t personally recognise them or know them, then you can no longer trust that they are who they claim to be.
Fake Dating/Social Media Profiles:
That cute and very hot looking 20 something guy or girl located in a town not too far away may in fact be a 50 year old scammer sitting in some basement in Moscow. This is literally social catfishing. The goal is to hook people, then play their emotions like a fiddle once they have bought into the fantasy that has been crafted to manipulate and impoverish them.
Where are the scammers located?
The report ranks the top 5 locations as follows …
How can you protect yourself – My Top 5 tips to avoid being scammed
This guidance is my own personal recommendation.
Recommendation 1 – Lock down your accounts. Two step authentication is something that many websites offer. Please do take full advantage of that. For example most financial institutions will offer something akin to this. You log in, you enter your authentication details, but then as a second step, you then need to go to your mobile and enter the code they send you on your registered phone, or use their app to verify using face id or similar that it really is you logging in.
Yes, it’s a bit of extra hassle, but 99.9% of hackers can’t breach stuff like this even if they do get your username and password.
Recommendation 2 – When picking passwords, don’t pick the one true password for everything. That’s a very bad idea. If your password is leaked from one site, then they have access to everything you use it for. Pick different passwords for everything, and yes, nobody can remember them all, so use a password manager such as keychain in Safari or similar offerings.
Recommendation 3 – Switch your life to pull mode only and reject push interactions from strangers.
- Pull is where you initiate the interaction, for example by calling your bank using the customer service number on the back of your card
- Push is where they reach out to you by text, phone, email, or social media.
Your bank just sent you a text warning that a dubious transaction has just taken place. Don’t clink the link … ever. Call the customer service number on your bank card.
Recommendation 4 – Ignore threats. Somebody rings, a voicemail explains that you are about to be arrested if you don’t take immediate action. Hang up. Trust me on this, they are not who they claim to be. If you are really going to be arrested, they don’t tell you this by voicemail, they just do it. It’s a scam designed to use fear to provoke you, play you, and put you off balance.
Here is another example. You run a blog. You receive a comment telling you that you have published an image that breaches copyright and they are now about to sue you. You are invited to click a link to see the “evidence”. Don’t click that link, it’s a scam. If you are truly concerned, simply reply asking what posting and when it was published. Stick to that. If they can’t tell you that, and INSIST that you click the link “or else”, then it’s a scam. Most probably the email address provided is fake and your reply will just bounce.
Recommendation 5 – Help others. Report any scam that you have been a part of immediately to the FTC, IC3, and FBI, or similar authorities located in other nations. Making the problem more visible motivates better responses.
The Bottom Line
If you believe that you can’t be fooled then I have a very important message for you. You are wrong. We can all be fooled, there are no exceptions to this.
Your very best play is to be deeply skeptical of any and all unexpected interactions.
Remember that there is an entire industry of fraudsters who spend every waking moment dreaming up ways to trick you into sending them money. Those that are not very good at it give up and do something else. Those that are successful thrive because they become good at it. They are professionals, musicians of human emotions, who know how to manipulate by tapping into our desires, fears, and feelings to get what they want.
Fraudsters have always been with us, it is not new. Selling bridges really was once a thing. What has changed is that the internet has created a new opportunity that enables the traditional con to operate at an industrial scale globally.
A word for the Techies; for frack’s sake, disable any “admin” accounts and change all the default passwords. You know the ones I mean, it is those that you keep thinking “Yes, I must sort that out”, but you never get time to do it. Well, now is the time.
Everybody; go turn on two factor authentication where available. In other words, lock your cyber doors and bolt your cyber windows.
If somebody calls, emails, texts, messages you, and you don’t know who they are. No matter how enticing or worrying it sounds, you best friend is “doubt” – never ever ever click that link. Independently check.
Feedback Plea – Additional Guidance
Do you have any additional guidance or tips to offer readers on how to avoid being scammed? If so, please do drop a comment for the readers.