No matter how often we’ve been warned about phishing scams and shady web-based transactions, we still fall for the fraudsters. According to an article in Forbes, costs associated with cybercrime are expected to top $2 trillion next year.
The Better Business Bureau Scam Tracker shows over 142,000 scams were reported this year in the U.S. — ranging from healthcare and Medicare scams to counterfeit products and online purchases.
And it’s not just the elderly falling victim to fraud. According to the FTC, 40% of consumers who reported fraud were between the ages of 20 and 29.
In any case, here are some of the biggest scams to watch out for in the coming year.
Online scams to avoid in 2019
Phishing — evolved
Phishing isn’t exactly new. This form of fraud has been with us for a long time now. But as tech gets ever more sophisticated, so does phishing.
In the past, phishing attacks were more numbers game than anything. Hackers would cast a wide net using a generic email asking for credit card info, passwords, or other pieces of sensitive information.
Today, phishing attacks look more like they came from a specific company. Called “spearfishing,” hackers might pose as your bank, credit card company, or a site like Dropbox or PayPal. Generally, targets receive an email that looks as if it came from a legitimate business. You might be prompted to click on a link to “verify account details” and from there, fileless malware is installed on your device.
Where you once had to download a file or an app to get malware, it’s now a matter of clicking a link. These fileless attacks are also more difficult to detect, as most antivirus programs only scan your hard drive.
Here’s a look at how fileless phishing works, courtesy of CSO Online:
With the rise of mobile traffic, it’s no major surprise that fraudsters are meeting victims on their turf. Losses from mobile fraud are reportedly in the billions, expected to rise.
Mobile fraud comes in a few different forms. One example is click flooding, or click spamming, which takes advantage of users of some unpaid apps. When someone installs certain free apps, a serious of fraudulent clicks take place — which makes it seem like people are clicking on a paid ad.
Click flooding is an issue for advertisers more than consumers — as this form of fraud messes brands’ marketing strategies.
Marketers might think they’re getting a high volume of organic clicks and end up paying more for ads that ultimately don’t work.
Then there’s a newer form of mobile ad fraud, SDK spoofing. This involves a bot that hides on an app, which is essentially a cheaper way to buy fake followers.
With SDK spoofing, bots create fake requests made from an app to the servers of attribution companies and app publishers. The fake requests make it appear that a certain amount of users are running an app, though in reality, the app was never opened.
Social security scams
According to Consumer Reports, fraudsters are increasingly making harassing calls posing as the Social Security Administration.
The SS scam is the new IRS scam, and it’s more dangerous for a couple of reasons. Today, crooks have their hands on robocalling technology, so they can call more people, playing the numbers game until someone eventually pays. Second, it’s gotten easier to spoof caller IDs.
You might have noticed this on your cell phone. Often, scammers call using a number from your local area code — and a similar phone number. In the case of the social security scam, scammers are using an 800 number that looks like a real deal call from the administration.
What to look out for: this scam is generally preying on Medicare patients and the elderly. Scammers reportedly have told people they’re going to lose their benefits and ask for personal information to keep those benefits.
Tech support fraud
According to Experian, tech support scams were responsible for over $15 million in losses in 2017. These scams take a few different forms.
One example involves using phishing emails as a way to send Apple users to a fake website where malicious code is inserted into apps like WhatsApp and Telegram. The code collects information like SMS data, photos, and contact details, which may be used for blackmail later on.
Users might receive a message like the one below, which looks like a routine update.
Other forms of tech support fraud include things like phone calls claiming your computer is infected with a virus, or you’ll receive a pop-up message or locked screen prompting you to call a fake company.
Credit report scam
The credit report scam targets job seekers and apartment hunters. Generally, you’ll run into this one on Craigslist and other online job boards.
The scam occurs when the prospective employer asks that you submit a credit report as part of the application process. If you agree they’ll send you to a specific reporting service, and you might end up having to pay for the report.
In some cases, the fake employer will ask you to send your social security number along with an application or an image of your license or a utility bill. These reports serve as a way to obtain personal information for later use.
So, how can you defend yourself against spearfishers or robocalls that seem legit?
The usual advice is: never click a link in an email that comes from a bank, government agency, or commercial institution. If the link comes from a company, check your account by going directly to the website by typing the URL into the navigation bar manually.
Sound advice, but protection is limited to web apps. With mobile attacks, watch out for links that come by way of text message.
While the concept is the same as traditional phishing, mobile users tend to be more distracted and may inadvertently click on a bad link without realizing it.
The FTC also recommends that you hang up on recorded calls, avoid free trial offers, and be aware of how you pay for things online.
Finally, it might be worth looking into virus protection software for your computer, too.