Avoid Online Fraud

A new year brings new scams to watch out for

Our family wanted to make a last-minute holiday booking at a resort, and, finding no openings through traditional means, checked Craigslist. We were nearly ready to fork over payment info when a little digging revealed the property listing was a complete scam. Even though you may have heard the warning again and again, be ever vigilant against fraudulent online listings, phishing scams and shady web-based transactions, because things are only getting worse.

Industry experts estimate costs associated with cybercrime are expected to top $2 trillion next year. While seniors can be particularly vulnerable, all ages are affected. The FTC reported that 40 percent of recent fraud claims were from consumers 20 to 29.

From health care scams or fake products and services to just shady business practices, there are a host of problems to watch out for in the coming year, and ways to protect yourself from falling victim.

Today’s phishing
Phishing has been around for years, and I’ve shared numerous warnings before. But as technology gets more sophisticated, so does phishing, and even the tech savvy can be taken in.

Generally, phishing involves casting a wide net of emails trying to obtain personal data, credit card info or passwords, seeing who will bite. Newer phishing scams have gotten really good at appearing as if they come from a legitimate company, including your bank, credit card company, Amazon or Paypal. An email may ask you to click on a link to verify your account information. From there, malware is installed on your device putting all of your sensitive data at risk.

Spear-phishing is a more targeted attempt to steal sensitive information from you or a company.  A bad actor mines whatever personal details they can on victim in advance, such as their friends, hometown, employer, locations they frequent, and what they have recently bought online. Attackers then contact the victim through email or online messaging, disguising themselves as a trustworthy friend or entity to gain sensitive information. Gaining info in advance for a spear-phishing attack represents 91 percent of the successful attempts to gain sensitive information.

The best way to avoid being a victim of spear-phishing it to limit what personal information you post online. For example, many Facebook profiles list a person’s birthday, where they were born, what high school and college they attended, favorite books, movies and current interests. Don’t publicly post anything you don’t want a scammer to see.

If you receive a request for information, always check directly with the company where you have an account. Do not access it through a link in an email.

If a friend or business associate asks you for personal information, pick up the phone and verify the request actually came from them.

Mobile fraud
Tech analyst First Orion projects nearly half of all calls to mobile phones this year will be scams.

It used to be that you could just ignore calls you don’t recognize. Today, spoofing (displaying a phone number that has the same area code and prefix as your own number) make it more difficult to filter calls and texts.

Since many people make new contacts frequently, it’s hard to ignore local calls. You can let unrecognized numbers go to voicemail, then return the call if it is legitimate. If you do listen to a pitch and realize it is a scam, report it to the Federal Trade Commission using this online form. If you get an unsolicited text, do not click on any links or even respond.

A dangerous combination—spoofing and robocalling—is exploding in frequency. Robocalling scams use a computerized autodialer to deliver a pre-recorded message. Fake calls from the IRS are common. However, a new scam leader for 2019 is Social Security fraud, according to Consumer Reports, and is primarily targeted at seniors.

In the SS phone fraud, numbers are spoofed to look like a legitimate 800 number. The caller identifies himself or herself as a Social Security employee and says your file lacks necessary personal information, such as your Social Security number. Or the caller may claim to need additional information to increase your benefit payment, or will threaten to terminate your Medicare benefits if you don’t confirm the information he or she has. If you should get such a call. hang up and call the Social Security Administration directly at 800-772-1213.

Read this article for more information on preventing robocalls.

Tech support fraud
Tech support fraud rates are still high, representing over $15 million in losses in 2017, because people keep falling for them. To be fair, scams are tricky. Users might receive a pop-up message on their screen which looks like a routine update. When activated, the fake update infects the computer system.

Another form that a savvy friend fell for recently involves a “virus” script that appears on a victim’s computer screen prompting the user to call a fake company for support. If called, a bad actor may claim they work with a well-known company such as Microsoft or Apple. Using fear tactics, the “agent” offers to fix the problem, remotely connects to the victim’s computer, identifies a fake problem, collects payment and removes the script, “fixing” the computer. These type of sessions open up the computer to other data mining.

If you get a concerning message on your computer, shut it down. If you are tech savvy, start the computer in safe mode and run the program Malware Bytes to try and remove the malware. Otherwise, call your local computer repair person or your computer security software company. Do not call a number that pops up on your screen in a warning about a computer problem—it is not legitimate. Never share passwords or give control of your computer to anyone who contacts you.

Product and service scams
Research and a little common sense go a long way to avoid being taken in. If something seems too good to be true (or even a really good deal), it is cause to be suspicious. The accommodations we were trying to book were at a very low cost for a holiday weekend, but the scammer was also asking for a $200 “refundable deposit.” Although there was a very official looking rental application, they would not provide a name or contact phone number, and asked to be paid via PayPal. With alarm bells ringing in our head, we checked to see if the property was listed on Airbnb (it was), contacted the real owner and verified it was a scam. We also reported the scam to PayPal and Craigslist.

Other examples may be offers of a “free” gift card or a scandalous photo to try and get you to go to a malicious website or take a survey in an attempt to gain your personal information. Be wary if an email has poor spelling or grammar. If in doubt, enter the company name or website URL into Google before clicking on a link in an email or going to their site. You can also check out the company on the Better Business Bureau website.

Craigslist is also famous for hosting credit report scams targeting job seekers and rental applicants. A fake company will request that you submit a credit report as part of the application process, asking for detailed personal information such as your social security number and a copy of your driver’s license. Research the company you are applying to. Ask for a showing of the rental before submitting an application.

Questionable sites
Third-party payment sites are cropping up that may be legitimate, even though their business practices are questionable. A third-party payment site is one that enables customers to make online bill payments to businesses for a fee. Recently, a third-party payer named Doxo began collecting payments from Arvig customers without the company’s knowledge, and using the Arvig logo without permission, giving the appearance of an Arvig endorsed site. It is not.

The problem with Doxo and other similar sites is your payment is not made directly to Arvig, or whatever other company you are trying to pay. Doxo immediately withdraws funds from your account, then mails a check to the company. This process can take up to 7 days depending on your payment method. You will also be charged a service fee.

Customers can pay a bill directly with a company that allows online payments or through their bank’s online bill pay service, usually with no service fee. Arvig customers are encouraged to pay their bill directly through our secure online payment portal, making a direct and timely payment with no additional fees.

For more information
The website Stopthinkconnect.org, created by the National Cyber Security Alliance and Anti-Phishing Working Group, has more tips. You can also track the latest scams on the Better Business Bureau website.

Updated: Sep 8, 2021