Despite the steep increase in financial regulations and cybersecurity protections, criminals will always do what they do best: scheme. Yes, even in 2023, phishing attacks are still a looming threat to anyone who spends their money online. Last year, the Anti-Phishing Working Group (APWG) counted a grand total of 1,025,968 reported phishing attacks.
Why is phishing continuously so effective on the general population? Social engineering and the anonymity of the online world. By appealing to human emotions and dressing your email up with the “right” logos and credentials, people are accustomed to trust, even if it’s a trap.
By recognizing the signs and double, triple checking who you’re speaking to, you’ll have the tools to prevent irreparable financial damage.
OTP (One-time password) Scam
Though this is usually an account safeguard for large organizations, Experian has reported bad actors using OTP automation to intercept authentication codes. By using “official-looking” messaging sent by an OTP program, victims are tricked into sharing multifactor authentication codes forwarded via text or email to sign in. This scheme has become more prevalent in false bank alerts, where the automation will warn the prospective victim that an unauthorized “large transaction has occurred” and they need your password to stop it. In reality, it’s just the scammers trying to log into your bank account.
If you receive an authentication code, only share it through the avenues you know. Don’t text or confirm it to a number you’ve never seen before.
Romantic scams are a tale as old as time.
Threat actors will pose online as a love interest, right down to sweet text messages and getting to know their prospective “partner.” Eventually, they’ll use your blooming, fake relationship to beg you for money, usually by a mailed check. However, in light of the current level of general cybersecurity awareness, criminals have started to change the romance scam formula.
Crypto accounts are the new fad in online financial fraud because of how much harder it is to trace. Through the use of cross-chain bridge services, it’s a fan-favorite for all things dark and shady. Romance scams are no exception.
Through the fake online relationship, criminals convince the victim to download a fake crypto app, where they lovingly transfer money, which, you guessed it, isn’t real. Federal Trade Commission official Steve Baker comments on the trend, stating “…the app displays data that shows your wealth growing, but criminals are just taking your money.”
Investing, especially with crypto, takes dedicated research and time. It should never be done on a whim just because the thought of wealth excites you. If your online partner is insisting you download an app you’ve never heard of, one that connects directly to your bank, it’s safe to bet it’s a scam.
Car warranty scams
There’s a ton of jokes about this type of phishing scam on social media channels like TikTok and Twitter, but there’s a reason for that.
Have you ever received a call with a robotic voice insisting on speaking to you about your “car’s extended warranty?”
If you’re an American citizen and you own a car, there’s a high chance you’ve already interacted with one of these scam attempts. There’s also a chance that you ignored them because you thought they were annoying—in that case, kudos! Keep up the good work.
However, there are many that have bitten the bait and purchased an invalid warranty policy for thousands of dollars. Scammers have even tried other methods, such as sending alarming, official-looking letters directly to the victim’s home, because we’ve begun recognizing the automated calls.
Our advice: if you receive anything warning you about your car’s warranty expiring, call your dealership. Unless the offer came directly from them, it’s a scam.
General cybersecure safety tips
If you didn’t ask for a link, don’t click on it
You’ll see many of these schemes all share the same general layout: they pretend to be someone you trust, they ask you to perform an action, and then they make off with your money. If there’s any rule of thumb you should take away, it’s this:
If you didn’t ask for, or weren’t prepared for a link, the code, the app, whatever it is, don’t interact with it.
Get a robot-call filter
If you don’t recognize the number calling you, it’s better to let it go to voicemail. If it’s urgent, they’ll leave their information and state their business. If it’s a family member that just got your number from your mother, they’ll say that too. It’s better to be safe than sorry.
If you don’t want to subject yourself to letting your phone ring all the time, there are call filters you can set in place to send unrecognized numbers to voicemail. Ask your cell provider for more information.
Minimize the use of your debit card
Your debit card is directly tied to your checking account, a walking weakness for anyone to take advantage of. Because of how intimately it’s tied to your physical balance, there are less protections and tools in place for reporting fraudulent activity. It’s better to use your credit card for as many necessary purchases as possible and pay off the balance through your banking application.
As we mentioned before, scammers are always changing their methods to adapt to modern trends and technology. The idea of always being surrounded with invisible thieves can feel overwhelming, especially when they try to befriend you. But by being cautious and understanding how similar phishing scams are to each other, you’re more likely to effectively protect yourself.
Of course, these are just three kinds of phishing scams. Check our other blog post, 4 Reasons Phishing is Getting More Frequent, to learn more about avoiding the bait.