It seems like every time we turn around some company’s site or network has been hacked or some new scam is targeting us directly. The hackers, scammers, and bad guys never seem to take a break. And maybe it is just me; but it feels like it is getting worse!
I remember back to the mid- to late-90’s when emails from Nigerian ‘royalty,’ usually a queen, a prince, or some other sort of diplomat, would come through asking if they could deposit ‘X’ amount of money into my account and then promise to leave some of that money for me when they withdraw their monies again. I think this scam, or something very similar, is still in existence today. Why? Because they work. Likely because people are still somehow unaware and/or are not paying attention like they should be. And some folks are just gullible; but not you, because you are here to learn what you can do to better protect yourself.
This is a two-part post on the subject of scams. Here, in this first one, we are going to talk about some common scams and what you can do to better avoid them, and therefore keep yourself safer and better protected.
Scams and What You Should Do and Not Do
We cannot possibly cover every scam in existence; but I did want to cover some of the more common ones seen including some things to be on the lookout for. I am going to give you some tips on what to do and not do in each case as well.
Phone Calls
Unknown Numbers
Some of us feel like we need to answer calls from unknown numbers or numbers we simply do not recognize because it may be a prospective employee, a co-worker, the doctor’s office, or a potential contractor, etc. I will argue though that if whoever calling us is legitimate, they will leave a voicemail, call back again, text us, or email us. I get it though. Some of us too just like to pick up the phone to see who it is regardless.
Personally, unless I am definitely expecting a call, I seldom if ever pick up for unknown numbers or numbers I do not recognize. It is just my personal policy to help me avoid potential scams, sales calls, or political whatever. If you want to be as safe as possible, I recommend the same to you. Plus, I hate garbage phone calls.
A Note on Robocalls
These are my least favorite of all, aside from unsolicited sales and political calls. These are just another call from an unknown number or unrecognizable number. I am sure most of us are familiar with these at this point. There is usually a pause at the beginning of a robocall when you first answer as the caller’s system is looking for an agent to route you to. This is a telltale sign of a robocall. Like I want to wait on them to hear their unsolicited message or scam. I think it is best just to hang up if you do answer because you do not know who it is or if it will even be a real human on the other end.
A generally safe policy is to not answer your phone if you do not recognize the number or do not have it saved in your contacts list (though some scammers can utilize numbers you may have stored in your contact list). The better course of action is to let those calls go into voicemail. Then, if you are still not sure, call the entity being represented directly to see if they did call you. Never return a call from an unknown number or identify yourself to an unknown number as this serves only to confirm to a potential scammer who you are and that they have good contact info for you.
QR Codes
Fake QR Codes
Be careful when scanning publicly displayed QR codes, like when paying for time in a parking lot. A more recent scam is to put stickers of a suspect QR code over the top of a legitimate QR code that then leads the unsuspecting to a scam website, ready to take all your personal and payment information or provide the scammers with complete access to your phone and everything on it.
Look for stickers that have been stuck to signs over the top of other QR codes. Not sure in the case of trying to pay for parking? Find an alternative means of paying for your time to park or find a different lot.
Unexpected Packages with QR Codes
A more recent scam being talked about is when a package gets delivered to you that you are not expecting. You know you have not ordered anything; and there is no clear indication where the package came from. The story goes that when you open the mystery package, which could be most anything, there is a QR code in the package with a note stating that if you would like to find out who sent the package to scan the included QR code. When this happens, the scam site may gain full access to your phone and everything on it.
The best way to avoid this one, now that you are aware it is happening, is to simply avoid scanning any QR codes that you are not absolutely certain of their origin. Additionally, take a minute to inspect any associated URL with the QR code to see if it goes somewhere you are familiar with or if it is an odd URL, weird with mixed up letters or one letter swapped out, etc. If you just want to be extra safe, do not scan any QR codes.
Emails
My Dad’s Email Story
Earlier this year, my dad almost got caught up in an email scam. Luckily for him and mom, he paid attention to the signs and listened to his instincts and avoided a potential costly mistake.
He received an email that appeared to come directly from PayPal. It showed an invoice for over $700 for a product my dad had not purchased. Concerned, my dad called what he thought was PayPal. Turns out, it was not.
Somehow the call to PayPal went to the scammers. Scammers can sometimes have real phone numbers routed to them somehow. The scammer asked my dad to go to the bank in order to get to the ATM. I assume to make a withdrawl or divulge account access info at the very least. The scammer also asked my dad not to go into the bank and not to speak to any bank staff. Once my dad heard this, he became suspicious and upon getting to the bank, went to talk to bank staff about what was going on. Meanwhile, the scammer kept calling my dad on his cell phone, as I am sure he thought he was close to making my dad another victim. My dad did not answer. And when my dad spoke with bank staff, they confirmed it was indeed a scam and the type of scam happened regularly.
After my dad confirmed it was a scam, we froze all of my parents’ credit reports and put alerts on them. We also changed passwords to a number of their accounts to be extra careful. Scam averted!
Phishing
Phishing (via emails) is designed to get you to take some desired action which will then ask you to provide some amount of personal (identifiable) information (PI) and/or financial details or access. Examples of such data could include usernames and/or passwords, bank account numbers or full access, social security numbers, and more. Your data may be collected on a site they direct you to or a phone call by a number in the email’s messaging. Additionally, attachments and links can also lead you to scam websites, launch deviant applications, and/or trigger viruses as well.
What NOT to do:
- DO NOT reply/respond to the email.
- DO NOT click on any links or buttons in the email.
- DO NOT call any phone numbers provided in the email.
- DO NOT click on or open any attachments in the email.
- DO NOT use the contact information provided to contact the entity from the email.
- DO NOT forward the email to anyone to get their opinion. You would only be making things worse and potentially exposing another person to the scam and possible viruses.
What to look for:
- You are not expecting the message or you are not sure why the organization might be sending it.
- You are caught off-guard with the message, request being made, or content of the correspondence.
- Generic salutations.
- Email address domain (the part after the ‘@’) does not match the sending entity’s primary domain/URL
- You do not recognize the email or phone number being used.
- Domain/URL used is completely different from the entity’s domain/URL.
- Directions in email ask you to open attachments or follow included links.
- If you hover over a text link and notice the domain does not match the sending entity’s regular domain/URL.
- Generic email addresses, ex: gmail.com, being used. While some small companies might do this, larger, more professional companies do not.
- Entity’s name may be a part of the account name or domain; but the overall domain or URL does not match the entity’s regular domain or URL.
- Be wary of topics like shipping notifications, bank account balance notices, messages from customer service, prize notifications, anything COVID-19 related, and other.
- The email expresses some type of urgency to try to get you to act sooner than later.
- If any member of your company’s management team ever emails you using their personal email address, assume it is a scam.
What to do:
- Pay attention to the details at all times.
- If you are not 100% certain, go directly to the entity being represented in the message and ask if they sent the correspondence. Again, do not use any contact information provided in the suspect email.
- Block and delete the suspect email.
Text Messages
My Personal Smishing Story
I should probably say “stories” at this point. Like many of you, I have received so many scam or potential scam texts that I have lost count at this point, including some that appeared to be from Amazon (but were not). I was able to identify them as likely scams by looking for many of the things listed below.
My policy? I don’t really read text messages from anywhere I do not know, including all the political ones. I just block them as soon as I see them, which also deletes (or removes) them for me.
Smishing
Smishing (via text) is similar to phishing in that scammers are attempting to acquire your personal information and/or get your money. They are generally going to be from an unrecognizable or unknown sender, contain some type of link, and try to make the note seem of importance or generate some sort of urgency.
What NOT to do:
- DO NOT respond to the text message. If nothing else, doing so would confirm to the potential scammer that they have a good way to contact you.
- DO NOT click on any links found within the text messages. The links from scammers lead to bad sites, initiate viruses, or trigger applications that can then take your information.
- DO NOT call any phone numbers contained within the text messages.
- DO NOT forward the text message to anyone to get their opinion, for example. You would only be making things worse and potentially exposing another person to the scam and/or malware.
What to look for:
- Where did the text message come from? Is it a number or identity you recognize or have already saved in your mobile phone?
- Is the info for who sent the message or where it shows coming from make sense? Is it a random set of numbers, an unrecognizable phone number, a garbled up mess of an email or similar source displayed as the sender?
- Is the entity who sent the text a company or someone you actually know and recognize?
- If you do recognize the sending entity, like the USPS or Amazon, for example, do you know them to have ever communicated with you via text before? Did you sign up? Have you ever signed up to get the texts?
- Have you ever done business with the entity identifying themselves in text message?
- Does the wording used in the message seem broken, like maybe not good English?
- Have you traveled to any location mentioned?
- Have you actually made any transactions mentioned in the text message?
- What time of day did the text come through? Was it in the middle of the night?
What to do:
- Pay attention to the details at all times
- If you are not 100% sure who or what it is, then ignore it and…
- Block and delete any text messages that seem suspect.
- Contact any entity you may be concerned about directly via the phone numbers or emails you have on file for them (NOT any contained within texts received). Again never use any contact info that may have been sent through the suspect text messages.
Check Cooking (Washing)
Bad guys can wash checks and then fill them out to themselves or even mock up very good counterfeits using software and the information provided by your check.
If you have to mail a check, take it directly to your local post office instead of mailing it from your house. If you are going to utilize checks for payment, consider using pens with fraud proof inks like from uni-ball or Pentel, as examples.
The best way to avoid these sorts of issues with your checks is to utilize alternative payment methods such as credit cards or some form of online payment.
Money Mule
The short? Do not transfer monies for another individual or entity, especially when you do not know them.
Money being transferred in these cases is generally stolen or acquired via some sort of fraud. The scammer will ask you to transfer monies they give to you to another individual or entity, sometimes using gift cards or wire transfers. If you do it, you would be breaking the law for helping the scammers move their money.
What NOT to do:
- DO NOT transfer any funds if asked to regardless of the situation.
- DO NOT deposit any checks you may receive for the purposes of later transferring the funds on, as they could be bad checks and you could find yourself having to pay back the funds to your bank.
- DO NOT give out your bank account information.
What to look for:
Common examples of where money mule schemes can happen are with work-from-home jobs, ‘partners’ found through dating sites, and winning of prizes of some sort. There could be others as well.
What to do:
Scammers can make up compelling stories to get you to act for them, thus effectively making you a money mule. If anyone asks you to transfer money for them, refuse to do so. You can probably count on it being a scam.
If you do get caught up in a transfer scheme:
- Notify your bank.
- Notify any wire transfer service or gift card companies involved.
Voiceprinting
Voiceprinting is when scammers take snippets of your voice, after having talked to you at some point, and put them together to make it seem like you are saying things you actually have not. They call someone you know, like a parent, and make it seem like you are making requests for money due to ‘you’ being in some sort of bad predicament. And therein lies the scam. Artificial intelligence (AI) is also making it easier for the bad guys to clone someone’s voice to do this very sort of thing as well.
These scams are a good reason not to take phone calls from unknown numbers or when you do, not talking a lot while you are on the phone with them. If I happen to pick up the phone for someone I am not expecting a call from or someone or entity I do not know, I never say much except for something like “not interested” or “no, thanks.” I work hard never to say the wordk “yes” either to avoid being used out of context for some purpose. People that you know, that actually need to speak with you, can easily leave a voicemail, send you a text, or call back again later. In other words, you never have to pick up your phone in the moment, especially if you do not know who it is.
Fake Sites
Fake sites, as you might guess, are sites that are designed to come off as or mimic a brand’s real site, so they can scam you for your personal information and/or your money. They can get you unless you are paying close attention or listening to what your gut may be telling you about what you are seeing.
My Personal Fake Site Story
I have stumbled upon a few fake sites over the years; but I almost got suckered by one last year. I knew something was off with the site; and the pricing offered was simply too good to be true, so I listened to my gut; and it saved me.
In searching for an expensive knife, I stumbled upon a site that looked like a site I was familiar with; and it had the exact knife I was looking for at a very cheap price. After some investigation, it appeared the suspicious site was indeed a scam site meant to come off as a very large, well-known online knife vendor. Did this fake site seem legit? At first, but then I figured it was questionable at best. How did I know? What were the clues?
- An extremely ‘cheap’ price for an otherwise VERY expensive blade. This detail gave me my first pause.
- The sites’ URL was weird; but the site was using the real knife vendor’s logo. Not quite right.
- There was a deviation with the look of the main navigation and search at the top of the page of the scam site as compared to the real vendor’s nav and search.
- I went to the fake site’s Contact Us page to check their address. It seemed legit for a minute; but then I looked for the address using an online map. While the street seemed to exist, the specific address did not.
- I noticed the login dialog the fake/scam site was using was not like the real vendor’s normal login screen.
- I checked this scam site’s URL registry to find its owner and found that the URL was registered in Hong Kong. Another red flag!
- My final clue was when I emailed the real vendor to confirm whether the site was theirs or not; and they confirmed the scam site was indeed a fake.
Of course, it helped that I have done business with the real knife vendor before, so I knew some things seemed ‘off;’ but it was because I paid attention to the details that I could tell the site was likely a fake. You can check the same things I did if you ever have doubts about a site you find yourself on.
Another clue that you are likely looking at a fake site is when they only allow for cash or cash transfers as payment at the point of checkout. This can be a very good sign you may be dealing with a scammer. Avoid!
The moral of the story is to stay alert. Pay attention to the small details that will give away a scam. Do NOT complete a transaction unless you are 100% sure of who you are dealing with. Not sure? Do not move forward.
Resources
We have not vetted all of these; but I wanted to include a few resources here for your convenience. While it is certainly not an exhaustive list, I would encourage you to look over these as well as go seek out your own so you can know even better what to be on the lookout for.
- Fraud and Identity Theft Topics from Experian
- Federal Trade Commission Consumer Advice: Avoiding and Reporting Scams
- Amazon: Identifying a Scam
- How do I spot a fake, fraudulent, or phishing PayPal email or website?
Conclusion
Just like any other situation we may find ourselves in, we need to be paying close attention, staying alert, and listening to our gut instincts anytime we receive an email, get a text message, choose to answer an unknown number, visit a new website, pay for something, or give out any of our personal information. If you do not know what it is, who it is from, are not expecting it, or if it just seems ‘off,’ exercise caution and do your due diligence. When it comes to scams, online or off, the only one that’s going to protect you is YOU.
If you have been caught up in a potential scam or you have gotten scammed, be sure to get a copy of and keep an eye on your credit reports from Equifax, Experian, and TransUnion. Additionally, you should place a freeze on your credit with all 3 reporting agencies. You can also set up alerts to tell you when there is activity. Freezing your credit and the alerts are free to set up. It just takes a little time.
If you have all the details or can remember them, you can also report any scam or suspected scam to the Federal Trade Commission at ftc.gov/complaint.
Share this post with your family and friends that you think may benefit from the information found here, especially if you know they may not be as savvy or aware of things as you may be.
Stay tuned for our follow-up post where we talk about some best practices and some tools you can use to help you better avoid scams and generally stay better protected.
Related Content
Tools and Best Practices to Help Avoid Being Scammed
This time we are going to cover some tools you can use to help you stay better protected as well as some best practices to …
Read other OwnGuard Solutions blog posts
Read our other posts centered around being safer and better prepared.