Documents in Portable Document Format (.PDF) require Adobe Acrobat Reader 5.0 or higher to view. Download it now.
FDIC-Insured - Backed by the full faith and credit of the U.S. Government
Enterprise Bank
Online Banking
Enroll Now | Forgot password or PIN?
HomeResources

Digital Scams and Cons

Digital Scams and Cons

 

It is a new year with opportunities for new resolutions, but the sad truth is that there will always be scammers and spammers looking to take advantage of vulnerabilities. Some things never change in the world of security — they merely evolve into something bigger and worse.

Scams are nothing new, but they are more dangerous than ever now that everything is digital and highly accessible. Even before the Internet, con artists were always trying to find a new angle to take advantage of unsuspecting, trusting individuals — sadly, those tricks have stood the test of time. In 2018 we saw the same ol', same ol' online fraud strategies, but we also saw new tactics that tried to slip under the radar. In this article, we will discuss digital scams and cons to be leery of this year, and tips n' tricks on how to avoid falling victim to them.

Tricky Tricks of the Scammer Trade

Social Media Scams

The goal of many individuals utilizing Social Media is finding a balance between sharing your lives online with friends and family, while staying mindful of the potential security issues. Hackers are scam artists that target people who have a habit of 'oversharing' in order to access their sensitive data or the data of someone they are connected to.

One such scam is focused on creating and pushing out popular quizzes on social media that have been widely shared on various social channels. These quizzes that mine your information can be leveraged to make you susceptible to an attack. They are imploring users to take a few minutes for what seems like harmless fun. This deceitful method of attack has become very popular on social media and therefore very dangerous because these platforms are ingrained deeply in the personal and professional lives of people.

Profile Hacking Scams

Facebook, LinkedIn, online grocery shopping, online banking, etc. all rely on profile data and that data is very rich and telling about who someone is. Cybercriminals use real photos and characteristics of actual people to create a profile and entice users to connect with them, all the while planning to steal from the individual or someone in the individual's network. This type of scam usually fools people into giving them money with a wire transfer or even another social application such as a GoFundMe campaign.

Profiles are usually tied to an email address, and hackers leverage email addresses of consumers to file fraudulent tax returns, obtain social security benefits, conduct change of address filings at the U.S. postal service, apply for unemployment benefits, submit applications for disaster assistance, apply for lines of credit, set up trial accounts (such as for streaming services), etc. It is a common assumption to think in the digital age cleaning up your credit or identity theft is easier and won't take long because you get alerts. The truth is people often don't get alerts until it's too late, and it does take a tremendous amount of time to determine the extent of the compromise and the steps needed to rectify the breach.

Elicitation

We used to call this "chatting" when chatrooms and personal messengers first launched on the internet. Today, this is a strategic use of written conversation to extract information from people without giving them the feeling they are being interrogated. This could happen via any platform that has a private messaging (PM) feature. A perfect example would be chatting over Facebook Messenger or even Skype. During the conversation, the other person may ask questions that seem harmless at the time, but actually are helping them build a profile of you that they could potentially formulate into some type of attack such as ID theft or credit card fraud.

Phishing

This scam tactic isn't going anywhere, mostly because it works so well. Traditionally, this type of trick was limited to the telephone and email, but recently it has also branched out to social media platforms. It occurs when a user receives a fake message via social channel or email from a hacker or social engineer posing as a trusted colleague or the colleague of a person you may know well and trust. The message may contain a nefarious link leading to an unsecure page that could put your security and privacy at risk. As it pertains to email, these attacks can also come by way of email attachments containing malware that infects your machine to wreak havoc.

URL-Shortening Cons

Marketing teams often use URL shorteners, and though very helpful in sharing a long website link within a tight character limit on social media platforms such as Twitter, many of your favorite companies likely use this technique when marketing to you. It could be anything from sharing a coupon to a funny video. Unfortunately, hackers use this tactic to entice unsuspecting victims to click a link that masks malicious malware.

In this type of digital con, hackers pretend to be the business you are loyal to, but they in fact own these sites where they place malware for you to click on and then infect your computer. Another common practice in this type of scam is providing the shortened link that leads you into another trick, such as stealing your login credentials or credit card info.

Tips and Tricks to stay safer this year

Detecting these digital scams this year is doable. We have all had suspect milk in the fridge and check to see if it passes the 'sniff test'. Believe it or not, the same logic can be applied to avoid being tricked by these bad actors. With these digital tricks, it is often instinct and gut feelings that can keep you from being taken advantage of.

  • Do not share sensitive, personal information about yourself, family or friends online. It is the key hackers need to unlock the door to everything.
  • Activate Privacy Settings. Look at the privacy settings for the social media services that you utilize, and make certain that you are only sharing information with people you know.
  • Don't provide information about yourself that will allow others to answer your security questions (I forgot my password key questions).
  • Use URL extenders to see where the shortened link is going to take you. For example, you can see if the short link really goes to Macy's or a Macy's 'lookalike' site that wants you to enter your username and password so that they can commit fraud with your account.
  • When typing a URL in, look to make sure that everything seems kosher before you hit enter, e.g. check to see if Macy's spelled odd like Mac4's or the like.
  • Beware of digital impersonators. Do they pass the sniff test? Trust your gut. Validate it's an actual person and not a bad actor trying to take advantage of you.
  • If a friend sends you a message that makes you feel suspicious asking you to take an action, that doesn’t seem quite right, consider picking up the phone to call or text to verify the request is legitimate.
  • Take annual security awareness training to stay in the know on the latest threats to avoid them.
  • Avoid accessing profile accounts from public computers or through public Wi-Fi spots.
  • Avoid sharing sensational 'news' posts before verifying their validity.
  • Don't click on a link or open an attachment in an email unless you have verified with the user it is from them. Hackers often use the email accounts of others to share malware with trusting friends.