13 Smart Steps to Protect Against Scams, Hacks and Phishing
- by Carol White Llewellyn
Monday, was a banner day for scam communications. In addition to the dozens of spams normally received, I also got a number of emails that could have resulted in one or more of my accounts being hacked* and more than a half dozen phishing* emails asking me to confirm financial and other information. I also received one email telling me that my operating system, my email, and my phone had been hacked and unless I turned over $1200K in bitcoin, all my contacts would receive embarrassing images from the lascivious sites I visit (who knew Amazon was considered lascivious?).
The one scam that amused me most was a piece of snail mail from a “banker” in Canada. Because my last name is the same as that of a deceased man with an uncollected estate at his bank, “the banker” and I could collaborate on making me the man’s official beneficiary, so he and I could split the almost $10 million in funds. Of course, confidentiality was vital!
I laughed out loud on this last one. Oops, I guess in sharing this here, I’ve violated his confidentiality pact.
The problem is that hackers, phishers, and scam artists have become more creative and sophisticated, often coming across as authorities with which we already have a relationship. They can even “mirror” the actual email accounts or phone numbers used by legitimate organizations.
Sometimes, they come across as so convincing, even savvy consumers can be taken in. So what’s a consumer to do?
Below are some tactics you can take to protect yourself:
- Never trust an email telling you there’s a problem with your account or that it’s being terminated, and never pay anything through an email or text alerting you of such. Instead, go to the actual website url where you have the account, log in using your username and password to access your account, and verify your account information there. If there is a problem, there will be an alert there that can be trusted.
- Never send money in response to an unexpected request, whether it’s via phone, email, or text. Hang up on robocalls telling you that you must pay money to extend your warranty, safeguard your account, donate to your favorite charity, etc.
- Don’t believe emails from “friends” who tell you they are stuck in a foreign country, all their funds have been stolen, and they need you to wire money. Someone has hacked that person’s contacts and is emailing everyone in the hopes someone will fall for it. It happened to me once, and friends almost sent funds, except they noticed grammar errors I would not have made.
- “Don’t pay for a promise,” Advises the FTC. If someone is promising you debt relief, better credit, mortgage assistance, a job, or a prize, they are most likely out to get your money and will disappear once you’ve paid.
- If it sounds too good to be true, it probably is. Offers such as free trials, free money, free use of time share, etc. by paying something in advance usually come with a catch. Do your research on the company to verify legitimacy. Not every business is listed on the Better Business Bureau website, but it’s a good place to start investigating.
- Pay attention to the email address. Often, legitimate-looking emails from authoritative organizations come through with email addresses that are clearly bogus. Immediately delete them, or if you use outlook, you can mark them as spam or even phishing, and they won’t come through again.
- Hang up on calls from the Social Security Administration. There is currently a scam being run in which the call recipient is told the police, Sheriff, or Marshall will show up at your door with a warrant for arrest, and to avoid it, the call recipient must buy a Google Play Card, and share the card number. Watch the FTC’s advisory video on this scam.
- Don’t trust your caller ID. Scammers and sales organizations have found a way to use the phone numbers of legitimate organizations to masquerade as those organizations. If someone calls to try to get you to donate or invest in their organization, don’t make that investment or donation over the phone. Check their legitimacy through their online website, or confirm the legitimacy of many non-profit organizations using Guidestar (where you can also confirm the proportion of their revenue which actually goes to the initiative they say they support). Then make your donation through their online portal using a credit card, or mail in a check. For any legitimate investment opportunity, it should require you set up an account (not be done via phone) before you make the investment.
- If you have an elderly member of your family who you are concerned may fall victim to such hoaxes, try to get joint access to their bank and credit card accounts, so you can monitor them. One friend’s father-in-law fell victim to a scheme in which his entire payment for assisted living for the next month was stolen from his account, and the scammers tried to do it the following month as well. Fortunately, the bank worked with the family to catch the scammer and get the funds back.
- Monitor your bank accounts, debit cards, charge cards, investment accounts, and credit scores regularly so that if a problem crops up, you can address it immediately. Many websites – even those one would imagine are trustworthy – have been hacked recently, so proactive vigilance is wise.
- “Consider How You Pay,” advises the FTC, noting that payment via credit card, and even by check has some built-in protections, but a payment wired to an account does not.
- Be cautious about online transactions, advises credit expert LaToya Irby in her article "How to Safely Use Your Credit Card Online," in order to protect against credit card fraud and identity theft.
- Know what questions census workers will ask. In order to insure that everyone completes the Census and communities are accurately counted, census takers will be going door-to-door to make sure every household completes the Census. If the census taker asks about the social security number, bank account numbers, or any financial information for members of the household, terminate the interview. These are not legitimate government-authorized questions.
By utilizing the tools, resources and strategies above, you have a much higher chance of protecting yourself against scammers.
P.S. Varonis Security Data Blog describes the difference between phishing and hacking as follows: Hacking* is using exploits to gain access to something you do not normally have access to. Phishing* is masquerading as a trustworthy source in an attempt to bait a user to surrender sensitive information such as a username, password, credit card number, etc.