Login
Phishing attacks have all kinds of lures. And many are so tried and true that it makes them easy to spot.
The target of a phishing attack is you. More specifically, your personal info and your money. Whether a scammer reaches out by email, with a text, or through a direct message, that’s what they’re after. And with a link, they whisk you off to a sketchy site designed to take them from you.
Just how much phishing is going on? To date, we’ve identified more than half a billion malicious sites out there. A number that grows daily. Because these attacks often succeed. One big reason why — they play on people’s emotions.
Phishing attacks always involve a form of “social engineering,” which is an academic way of saying that scammers use manipulation in their attacks. Commonly, scammers pretend to be a legitimate person or business.
You can get a better idea of how this works by learning about some of the most popular scams circulating today:
The CEO Scam
This scam appears as an email from a leader in your organization, asking for highly sensitive info like company accounts, employee salaries, and Social Security numbers. The hackers “spoof”, or fake, the boss’ email address so it looks like a legitimate internal company email. That’s what makes this scam so convincing — the lure is that you want to do your job and please your boss. But keep this scam in mind if you receive an email asking for confidential or highly sensitive info. Ask the apparent sender directly whether the request is real before acting.
The Urgent Email Attachment
Phishing emails that try to trick you into downloading a dangerous attachment that can infect your computer and steal your private info have been around for a long time. This is because they work. You’ve probably received emails asking you to download attachments confirming a package delivery, trip itinerary, or prize. They might urge you to “respond immediately!” The lure here is offering you something you want and invoking a sense of urgency to get you to click.
The “Lucky” Text or Email
How fortunate! You’ve won a free gift, an exclusive service, or a great deal on a trip to Las Vegas. Just remember, whatever “limited time offer” you’re being sold, it’s probably a phishing scam designed to get you to give up your credit card number or identity info. The lure here is something free or exciting at what appears to be little or no cost to you.
The Romance Scam
This one can happen completely online, over the phone, or in person after contact is established. But the romance scam always starts with someone supposedly looking for love. The scammer often puts a phony ad online or poses as a friend-of-a-friend on social media and contacts you directly. But what starts as the promise of love or partnership, often leads to requests for money or pricey gifts. The scammer will sometimes spin a hardship story, saying they need to borrow money to come visit you or pay their phone bill so they can stay in touch. The lure here is simple — love and acceptance.
While you can’t outright stop phishing attacks from making their way to your computer or phone, you can do several things to keep yourself from falling for them. Further, you can do other things that might make it more difficult for scammers to reach you.
The content and the tone of the message can tell you quite a lot. Threatening messages or ones that play on fear are often phishing attacks, such as angry messages from a so-called tax agent looking to collect back taxes. Other messages will lean heavily on urgency, like a phony overdue payment notice. And during the holidays, watch out for loud, overexcited messages about deep discounts on hard-to-find items. Instead of linking you to a proper e-commerce site, they might link you to a scam shopping site that does nothing but steal your money and the account info you used to pay them. In all, phishing attacks indeed smell fishy. Slow down and review that message with a critical eye. It might tip you off to a scam.
Some phishing attacks can look rather convincing. So much so that you’ll want to follow up on them, like if your bank reports irregular activity on your account or a bill appears to be past due. In these cases, don’t click on the link in the message. Go straight to the website of the business or organization in question and access your account from there. Likewise, if you have questions, you can always reach out to their customer service number or web page.
When scammers contact you via social media, that can be a tell-tale sign of a scam. Consider, would an income tax collector contact you over social media? The answer there is no. For example, in the U.S. the Internal Revenue Service (IRS) makes it clear that they will never contact taxpayers via social media. (Let alone send angry, threatening messages.) In all, legitimate businesses and organizations don’t use social media as a channel for official communications. They’ve accepted ways they will, and will not, contact you. If you have any doubts about a communication you received, contact the business or organization in question directly. Follow up with one of their customer service representatives.
Some phishing attacks involve attachments packed with malware, like ransomware, viruses, and keyloggers. If you receive a message with such an attachment, delete it. Even if you receive an email with an attachment from someone you know, follow up with that person. Particularly if you weren’t expecting an attachment from them. Scammers often hijack or spoof email accounts of everyday people to spread malware.
On computers and laptops, you can hover your cursor over links without clicking on them to see the web address. Take a close look at the addresses the message is using. If it’s an email, look at the email address. Maybe the address doesn’t match the company or organization at all. Or maybe it looks like it almost does, yet it adds a few letters or words to the name. This marks yet another sign that you might have a phishing attack on your hands. Scammers also use the common tactic of a link shortener, which creates links that almost look like strings of indecipherable text. These shortened links mask the true address, which might indeed be a link to a scam site. Delete the message. If possible, report it. Many social media platforms and messaging apps have built-in controls for reporting suspicious accounts and messages.
On social media and messaging platforms, stick to following, friending, and messaging people who you really know. As for those people who contact you out of the blue, be suspicious. Sad to say, they’re often scammers canvassing these platforms for victims. Better yet, where you can, set your profile to private, which makes it more difficult for scammers to select and stalk you for an attack.
How’d that scammer get your phone number or email address anyway? Chances are, they pulled that info off a data broker site. Data brokers buy, collect, and sell detailed personal info, which they compile from several public and private sources, such as local, state, and federal records, plus third parties like supermarket shopper’s cards and mobile apps that share and sell user data. Moreover, they’ll sell it to anyone who pays for it, including people who’ll use that info for scams. You can help reduce those scam texts and calls by removing your info from those sites. Our Personal Data Cleanup scans some of the riskiest data broker sites and shows you which ones are selling your personal info.
Online protection software can protect you in several ways. First, it can offer web protection features that can identify malicious links and downloads, which can help prevent clicking them. Further, features like our web protection can steer you away from dangerous websites and block malware and phishing sites if you accidentally click on a malicious link. Additionally, our Scam Protection feature warns you of sketchy links in emails, texts, and messages. And overall, strong virus and malware protection can further block any attacks on your devices. Be sure to protect your smartphones in addition to your computers and laptops as well, particularly given all the sensitive things we do on them, like banking, shopping, and booking rides and travel.
The post How to Spot Phishing Lures appeared first on McAfee Blog.
Just when they need financial security the most, job seekers face another challenge—getting ripped off by job scams.
Scammers will capitalize on any opportunity to fleece a victim, like the holidays with ecommerce scams and tax time with IRS scams. Now, with surging employment figures, scammers have turned to job scams that harvest money and personal information from job seekers.
In some ways, the tactics bear resemblance to online dating and romance scammers who hide behind a phony profile and tell their victims a story they want to hear, namely that someone loves them. With job scams, they take on the persona of a recruiter and lure their victims with what seems like an outstanding job offer. Of course, there’s no job. It’s a scam.
These attacks have gained a degree of sophistication that they once lacked. Years prior, scammers relied on spammy emails and texts to share their bogus job offers. Now, they’re using phony profiles on social media platforms to target victims.
Social media platforms have several mechanisms in place to identity and delete the phony profiles that scammers use for these attacks. Of note, LinkedIn’s latest community report cited the removal of more than 21 million fake accounts in the first half of 2022:
Likewise, Facebook took action on 1.5 billion fake accounts in Q3 of 2022 alone, with more than 99% of them acted on before users reported them.
Still, some scammers make their way through.
As Steve Grobman, our senior vice president and chief technology officer, was quoted in an article for CNET, the continued shift to remote work, along with remote hiring, has also made it easier for online job scams to flourish. And the figures bear that out.
In 2021, the FTC called out $209 million in reported losses due to job scams. In just the first three quarters of 2022, reported job scam losses had already reached $250 million. While year-end figures have yet to be posted, the final tally for 2022 could end up well over $300 million, a 50% uptick. And the median loss per victim? Right around $2,000 each.
While the promise of work or a job offer make these scams unique, the scammers behind them want the same old things—your money, along with your personal information so that they can use it to cause yet more harm. The moment any so-called job offer asks for any of those, a red flag should immediately go up.
It’s possibly a scam if:
In the hands of a scammer, your SSN or tax ID is the master key to your identity. With it, they can open up bank cards, lines of credit, apply for insurance benefits, collect benefits and tax returns, or even commit crimes, all in your name. Needless to say, scammers will ask for it, perhaps under the guise of background check or for payroll purposes. The only time you should provide your SSN or tax ID is when you know that you have accepted a legitimate job with a legitimate company, and through a secure document signing service, never via email, text, or over the phone.
Another trick scammers rely on is asking for bank account information so that they can wire payment to you. As with the SSN above, closely guard this information and treat it in exactly the same way. Don’t give it out unless you actually have a legitimate job with a legitimate company.
Some scammers will take a different route. They’ll promise employment, but first you’ll need to pay them for training, onboarding, or equipment before you can start work. Legitimate companies won’t make these kinds of requests.
Aside from the types of information they ask for, the way they ask for your information offers other clues that you might be mixed up in a scam. Look out for the following as well:
You can sniff out many online scams with the “too good to be true” test. Scammers often make big promises during the holidays with low-priced offers for hard-to-get holiday gifts and then simply don’t deliver. It’s the same with job scams. The high pay, the low hours, and even the offer of things like a laptop and other perks, these are signs that a job offer might be a scam. Moreover, when pressed for details about this seemingly fantastic job opportunity, scammers may balk. Or they may come back with incomplete or inconsistent replies because the job doesn’t exist at all.
Job scammers hide behind their screens. They use the anonymity of the internet to their advantage. Job scammers likewise create phony profiles on networking and social media websites, which means they won’t agree to a video chat or call, which are commonly used in legitimate recruiting today. If your job offer doesn’t involve some sort of face-to-face communication, that’s an indication it may be a scam.
Scammers now have an additional tool reel in their victims—AI chatbots like Chat GPT, which can generate email correspondence, chats, LinkedIn profiles, and other content in seconds so they can bilk victims on a huge scale. However, AI has its limits. Right now, it tends to use shorter sentences in a way that seems like it’s simply spitting out information. There’s little story or substance to the content it creates. That may be a sign of a scam. Likewise, even without AI, you may spot a recruiter using technical or job-related terms in an unusual ways, as if they’re unfamiliar with the work they’re hiring for. That’s another potential sign.
Scammers love a quick conversion. Yet job seekers today know that interview processes are typically long and involved, often relying on several rounds of interviews and loops. If a job offer comes along without the usual rigor and the recruiter is asking for personal information practically right away, that’s another near-certain sign of a scam.
This is another red flag. Legitimate businesses stick to platforms associated with networking for business purposes, typically not networking for families, friends, and interests. Why do scammers use sites like Facebook anyway? They’re a gold mine of information. By trolling public profiles, they have access to years of posts and armloads of personal information on thousands of people, which they can use to target their attacks. This is another good reason to set your social media profiles on platforms like Facebook, Instagram, and other friend-oriented sites to private so that scammers of all kinds, not just job scammers, can’t use your information against you.
As a job hunter you know, getting the right job requires some research. You look up the company, dig into their history—the work they do, how long they’ve been at it, where their locations are, and maybe even read some reviews provided by current or former employees. When it comes to job offers that come out of the blue, it calls for taking that research a step further.
After all, is that business really a business, or is it really a scam?
In the U.S., you have several resources that can help you answer that question. The Better Business Bureau (BBB) offers a searchable listing of businesses in the U.S., along with a brief profile, a rating, and even a list of complaints (and company responses) waged against them. Spending some time here can quickly shed light on the legitimacy of a company.
Also in the U.S., you can visit the website of your state’s Secretary of State and search for the business in question, where you can find when it was founded, if it’s still active, or if it exists at all. For businesses based in a state other than your own, you can visit that state’s Secretary of State website for information. For a state-by-state list of Secretaries of State, you can visit the Secretary of State Corporate Search page here.
For a listing of businesses with international locations, organizations like S&P Global Ratings and the Dun and Bradstreet Corporation can provide background information, which may require signing up for an account.
Given the way rely so heavily on the internet to get things done and simply enjoy our day, comprehensive online protection software that looks out for your identity, privacy, and devices is a must. Specific to job scams, it can help you in several ways, these being just a few:
Job searches are loaded with emotion—excitement and hopefulness, sometimes urgency and frustration as well. Scammers will always lean into these emotions and hope to catch you off your guard. If there’s a common thread across all kinds of online scams, that’s it. Emotion.
A combination of a cool head and some precautionary measures that protect you and your devices can make for a much safer job-hunting experience, and a safer, more private life online too.
Editor’s Note:
Job scams are a crime. If you think that you or someone you know has fallen victim to one, report it to your authorities and appropriate government agencies. In the case of identity theft or loss of personal information, our knowledge base article on identity theft offers suggestions for the specific steps you can take in specific countries, along with helpful links for local authorities that you can turn to for reporting and assistance.
The post Job Scams—How to Tell if that Online Job Offer is Fake appeared first on McAfee Blog.
As with any major holiday or special occasion, Valentine’s Day is unfortunately not immune to scammers looking for an opportunity to exploit unsuspecting individuals. Their deceitful acts can break hearts and bank accounts. In this article, we spotlight some common Valentine’s Day scams, offer tips on how to protect yourself and navigate this romantic day with confidence and caution.
Valentine’s Day is a time when love is in the air. It’s a time to express your feelings for that special someone in your life, or perhaps even embark on a new romantic journey. But while you’re busy planning that perfect dinner or choosing the ideal gift, there’s an unromantic side to the day that you should be aware of – the potential for scams.
Scammers, always looking for new ways to trick people into parting with their money, use the heightened emotions of Valentine’s Day to their advantage. They prey on the unwary, the love-struck, and even the lonely – anyone who might let their guard down in the quest for love or the pursuit of the perfect gift. And in our increasingly digital world, these unscrupulous individuals have more ways than ever to reach potential victims.
→ Dig Deeper: AI Goes Dating: McAfee Study Shows 1 in 3 Men Plan to Use Artificial Intelligence to Write Love Letters this Valentine’s Day
Knowledge is power, as the saying goes, and that’s certainly true when it comes to protecting yourself from scams. By understanding the types of scams that are common around Valentine’s Day, you can be better prepared to spot them – and avoid falling victim.
One of the most common Valentine’s Day scams is the romance scam. Scammers, often posing as potential love interests on dating websites or social media, manipulate victims into believing they are in a romantic relationship. Once they have gained their victim’s trust, they ask for money – perhaps to pay for a flight so they can meet in person, or because of a sudden personal crisis. These scams can be emotionally devastating, and they can also result in significant financial loss.
→ Dig Deeper: Fraudulent Adult Dating Services Turn 10 Years Old, Still Evolving
Another popular scam around Valentine’s Day involves online shopping. With many people seeking the perfect gift for their loved ones, scammers set up fake websites that appear to sell everything from jewelry to concert tickets. After making a purchase, the unsuspecting victim either receives a counterfeit product or, in some cases, nothing at all. Additionally, these sites may be designed to steal credit card information or other personal data.
Phishing scams are also common. In these scams, victims receive emails that appear to be from a legitimate company – perhaps a florist or a candy company – asking them to confirm their account information or to click on a link. The goal is to steal sensitive information, such as credit card numbers or login credentials.
While the existence of these scams is unquestionably concerning, the good news is that there are steps you can take to protect yourself. Valentine’s Day should be a celebration of love, not a source of stress and worry.
One of the most important is to be aware that these scams exist and to be cautious when interacting with unfamiliar people or websites. If something seems too good to be true, it probably is.
When shopping online, make sure the website you are using is secure, and consider using a credit card, which offers greater protection against fraud compared to other forms of payment. Be wary of emails from unknown sources, especially those that ask for personal information or urge you to click on a link.
For shopping scams, it’s recommended to do research on any unfamiliar online retailer before making a purchase. Look for reviews or complaints about the retailer on independent consumer websites. If the website is offering items at a price that seems too good to be true, it likely is. Also, consider the website’s URL. A URL that begins with ‘https://’ indicates that the website encrypts user information, making it safer to input sensitive information than on websites with ‘http://’ URLs.
Forewarned is forearmed, and having advanced strategies to detect and avoid scams is also a strong line of defense. When it comes to online dating, be sure to thoroughly vet any potential romantic interests. This involves doing a reverse image search of profile photos, which can quickly reveal if a picture has been stolen from another online source. Additionally, be aware of red flags such as overly-flattering messages or requests to move the conversation to a private email or messaging app.
McAfee Pro Tip: If you’re considering using one of these for a bit of dating beyond a dating app or simply to stay connected with family and friends, the key advice is to do your homework. Look into their security measures and privacy policies, especially because some have faced security issues recently. For more information, take a look at this article on video conferencing to ensure you can keep hackers and uninvited guests away when you’re chatting.
If you come across a scam or fall victim to one, it’s crucial to report it to the appropriate authorities. This helps law enforcement track down scammers and alert others to the scam. In the U.S., you can report scams to the Federal Trade Commission through their website. If the scam involves a financial transaction, also report it to your bank or credit card company. They may be able to help recover your funds or prevent further losses.
Additionally, take steps to protect yourself after falling victim to a scam. This could involve changing passwords, monitoring your financial accounts for unusual activity, or even freezing your credit. It can also be beneficial to alert your friends and family to the scam, both to protect them and to gain their support and assistance in dealing with the aftermath of the scam.
→ Dig Deeper: How To Report An Online Scam
The unfortunate reality is that scammers are ever-present and always looking for new ways to exploit unsuspecting victims. However, by being informed, cautious, and proactive, you can significantly decrease your chances of falling victim to a Valentine’s Day scam. Whether you’re looking for love or shopping for the perfect gift, remember to always prioritize your safety and security.
And if you do encounter a scam, take comfort in knowing that you’re not alone and there are resources available to help. McAfee’s blogs and reports are just some of them. By reporting scams to the authorities, you’re doing your part to help stop scammers in their tracks and protect others from falling victim. Remember, Valentine’s Day is a day for celebrating love, not for worrying about scammers. Stay safe, stay informed, and don’t let a scammer ruin your Valentine’s Day.
Remember to always stay vigilant. Protect your heart and your bank account, and make sure your Valentine’s Day is filled with love and happiness, not regret and frustration. Don’t let scammers break your heart or your bank account – on Valentine’s Day or on any other day.
The post Valentine’s Alert: Don’t Let Scammers Break Your Heart or Your Bank Account appeared first on McAfee Blog.
Everyone loves a great deal when they shop online. Until they discover it’s a rip-off.
Social media ads for vintage wear. Website ads for home entertainment gear. Search ads for handbags. Some of these ads aren’t what they seem. Instead of leading you to deals on a trustworthy ecommerce site, the ads take you to a bogus page designed to steal your money and personal info.
Unfortunately, it happens. And one global report estimated that online shoppers lost $41 billion to fraud in 2022. How do scammers pull it off? With the same tools that legitimate businesses use.
Let’s look at how they do it and how you can steer clear of their tricks.
Many of today’s scammers work in organized fashion. They oversee large cybercrime operations that run much like a business. They employ web designers, coders, marketing teams, and customer call centers that mimic a genuine online retailer. Which makes sense. The more they can look and act like the real thing, the more likely they can lure victims into their online stores.
Smaller bands of scammers get in on this action as well. Just as a small business can easily create an online store with any number of off-the-shelf services and solutions, so can a couple of scammers.
In this way, scammers large and small can readily create a professional-looking website, create effective ads to drive traffic to it, and collect financial information from there.
Yet, some scammers don’t steal financial information outright. They might indeed ship you the goods, but they won’t be the goods you ordered. They’re counterfeit. And it might be part of a large-scale operation that exploits child workers.
Whether they’re out to steal your money or sell you knockoff goods, online shopping scams tend to ramp up around gift-giving seasons. They’ll bait shoppers with hard-to-find items, tout steep discounts on other popular items, and otherwise play into the rush of holiday gift buying. Yet they crop up year-round as well. Really, any time you shop is a time to be on the lookout for them.
This is a great piece of advice to start with. Directly typing in the correct address for online stores and retailers is a prime way to avoid scammers online. In the case of retailers that you don’t know much about, the U.S. Better Business Bureau (BBB) asks shoppers to do their research. Ensure that the retailer has a good reputation. The BBB makes that easier with a listing of retailers you can search by typing in their name.
Also in the U.S., you can visit the website of your state’s Secretary of State. There you can search for the business in question, learn when it was founded, if it’s still active, or if it exists at all. For businesses based in a state other than your own, you can visit that state’s Secretary of State website for information. For a state-by-state list of Secretaries of State, you can visit the Secretary of State Corporate Search page here.
For a listing of businesses with international locations, organizations like S&P Global Ratings and the Dun and Bradstreet Corporation can provide background information.
Never heard of that retailer before? See when they launched their website. A relatively new site might be a sign that it’s part of a scam.
A quick visit to the ICANN (Internet Corporation for Assigned Names and Numbers) website can show you certain background information for any website you type in. Given how quickly and easily scammers can register and launch a website, this kind of information can help you sniff out a scam.
Of course, it might also indicate a new business that’s entirely legitimate, so a little more digging is called for. That’s where reviews come in. Aside from the resources listed above, a simple web search of “[company name] reviews” or “[company name] scam” can help you find out if the retailer is legit.
3. Look for the lock icon in your browser when you shop.
Secure websites begin their addresses with “https,” not just “http.” That extra “s” stands for “secure,” which means that it uses a secure protocol for transmitting sensitive info like passwords, credit card numbers, and the like over the internet. It often appears as a little padlock icon in the address bar of your browser, so double-check for that. If you don’t see that it’s secure, it’s best to avoid making purchases on that website.
4. Pay with a credit card instead of your debit card.
Credit cards offer fraud protections that debit cards don’t. Another key difference: when fraud occurs with a debit card, you fight to get your money back—it’s gone straight out of your account. With a credit card, the issuer fights to get their money back. They’re the ones who take the financial hit.
Additionally, in the U.S., the Fair Credit Billing Act offers the public protection against fraudulent charges on credit cards. The act gives citizens the power to dispute charges over $50 for goods and services that were never delivered or otherwise billed incorrectly. Note that many credit card companies have their own policies that improve upon the Fair Credit Billing Act as well. However, debit cards aren’t afforded the same protection under the Act. Avoid using a debit card while shopping online and use your credit card instead.
Two-factor authentication is an extra layer of defense on top of your username and password. It adds a one-time-use code to access your login procedure, typically sent to your smartphone by text or call. Together, that makes it tougher for a crook to hack your account. If any of your accounts support two-factor authentication, the few extra seconds it takes to set up is more than worth the big boost in protection you’ll get.
Public Wi-Fi in coffee shops and other public locations can expose your private surfing to prying eyes because those networks are open to all. A virtual private network (VPN) encrypts your browsing, shopping, and other internet traffic. That makes it secure from bad actors who try to intercept your data on public Wi-Fi, which can include your passwords and credit card numbers.
A complete suite of online protection software like McAfee+ can offer layers of extra security while you shop. It includes web browser protection that can block malicious and questionable links that might lead you down the road to malware or a phishing scam— along with a password manager that can create and securely store strong, unique passwords.
Social media has made it easier for sellers large and small to reach customers online. It’s made it easier for scammers to reach victims too.
If you’re on social media, you’ve certainly seen your share of ads. Some are from companies and retailers you know and trust. Yet more are from names you’ve likely never heard of. They might be legitimate businesses, yet they might be fronts for a convincing-looking scam.
These ads end up on social media the same way ads from legitimate businesses do, by way of social media ad platforms. Social media companies created these platforms so advertisers can reach millions of individual users based upon their age group, hobbies and interests, past purchases, and so on.
For example, a scammer might target younger shoppers with an interest in retro fashion. From there, the scammer can narrow that down to target people who live in metropolitan areas who like 1980s memorabilia. The scammers then create an ad that takes that audience to a phony website loaded with bogus t-shirts, coats, and bags.
All of it costs relatively little. A small ad budget of a few hundred dollars can give scammers exposure to millions of potential victims.
The best way to avoid getting stung by these sites is to do your homework. Seek out the company’s track record. Look for reviews. And if you’re unsure, take a pass. Don’t shop with that company.
Shopping scams can look and feel rather sophisticated today. With a host of low-cost and easy-to-use tools for publishing and advertising online, scammers of all sizes can create bogus shopping experiences that look convincing.
So buyers be wary. Before you click or tap on that ad, do some research. Determine if the company is legitimate, if it’s had complaints waged against it, and how those complaints were resolved. And always use your credit card. It offers the best consumer protections you have in the event you do end up getting scammed.
The post Steer Clear of Rip-offs: Top Tips for Safer Online Shopping appeared first on McAfee Blog.
FreshRSS 