Scammers are always out to trick you, to get you to fall for a con. What can security experts recommend to prevent you falling for scams?
It doesn’t matter what time of year it is, because scammers are still doing their thing, and they’ll keep at it year round. What do security experts recommend to stop you from falling for scams?
We’ve sure written a lot about internet security and scams this year, and our guess is it won’t change for the foreseeable future, thanks in part to just how lucrative an area it is for cybercriminals, scammers, and con-artists.
While the government hadn’t tabulated December’s scam statistics by the time this article went live, scammers had relieved Australians of over $280 million in 2021 based on what was reported to Scamwatch, a staggering number that shows scams are working, and in massive numbers. Over 270,000 reports were made during the year, as scammers took more advantage of our time working from home, being at home, and in general finding more ways to convince us of their legitimacy.
It meant we were hearing and seeing more scams, but in turn talking to more security experts, as well.
So ahead of the new year, what do those experts think you should do to stay on guard against scams?
Be on alert for urgency
One of the more direct ways scammers try to go for the jugular is to hit you with the idea that you have to act fast. As in now.
Emails that come in advising of a security breach, so act now! Text messages saying you have a delivery today or can only win if you act in minutes… respond immediately! You know the drill.
“Scammers rely on fear, uncertainty & doubt when performing scams,” said Mark Gorrie, Senior Director of NortonLifeLock in the Asia Pacific region.
“Be on alert for unexpected calls, emails & messages that contain threats of legal action or fines, offers too good to be true, computer issues, missed deliveries, tax refunds or identifying you as a scam victim. “Question the unexpected,” he told Pickr earlier in the year.
“If ever in doubt, always go to the source. [For instance], if a tech-support scam asks you to call a number based on a pop up, don’t follow. Instead, reach out to the company directly through their official website and explain what happened.”
Passwords need to be strong and multi-factor switched on
One of the most obvious ways a scammer can achieve their goal is to get you to type in your password on a website convincing you it’s the real deal. While it didn’t start this year, we’ve seen a lot of phishing attempts in scams this year, and given how it seems to work, we suspect it won’t stop, which makes it vitally important to ensure your passwords aren’t the same, and that you have other forms of password security switched on.
Password security can be hit and miss at times, you see, partly because how difficult it can be to hold onto the vast assortment of passwords we all have. Even though every password should be different, thereby minimising the issues if one is broken or stolen, it may not be all that surprising to learn plenty of people use the same passwords day in and day out.
And that’s why you need to consider multi-factor authentication, a process you may know as 2FA or “Two-Factor Authentication”, but which has grown to allow for more. Three-Factor or 3FA is one variation that means instead of just having you enter a password, you’re asked to check for a message somewhere else, like a phone, and email address, or using a special key, with these providing extra security for when you log into a legitimate service.
“Every day, we see passwords being sold on the dark web and exploited for fraudulent activity,” said Robert Schwarz, Managing Director for Enterprise in Australia and New Zealand at Nuance.
“Protecting accounts with three-factor authentication wherefore possible is key,” he said.
“The added layers of requiring authentication through something you have physical access to, such as a one-off PIN sent to mobile phone, and most importantly, with something you are, like your voice, face, fingerprint or typing behaviour, is your best defence.”
Keep aware and educated on scams
Scams are never going to stop, and education is one of the key approaches we have in the fight against them.
“Educating yourself on how to spot them and what to look out for is crucial, but even people who are hyperaware can be outsmarted by cybercriminals that have become sneakier and more strategic in their approach,” said Tim Falinski, Managing Director for Trend Micro’s Consumer Division in the Asia Pacific region.
That means being aware is important, but staying aware long term is also critical, because while scams can look the same, they can also evolve.
Be mindful of how you use technology
While scams are gradually evolving, so too is how you use the world of technology around you. What you use and how you use it changes, whether it means relying on your phone more or your computer more, and inherently trusting what appears on both.
For instance, if you use your phone more, you mightn’t think scams are occurring in your SMS inbox, or even that they might be changing. Even though the recent spate of fake delivery Flubot scams were targeted mostly at Android users and involved an app install, there’s still a risk for iPhone users, because a click to that website could easily do a browser check and send you to a different type of threat, messing with you in the process.
There are so many ways scammers can try for your wallet and identity, and being aware of how you use technology — and how you change those habits from device to device — can help.
“You can’t have an ‘it’ll be right’ attitude when going online or using your device, it’s important to be aware of the risks of your actions or inaction, especially with cyber threats on the rise,” said Stephen Koh, Cyber Security Expert at Avast.
Slow down and check for mistakes
If there’s one consistent message we’ve learned from scammers over the past decade, it’s that they’re not fantastic at spelling or grammar or punctuation… or just using the native vernacular you’re probably used to.
Rather, they rush things, and so in turn, expect us to rush how we read their messages. Your brain can actually process grammatical errors without you realising it, which may or may not be something scammers and cybercriminals are even aware of, but is something they’ll all too happily take advantage of.
So instead of simply falling for a scam, slow down.
“So many of us make mistakes or poor decisions when we are rushing,” said Alex Merton-McCann, Cyber Safety Ambassador for McAfee.
“If you receive a request or email from an individual or business that you aren’t sure about, take some time to do your homework,” she said. “Do a Google search and if it’s an individual, do a Google Image search also. If you received the message from a friend, contact your friend directly and ask whether they had in fact sent this message themselves, or worse case, they had been hacked.”
It’s an area experts agree is a problem, with mistakes made by scammers coupled with our ability to rush through them making for a bad time for the victim, which in this case could be you.
“Scammers constantly change their methods, but always rely on you to make a mistake,” said Alex Balan, Chief Security Research for Bitdefender.
“The best way to protect against a potential attack is to pay attention to the details,” he said.
That means checking for typos, poor grammar, weird punctuation, email addresses that don’t seem quite right, and so on. There are so many ways for scammers to present you with a fraudulent message, and knowing what these are is important.
An SMS coming into you doesn’t just have to be for you legitimately, but can be faked, thanks in part to how easy it is to make a fake SMS look real. The same goes with emails, but you can always check out the actual email address field to see how a scammer is trying to manipulate you.
“Don’t rush into anything,” said Balan.
“Double check everything using legitimate sources. If an offer seems too good to be true, it probably is,” he said.
“Look for typos, misspelled names, websites, and e-mail addresses. Just because an email has legitimate logos doesn’t mean the email address is legitimate. As in many other offline situations, when dealing with digital scammers it’s always better to be safe than sorry.”