You may have already received scam emails about your car warranty expiring or ways to lower your credit card interest rate. But just as you've spotted those deceptive scams, cyber criminals are changing tactics.
Not only that, but the sheer number of scams is growing. In the first three quarters of 2022, more than 130,000 consumers reported to the Federal Trade Commission that they'd been scammed with cons on social media alone. The losses to victims — that means you, consumers — of these scams amount to more than $930 million.
Because cyber criminals are constantly scheming to develop new scams every year, it's essential to stay on top of these trends. Additionally, as technology has opened up opportunities to live and work remotely, it's even more important to be aware of fraud pitfalls.
Here are some of the latest developments and new tactics of five prevalent scams that cyber criminals rely on.
How they work: This type of fraud can be prevalent in times of high-profile crisis, such as political unrest or natural disasters. One example is fraudulent charitable organizations reaching out asking for donations to help refugees. If it's an email or text, it might include a link asking for your financial details or an attachment with instructions on how to donate cryptocurrency or dollars. If it's a call, they'll ask for your banking or credit card details.
Any kind of upheaval is an opportunity for scammers to find new victims. "It's definitely an angle that that fraudsters love to exploit," says Juan Benavente, head of Cyber Fraud Fusion Center and intelligence strategy at Citi. Geopolitical conflicts often cause a surge in charity-related scams, as well as scams about individuals trying to flee.
"The scammer gives you a goal and says, 'Hey, I need help to leave the country.' They usually target the elderly for these types of attacks," he says.
Based on current events, Benavente expects to see an uptick in these types of scams and other cyber-enabled fraud.
What you can do: Research the organization before donating. There are resources to help check if an organization is legitimate and registered with the IRS as a tax-exempt organization. You can also check to see how much of your donation will go to the charity's mission or causes on sites such as Charity Navigator or BBB Wise Giving Alliance.
Aid in times of crisis does seem urgent, but these scammers are preying on people's good will. "There's no rush to do any sort of donations. Do the due diligence for it; that will definitely help," Benavente advises.
How they work: You receive what sounds like a legitimate call or appears to be an email from your bank, a reputable vendor or your insurance company about suspicious activity or a problem with your account.
If it's a call, you'll be asked to provide some additional information, like the security code on the back of your card. If it's an email or text, you may be provided with a link to a fake website that requires you to log in and verify information.
Cyber criminals often target consumers of well-known companies because there's already a level of trust that's been established. "We've seen increased incidences where our customers are getting calls or other reach outs from bad actors who might say they're from a fraud department or have seen suspicious activity and need to confirm information with them," says Adam Wood, director of cards fraud prevention and policy at Citi.
"They can sound very legitimate in those conversations and may know some things about the cardholder, such as their address and other information that they can use to establish a comfort level and some level of trust," he adds.
What you can do: These calls and emails may seem credible — however, be on high alert when asked to provide personal details via an unsolicited call, text or email link. You can also check the real email address of the sender by hovering over or clicking on the sender's name. Hang up or ignore the link provided in the text or email, and instead go to the website directly or call the number on the back of your credit card. If there's really a problem with your account, it will be recorded there.
How they work: You receive a call, email or text from what you think is a reputable company that you use, and you are asked to download a remote access app so they can fix a billing issue or send you a gift reward.
In the recent past, cyber criminals might have used malware, or malicious software, to steal private, personal details and gain access to your accounts. But as more people wise up to the scheme, cyber criminals are moving on to remote access apps.
Remote access apps are legitimate services that can be found in app stores, but in cases of fraud, the scammer uses the app to gain access to your personal information and accounts.
"Malware detection is pretty good and improves all the time. People are smarter about it: I got this file, should I really open that? And should I install this on my machine?" says Brian Kennedy, director of online/mobile fraud prevention and strategy at Citi. Under this scheme, "customers are tricked into downloading these [apps], and what they're doing is giving the bad actors access to their device," says Kennedy.
What you can do: Don't agree to download any remote access apps — if you receive a call, message or email, disregard it. You can check if the claim is legitimate by logging into your account on the official website.
How they work: You receive a call from a debt consolidation or debt settlement company with an offer to negotiate with creditors and put all of your debt into one account, to make it easier to pay off debt faster. Soon after, you discover that you have a new banking or credit card account opened in your name with an exorbitant service fee added on top.
"All of a sudden, the person ends up in an account that they didn't really understand they were opening that has some really high dollar charge on it. It wasn't clear what they were getting into," says Wood. Often, the first time the victim learns they've been scammed is when the bank or credit card company reaches out because there haven't been any payments made to the account.
"It can be confusing," says Wood, because sometimes the fee on the account is charged by a company that's not the one that was represented to them as a consolidation.
What you can do: Don't give your information to a "debt consolidation company" or "debt settlement company." There are some legitimate services, but they could come with high fees. If you need to consolidate your debt, seek advice from a trusted financial advisor and work directly with a reputable financial institution.
How they work: Your mobile phone abruptly stops working. There are no bars for cellular coverage and phone calls aren't coming in.
What's happened here is a SIM card swap scheme. A cyber criminal has switched your phone number from one wireless provider to another, so your phone is no longer receiving calls. If you were to log in to your bank or credit card account and use two-factor authentication, you would not receive the one-time password that's been texted to your phone. Instead, the cyber-criminal is now receiving that information and can access your bank account, assuming they've already guessed the password to your bank or credit card account.
Bad players are after your personal information because it's the key to your accounts. Here are some steps you can take to help secure those details.
Cyber criminals are using more sophisticated, targeted techniques on victims; they may often already know some information about you, like which state you live in or that you're a customer of a particular bank or company. To make it more difficult for criminals to gain access to your accounts, avoid disclosing personal or financial information when posting on social media.
Don't use the same password on multiple accounts. That makes it easier for cyber criminals to break into all of your accounts since all they have to do is find out that one password.
Given the growing number of scam calls from fraudsters pretending to be legitimate companies, it's a good idea to be wary of providing information over the phone or through a link. Scammers have gotten good at spoofing calls, so even if the number that shows up seems to be from your bank or a company you trust, it might not be. Go to the official company site instead, or call the official number.
The content reflects the view of the authors of the article and does not necessarily reflect the views of Citi or its employees, and we do not guarantee the accuracy or completeness of the information presented in the article.