How to Avoid Being Scammed (at Work and at Home)

There was a time when malicious computer viruses and other online threats were more or less just a nuisance. There were a handful of dangerous threats 15-20 years ago, but the majority of online threats mostly just bogged down your computer or got in your way. 

Fast forward to today, and things are a lot different. Cybercrime is a lucrative industry, and cybercriminals (and scammers in general) treat their work like a business. The average person experiences about one scam every waking hour, whether at work or at home, so it’s more important than ever to understand what you are up against.

Understand That Nobody is Immune to Cyberthreats

It doesn’t matter how big or small of a business you run, it doesn’t matter who you are, or how much you think your data is worth, if you have a pulse and a bank account, you are a target for cybercriminals. 

There are definitely individuals who are targeted more frequently by certain types of scams; you have to remember that scam artists and cybercriminals are opportunists and will try to use tactics that they know work on people like you.

We can’t stress this enough, though—regardless of your position, the size of your business, the nature of your business, your age, your gender, or how particularly offline your life is, you are not immune to these threats.

If Something Seems Urgent, Be Skeptical

One of the most effective ways scammers and cybercriminals try to get you to act on something is to come at you with an air of urgency. The idea is to get you to react without thinking clearly.

For example, an email that comes in out of the blue stating that your PayPal or credit card was just charged $1500 might cause you to start clicking without catching a subtle red flag that you are just being tricked.

Often, phishing emails and scams are notorious for having misspellings or getting some of the information wrong, but if you let your fight or flight response kick in, there’s a good chance that you’ll gloss right over anything suspicious.

What To Do When Something Seems Overly Urgent
Nothing sent via email is really expected to be handled immediately, so if you get an email that demands urgency, take a deep breath. If the email is urging you to log into an account to review a transaction or change a password or some other urgent matter, open up a new browser tab and log into the website the way you normally would. Don’t let that urgent email be the means that gets you into your account. 

That way, you can safely log into the account and check the problem. If the email was some kind of a scam, it might take you to a phishing site that looks legitimate, but just steals your login credentials. It’s kind of silly, but think of it like this; if this email has the audacity to be so urgent, go over its head and ignore how it tells you to log into the website, and log in the way you normally would (from a bookmark, or by typing the URL into your browser, etc.).

Don’t Send Money

Email is generally not a safe place to make transactions. You should never send credit card information via email, especially if the email isn’t encrypted. On top of that, you just shouldn’t send money to someone unless you are absolutely sure it’s going to get to them. Let’s look at some examples to show you why:

Grandparent Scams: This isn’t an email scam per se, usually it happens over the phone. You’ll get a phone call stating that your son or daughter (or grandchild) is in trouble and that they need money to bail them out of jail or get help with some medical procedure. In some cases, the scam artists will even use AI to convince you that your family member is there and put them on the phone for a few seconds. The endgame is that they want you to take out a large sum of money and give it to them. This is a heartbreakingly scary situation to be in, but the best thing you can do is take a deep breath and attempt to call the family member in need to speak with them. Chances are they aren’t even aware of the scam that’s being pulled. 

Business Email Compromise or CEO Scams: Your boss isn’t immune to being hacked or impersonated. These scams work by mimicking a CEO or some other executive at the company, sending an email to an employee requesting gift cards or some other payment. The messages are oftentimes sensitive to put pressure on the employee to act quickly.

The solution is easy enough—a quick phone call to the sender will confirm if the email is legitimate or not. The same goes for similar scams on social media, text messages, and anywhere else. 

Think Before You Click

It only takes a few dollars and an hour or two of work to make a convincing website that looks legitimate but is designed to steal your information. Cybercriminals do this all the time, targeting customers of Amazon, PayPal, Microsoft, Facebook, Walmart, Venmo, and virtually every bank.

Fortunately, there’s an easy way to check to see if a link is legitimate. When you hover your mouse over the link, your email client or browser will show you the destination address.

For our example, we’re going to use Amazon.com, and how to spot something suspicious. It’s all about looking for periods in the address, and noting where the periods are.

If there is a period AFTER the domain name of the website you want to go to, then it might be a trap.

• https://www.amazon.com/gp/help/customer/account-issues - This is safe, because there isn’t a period after the .com. 
• https://support.amazon.com/ - This is safe, because the extra period is before the company’s domain name (in this case, amazon.com)
• https://support.echo.amazon.com/customer-support/password-reset - Again, this is safe because there are no periods after amazon.com, regardless of how many subdomains (extra periods) are before it in the URL.
• https://support.amazon.ru - Time to slow down. While Amazon does legitimately have a .ru domain, not every business has every variation of domain extension (like .org, .net, .co, .co.uk, etc.). As soon as you get something you don’t expect, start to scrutinize even more.
• https://amazon.alexaservices.com/help/account-issues - This one is dangerous. This URL is technically taking you to a site called alexaservices.com. We just made that up for the example. Anyone could purchase that domain (or something similar) and spoof the URL to say Amazon before the first period. It’s tricky because it’s easy to miss.

Let’s take a look at another example, using PayPal:

• paypal.com - Safe
• paypal.com/activatecard - Safe
• business.paypal.com - Safe
• business.paypal.com/retail - Safe
• paypal.com.activatecard.net - Suspicious!
• paypal.com.activatecard.net/secure - Suspicious!
• paypal.com/activatecard/tinyurl.com/retail - Suspicious!

Keep in mind, that these URLs above may or may not be real, we’re just making them up for the sake of an example!

Hang Up the Phone

I might be showing my age here, but I honestly miss when the only unsolicited phone calls I would get would be from magazine subscriptions and the telephone company. Sure, they’d always call around dinner time, but the current state of phone scams and telemarketing today is outrageous in comparison.

Here’s the thing, some of these weird scam calls are just trying to check to see if you have a pulse. If your phone suggests that it’s a scam, don’t answer. If you end up taking a call and it’s a telemarketer or survey or anything but a legitimate contact, just hang up. Use your best judgment to determine if it is a legitimate phone call before you answer any questions, and avoid saying things like “yes” and “no” or talking much at all. A simple “hello” and “may I help you” should be enough to get any clarification you need.

Why You Should Never Say “Yes”
Some scams simply want you to say yes, so they can record your voice and use it to claim you agreed to something. Early versions of these scam calls used to simply start out by asking “Can you hear me?”

Not All Scams are Obvious

We’re living in a strange age, and most of us are able to ignore a lot of the oddities. For instance, did you know that during last year’s Super Bowl, about 75 percent of website traffic from Twitter was bot activity? Most social networks tend to have 1-4 percent bot activity like this, so 75 percent should tell you how significant this is. 

We’re seeing similar stuff happening on Facebook as well; AI-generated images with hundreds or thousands of comments from what you must assume are mostly bots, stolen accounts, and grifters. There’s not really an obvious endgame to this type of activity, other than the fact that it’s showing up and spreading across social networks and getting in front of people.

There are a lot of theories on this, and a lot of other “odd noise” happening across the Internet and all of our other communication platforms that simply exist to be just that; noise. One theory is that it’s slowly breaking down peoples’ defenses, while other experts talk about the “Dead Internet” theory, which describes large portions of social networks as just being automated bots interacting with other automated bots. It could be harmless engagement farming, or it could be sneaky, sophisticated propaganda. Either way, we simply live in a world where this stuff is constantly happening, and it’s good to be aware of it.

Stay Vigilant in the Fight Against Cybercrime and Scams!

Keep coming back to our blog, where we often talk about ways to improve your online security, and share our articles with your friends, family, and colleagues. If your business wants to take the next steps to ensure that it is protected in a world where online threats are growing even more dangerous, give Datalyst a call at (774) 213-9701.