When you receive email or phone calls, use social networking sites, or shop or browse online, you should be very cautious of scams that try to steal your personal information (identity theft), your money, or both.
Scams can contain the following:
- Alarmist messages and threats of account closures.
- Family or friend in duress and in need of immediate cash. Please call the requesting party on a phone number you know to be correct and to verify their request. It is quite possible their email has been compromised.
- Promises of money for little or no effort. Cybercriminals will often offer to send fraudulent cashier’s checks or money orders in exchange for a smaller processing or handling fee while you get to pocket the difference.
- Deals that sound too good to be true.
- Requests to donate to a charitable organization after a disaster that has been in the news.
- Cloning of popular websites or companies. Scam artists use graphics in email that appear to be connected to legitimate websites, but actually take you to phony scam sites or legitimate-looking pop-up windows.
- Links shown in email don’t match the actual link. If you see a link in a suspicious email message, don't click on it. Rest your mouse (but don't click) on the link to see if the address matches the link that was typed in the message.
- Spelling and bad grammar. Cybercriminals are not known for their grammar and spelling. Professional companies or organizations usually have a staff of copy editors that will not allow a mass email like this to go out to its users. If you notice mistakes in an email, it might be a scam.
Here are some popular scams that you should be aware of:
Scams that use the names of well-known companies.These scams include fake email messages or websites that use names such as ADP, FedEx, UPS, Amazon, eBay, Paypal, etc. The email message might claim that you have won a contest, ordered a high priced item (e.g. large screen TV), about to receive a shipment, offer employment opportunities, or that a Microsoft representative is contacting you to help you with your computer. (These fake tech-support scams are often delivered by phone.)
Scams that use the names of relatives, friends, or business contacts.These scams will often claim that there is some sort of emergency and that they are out of reach and can only be contacted by replying to the scam message. The types of claimed emergencies can include medical issues, theft while travelling overseas, or urgent business dealings. Often times you will recognize the sender’s email address as being correct, but in fact that email account may have been hacked or your email hacked to make it appear from someone in your contact list. If you receive an email from a friend or family member that seems out of character or that is urgently requesting money, please call the requesting party on a phone number you know to be correct and to verify their request. It is quite possible their email has been compromised.
Scareware.Rogue security software, also known as "scareware," is software that appears to be beneficial from a security perspective but provides limited or no security, generates erroneous or misleading alerts, or attempts to lure you into participating in fraudulent transactions. These scams can appear in email, online advertisements, your social networking site, search engine results, or even in pop-up windows on your computer that might appear to be part of your operating system, but are not.
Rogue security scams can also purport to detect illegal activity that you were involved with. These scams can claim to have found illegally downloaded music, video or software or other highly illegal items such as child pornography. This “ransomware” will often ask for payment to remove the illegal items or demand payment to avoid legal or criminal repercussions. These scams can seem very official sometimes claiming to be the Federal Bureau of Investigation, Department of Homeland Security, or software providers such as Microsoft.
What to do if you think you have been a victim of a scam
If you suspect that you have responded to a phishing scam with personal or financial information, take these steps to minimize any damage and protect your identity.
- Run a full anti-virus/anti-malware scan of all your computers and laptops. Complete this first before changing any passwords or PINs for online accounts.
- Install Trusteer Rapport on all your computers and laptops you use to conduct any online transactions to remove or prevent financial malware from operating.
- Change the passwords or PINs on all your online accounts that you think might be compromised. This includes online bank accounts, online shopping accounts, email accounts, etc.
- Place a fraud alert on your credit reports. Check with your bank or financial advisor if you are not sure how to do this.
- Contact the bank or the online merchant directly. Do not follow the link in the fraudulent email message.
- If you know of any accounts that were accessed or opened fraudulently, close those accounts.
- Routinely review your bank and credit card statements monthly for unexplained charges or inquiries that you did not initiate.
Additional information and references
- Snopes - http://www.snopes.com/fraud/topscams.asp
- eBay - https://pages.ebay.com/securitycenter/protect_your_information.html
- Craig’s list - http://www.craigslist.org/about/scams
- FBI - http://www.fbi.gov/scams-safety/e-scams
- Trusteer Rapport - http://learn.firstrepublic.com/trusteer