Although email and telephone scams are nothing new, as consumers have caught on to the tricks used by scammers the bad guys have gotten more creative. Scams are now more personalized to trick victims into falling for them.
Instead of sending the same badly-written email to millions of people, criminals use information from social media and website hacks to fool victims into thinking they know more than they do. An example is the sextortion scam we wrote about last year. In that scam, potential victims received emails with one of their passwords in the subject line. They were told that the scammer had hacked their computer and had embarrassing video of them watching porn that would be sent to everyone on the victim’s contact list if they didn’t pay hundreds or thousands of dollars in Bitcoin to the bad guy. The victim’s password in the subject line served as “proof” of the hack. Spoiler alert: there was no hack and there is no video.
Fortunately, relatively few people fell for the trick, but it was successful enough that the scam is still going strong today. Some scammers, though, use more extensive information gleaned from social media sites, such as Facebook, Twitter or Instagram, to make the scam more convincing. In the grandparent scam, the victim receives a call from someone claiming to be a grandson who is in the hospital or jail and needs cash. The victim’s social media accounts may contain information the scammer can use to craft a credible story. Using the names of family members or pets, information about a recent family vacation and other data mined from social media, a scammer may be able to convince a confused and frightened relative that a family member needs help.
Here are some signs that you are looking at a scam:
- There’s a huge sense of urgency. Scammers want you to act fast, before you can think about what you are doing or talk to someone else who might spot the scam.
- They use untraceable payment methods. Be suspicious when they ask for untraceable payment methods such as Bitcoin or gift cards.
- The sender email doesn’t match. The scammers may use a familiar sender name and a non-matching email address. If the sender name and email address don’t match, you have extra reason to believe you are looking at a scam. (See Five Ways to Spot a Phishing Scam for more tips.)
- Finally, trust your instincts. Even if you can’t quite put your finger on why an email or phone call doesn’t seem legitimate, don’t disregard that feeling. Before you respond, verify email requests over a different channel, such as in person or over the phone. Also, it never hurts to do some Googling to see if others have reported similar attacks.
SANS.org recommends that when you receive a suspicious email you should search for some of the text on Google to see if others have reported being targeted by similar scams.
