You might imagine hackers using sophisticated software to break through high-tech firewalls to steal your information. In the real world, criminals use phishing and social engineering attacks to trick people into giving up their credentials or their money. Here are the top five scams that every Redbird should watch out for.
- “There is a problem with your account.” You may receive an email or text message from “tech support” warning you that your account has been compromised. The sender will urge you to reset your password or confirm your credentials by clicking on a link in the message. That link will take you to a page that looks like your login screen. When you enter your username and password, the information is logged, and the scammers now have access to your account. They can lock you out, collect information about others that you may have access to, and use that password on other accounts that you own.
- File-sharing apps containing malware. When scammers compromise an email account, they also gain access to that user’s OneDrive. This allows them to bypass some security protocols by uploading malicious files and sending an invite to that user’s friends or coworkers. Since the link seems to be coming from a familiar person on a legitimate file-sharing service, the recipients click on the link without a second thought and the malware is delivered. Victims may not even know that their computer is infected. Many malware programs log keystrokes or send packets of information that the criminal can hold for ransom or use to compromise more accounts. Recommendation: Do not click on unsolicited file-sharing emails. If you receive a file-sharing link from someone you know without any context, contact that person via phone or a secondary email to confirm that they indeed sent the file.
- Part-time job offers. Working from home and the gig economy have normalized the idea of making money in nontraditional ways. Unfortunately, criminals have devised several scams to exploit our willingness to make a little money on the side. The details of the scam may differ, but the basic outline is this: The victim is offered a job as an assistant. Their new boss sends a check that they either deposit via their banking app or deposit in person. Part of the victim’s duties will be to purchase some gift cards with the money they just deposited. The victim gets to keep a few hundred dollars as the agreed-upon salary, and the boss gets the codes from the back of the gift cards so they can use them. The scammer may send more checks, with a little extra included for the victim’s trouble, before the next “paycheck” for the victim to get some additional cards urgently. Each time the scammer will send a check for a greater amount, trying to maximize the amount of gift cards that they can get. This will usually go on for a week or two until your bank informs you that the checks you deposited were fraudulent and your account has been closed.
- “Can you pick up some gift cards?” If you receive an email from a friend, family member, or coworker asking for gift cards, contact them right away via phone or some other method. Scammers will use compromised email accounts to trick you into sending them gift cards. As with other gift card scams, their goal is to get you to send them the code on the back of each gift card, so that they can get the value out of it. If anyone asks you to purchase a gift card and give them the code, don’t fall for it.
- Crypto investment scams and rug pull scams. Scammers prey upon rising interest in alternative currencies and new technologies such as Non-Fungible Tokens (NFTs) to extract value. Cryptocurrency investment scammers offer their victims services with up-front fees to make in huge returns buying cryptocurrencies. The scammers coordinate phony accounts to purchase the victims’ initial crypto back from them at an inflated price. This quick profit incentivizes the victim to invest and transfer more. The scammers will usually get their victims to invest thousands of dollars before disappearing and closing their accounts. The victim is left with crypto that is worth a fraction of what they invested.
A “rug pull” scam is similar but involves the scammer creating an NFT or new cryptocurrency, attracting investors to the new project. They pull out before the project is built, leaving investors with worthless currency. Cryptocurrency projects are regulated by “smart contracts,” agreements governed by computer software, not the legal system. This setup can be a benefit when it reduces transaction costs, but it also leaves little recourse if things don’t work out. You can protect yourself from these types of scams by investing in established cryptocurrencies and reading the smart contracts carefully of any NFT that you are considering investing in. You should be skeptical of anyone offering to manage your crypto by investing for you and never give anyone access to your digital wallet.