fly-d-C5pXRFEjq3w-unsplash.jpg

Tags:

Watch Out for Phishing Scams

23 February 2023

The proliferation of phishing scams continues. Here are some new fraud schemes you should look out for, as well as twists on well-known varieties that have worked in the past.

Bogus IRS Inquiries

With the spring tax-filing season upon us, phishers are out in full bloom. Many scams involve perpetrators claiming to represent the IRS or other government officials. The perps may call regarding back taxes and request immediate payment. They may even threaten you with severe penalties, wage garnishment, home foreclosure and jail time if you don't pay promptly.

Don't be fooled by this ruse. The IRS doesn't call, text or email debtors. Only respond to IRS inquiries that come through USPS mail. Contact the IRS through its main website to verify the legitimacy of any communications. 

Phony Phone Interactions

Phishing by phone — also known as "vishing" for voice phishing — comes in many forms, such as:

Robocalls. These automated calls encourage you to buy products, check your account status or avoid penalties. A high-tech version even responds to your voice.  

Unsolicited texts. You may receive texts that ask you to click on a link to a bogus website resembling one run by a well-known company. When you click on the link, malware might be installed on your device. Or you might go to a phony website that requests account information that the fraudster can use for nefarious purposes.

Voicemails from unknown callers. A voice message to your cellphone may attempt to install an app that steals your vital information.

Sketchy QR codes. A quick response (QR) code allows you to scan a menu or buy products online. But QR codes from imposters can result in unintended purchases. 

Student Loan Forgiveness Frauds

In the fall of 2022, the White House announced plans to provide forgiveness of up to $10,000 in federal student loan debt for individuals making less than $125,000 annually ($250,000 per year if you're married). The plan has hit legal roadblocks, and the U.S. Supreme Court will hear the case in its current term. If the loan forgiveness plan is allowed to move forward, debtors will need to apply to the program to obtain relief — and scammers are expected to jump on this opportunity to steal personal information.

For instance, you may be contacted by phone or email to apply for student loan forgiveness at a fake site. Naturally, you'll have to provide your Social Security number or sensitive bank account information. The scammer can use this information to steal your identity, charge you an application fee and/or access your accounts.

Important: If the courts allow the Biden administration's program to proceed, there won't be any cost to apply for student loan forgiveness. You also won't be contacted by the IRS, the U.S. Department of Education or any other federal agency to submit an application.

SIM Card Schemes

A newer scam targets subscriber identity module (SIM) cards. In plain English, a SIM card is a memory chip in a cellphone that holds personal information. It relies on a 17-digit number to identify the country, carrier and user of the cellphone.

Using a stolen SIM card number, a criminal can assign a new SIM card to use for other purposes. (This is similar to the process you go through when you buy a new cellphone and transfer data.) The scammer may log into your account and enter the verification password or even reset it — possibly even locking you out of your data.

OTP Bots

Comparable to SIM card abuse, a one-time password (OTP) bot allows a scammer to extract passwords from consumers. These programmed bots call victims and trick them into divulging their two-factor authentication codes. Then they use these codes to authenticate and complete unauthorized transactions from the victim's personal accounts.

The call or text usually appears to come from a reputable financial institution. After you provide the code, it's too late to undo the damage. The scammer has unfettered access to your accounts.

Cryptocurrency Crimes

According to recent statistics, about 21% of Americans own Bitcoin or another cryptocurrency. If you want to invest in cryptocurrencies, learn as much as you can about how they work and deal only with reputable brokers. Otherwise, you could be lured into a scam.

The exact methodology of these frauds varies. For example, one scheme involves bogus contests, events or prizes for investing in cryptocurrency. The victim is lured into providing login information to take advantage of the supposed investment opportunity.

Payment App Ploys

Increasingly, people are using smartphone apps to make or receive payments for transactions. Examples include Zelle, Venmo, PayPal, Apple Pay and Bill.com. Although these apps are easy to use, they can expose you to potential scams.

For example, crooks could call, email or text you and pretend to represent a bank or credit union. Then they might say your account shows suspicious activity and help "walk you through" the security process. Typically, they'll ask you to send money to yourself as a test, but the funds go to the scammers — not you.

Problematic Online Purchases

With this long-time scam, unscrupulous online sellers offer deals that are the "next big thing" or "too good to be true." They may solicit you through websites, social media platforms and e-commerce stores. Some scammers entice you to pay for goods or services that you never receive. Others charge you for items you never ordered.

In one version, the con artist purchases the item you want with someone else's stolen credit card, or a fake card, and pockets what you think you paid for it. And sometimes no one is the wiser. If you fall prey to one of these scams, contact your credit card company immediately. Depending on the circumstances, the company might credit your account for products or services you don't receive or ones you didn't actually order.

Employment Ploys

Some scammers focus on job-hunters. And the recent spike in high-profile layoffs — from companies like Twitter, Google, Goldman Sachs, Disney, Salesforce, Amazon and Microsoft — could escalate these scams in the coming months.

How do these ploys work? Scam artists might contact you to discuss a prospective job opening. Then they could try to cull personal information that will lead them to your bank accounts. Such schemes have become prevalent in the wake of the pandemic because face-to-face meetings aren't as common.

Alternatively, the scammer may coerce you into paying for training sessions or equipment you supposedly need for a job. When the offer doesn't come through, you'll be out the money. Or a company may send you an invalid check that's too high and ask you to return the excess.

Social Media Dating Debacles

As the number of websites and social media apps devoted to online dating grows, so too have phishing ploys associated with them. According to the latest statistics, nearly 70,000 Americans were victimized by "romance scams" in 2022, costing them about $1.3 billion. And that's only the cases that were reported — the actual losses are almost certainly much higher.

Generally, scams are a version of "catfishing," whereby someone creates a fake profile to "meet" and build trust with a victim. Eventually, the catfisher asks the victim to send money to fix a fictitious problem — such as a medical emergency or temporary cash crunch. Unwary victims might even allow scammers to deposit personal checks to or make withdrawals from their accounts.

Remain Vigilant

You can be sure that additional scams will debut in 2023. Take proactive measures to protect your assets. (See "Staying Safe," below) And adopt a healthy dose of skepticism if you're contacted out of the blue. If you fall victim to one of these schemes, report it to law enforcement and contact your financial and legal advisors to determine the best way to resolve your situation.


Staying Safe

 

How can you protect yourself against phishing scams? There's no foolproof method, but some common sense helps. Consider these five helpful hints.

 

  1. Be suspicious. Scammers can sound legitimate and use emails that closely replicate communications from reputable sources. Instead of clicking on links in emails or texts, type the company's website address directly into your browser.
  2. Use multifactor authorization for financial accounts. Providing two or more verification factors to gain access to your accounts can be a hassle if you're logging in frequently. But it's a strong deterrent to scammers who try to trick you into revealing personally identifiable information. 
  3. Protect your phone. Many scams start with a prompt response to an inquiry on your phone from a call, text or email. If you can't identify a caller right away, don't answer. You can always call back after you verify the source.
  4. Do your homework. Before you make a purchase or sign up for a service, research it on the Internet, including any online or social media reviews. A company without an online presence is immediately suspect.
  5. Verify payment requests. Whether it's a regular payment or reimbursement for an overpayment, don't provide any money unless you're absolutely sure about your responsibilities. Go back to the source to confirm your obligations.

 

Back to News