Scams over email, social media, and even text messages are becoming more sophisticated as our technology evolves. With the growing use of AI tools like voice-cloning and deepfakes, scams are becoming more and more difficult to recognize, as witnessed in the case of a Hong Kong office employee who was tricked into transferring nearly $26 million to scammers after a video call with deepfakes of their co-workers. We’re not saying all online scams have such extreme consequences, but to save yourself the headache of wondering if your identity, logins, or money have been stolen, we’ve outlined some tips to help keep you safe in the digital world.
 

Types of Scams

Email has long been a favoured medium for spammers due to its widespread usage and relatively low barrier to entry. Some of these scam emails can easily be identified with their urgent subject lines, too-good-to-be-true prizes, and obvious desire to access your private information. However, there are a growing number of scams that can trick even the most experienced internet users. 

Phishing Emails: These deceptive emails masquerade as legitimate communications from trusted entities, such as banks or government agencies, in an attempt to trick recipients into divulging sensitive information like passwords or financial details.

A popular example is CEO Fraud, a scam in which cybercriminals impersonate executives through company email accounts to trick employees into executing unauthorized wire transfers, or sending confidential tax information.

Malware-laden Emails: Some spam emails contain malicious attachments or links that if clicked can infect your device with malware or ransomware, compromising your security and privacy.

Common scams:

• Fake texts from the government
• Surveys and Quizzes to gather info for passwords and other identity factors
• “Is this you in this photo?”
• Fake Job Offers
• Lottery winning
• Authentication code requests
• Failed transactions from subscription accounts 

Social Media: With their vast user bases and interconnected networks, our favourite social media platforms provide fertile ground for spammers to propagate their schemes. Fake accounts to impersonate real users or organizations, scammers use them to disseminate fraudulent offers, links to malicious websites, or deceptive content. Comment sections of popular social media posts are also prime targets for spammers looking to share their links or promotional messages, and are usually irrelevant to the post's content, likely leading to phishing sites or scams.

Common scams:

• Accounts selling fake products (multi level marketing), or get-rich-quick-schemes enticing you to click a link
• Dating or romantic messages from strangers
• “Fun” Quizzes
• Messages from a relative or friend "starting new page" (cloned profile) sending you a link, or asking for money

How to Identify Scams

Trust your instincts! When an email or direct message asks for personal information (login info, mother’s maiden name, home address, etc.), your barriers should go up. If you’ve received a suspicious email from someone you know, the easiest way to verify is by reaching out to the individual directly, ideally through a different channel. For messages asking to update credit card information, or mentioning a failed transaction, the easiest way to confirm this information is by logging into your account, checking for any related notifications, and reviewing your payment history and settings. 

Here is an example of an email sent from a fake Meta Support account describing a “copyright issue” with this user’s ads.

Image

1. Check the Sender: Scrutinize the sender's email address or social media profile. Legitimate entities typically use recognizable domain names or verified accounts. If you’re unsure if the “Meta” account is actually from Meta, you can check their active emails here: https://www.facebook.com/business/help/372703956148310
    
2. Verify Links and Attachments: Hover over links before clicking on them to check their destination URLs. Be wary of downloading attachments from unknown sources, as they could contain malware. Additionally, if the link seems out of place in the body of text, think twice before clicking!
    
3. Evaluate Content: Be on the lookout for poor grammar, odd placement, spelling errors, or overly sensational language, as these are common indicators of spam.
    

I Clicked a Possible Phishing Link, What Should I Do?

If you suspect you’ve clicked on a phishing link, the first action you want to take is disconnecting your device from the internet to avoid potential malware from spreading. Next, scan your system for viruses. Most operating systems have built-in antivirus software, but if you’re unsure of how to find it, there are a number of free and paid options online. It’s recommended to use another device to download the software online, then transfer it across to the affected device with a USB. 

After this, it’s a good idea to change your credentials for banking, social media, shopping accounts, and more. As a preventative measure, we strongly recommend having 2-factor authentication set up for most if not all important logins of both personal, and organizational accounts. Avoid making the mistake of using the same login and username across various accounts (we’ve all been guilty of this, but it’s one of the biggest cyber mistakes you can make!).
 

Conclusion

By familiarizing ourselves with the common types of scams and honing our ability to identify them, we can navigate the digital landscape with confidence and avoid falling victim to malicious schemes. The next time you encounter a suspicious email or social media post, remember to pause, evaluate, and proceed with caution. Stay vigilant, stay safe, and happy browsing!