No amount of news exposure can stop criminals from preying on potential victims. In the last few years, stories of scamming using emails and other social networking platforms hogged the headlines. Even with all this information, there are still people — even those who are least likely to be victimized — fell for these scams.
The main objective of scammers is to get hold of personal information, especially of bank account details and employing email phishing and social engineering techniques. These are age-old scamming strategies that still, surprisingly, work today.
Cybersecurity company Kaspersky warns people of these scams by blogging about the five most common spammer tricks and how to recognize when it is a scam and how to avoid it.
1. Fake notifications from social networks
Some social media users will unmindfully click on notifications believing they come from friends, families, and networks. Unfortunately, criminals found a way to insert an undistinguishable phishing link where users are asked to enter username and password on a fake login page.
Last year, there were messages that went around on Facebook about messages warning users of fake accounts created using their name and profile photo. Similar strategies like this have made the rounds claiming that a new feature has been introduced and users who don’t give their consent will be blocked. The message will contain a button with a link to a phishing login page.
2. Banking phishing
Because financial institutions have employed tight security measures around its systems, criminals resort to phishing to be able to gain access to one’s user account. Under the pretext of restoring access, confirming identity, or canceling a transaction, the user is asked to enter bank card details (often including the CVV/CVC code or the three digits at the back of the card) on a fake bank website. Upon receiving the data, the criminals immediately withdraw money from the victim’s account. It’s the same story with payment systems, but in those cases, victims are asked only to log in to their accounts.
There are many emails claiming to come from banks asking users to enter bank account details. Many banks have warned their clients that they would never ask for this information and advised them to call the bank instead.
3. Fake notifications from popular services and sellers
Fraudsters will use brand names and popular services and generate fake notifications. If users didn’t bother to double check, they are likely to click on the link and tap whatever they see.
4. Fake notifications from e-mail services
Scammers use this kind of spam to harvest usernames and passwords for e-mail services. One of two common pretexts is typically deployed: Users are prompted either to restore their password or to increase the available space in their mailbox, which is supposedly full. In the latter case, the phishing link promises a manifold increase in storage capacity, which in the era of cloud computing and the ever-growing need for storing large amounts of data does not seem all that suspicious.
5. “Nigerian prince” fraud
Considered to be one of the oldest types of spam, the Nigerian prince fraud will ask anyone to pay a certain amount so they can release a much bigger amount of money. There are those who will befriend someone online, court the unsuspecting user, then tells these potential victims that they will be sending them a gift. A few days later, they will then advise the person that the goods are on hold because the releasing agency wanted them to pay a certain amount. The victim will gladly pay for the amount just to get the gift from the “prince” without knowing that the money is deposited to the account of these scammers.
A variation on the theme involves the scammer posing as a celebrity in a difficult situation. Victims are promised an impressive reward if they agree to help the unfortunate millionaire withdraw funds trapped in various bank accounts. To do so, they must, of course, first send detailed information about themselves (passport details, account data, etc.) and a modest amount of money for paperwork.
The list of spammers’ favorite topics and techniques does not end there, but the five methods described above are the most effective and thus the most common.
Don’t be a victim
Kaspersky advises people to always be careful and be more discerning of the information they receive from their devices. It always pays to double or even triple check, most especially, if it concerns providing personal details and money.
When users receive a message with a notification from a company or service, check that it was sent from a bona fide address. Using Google as an example, the message should come from firstname.lastname@example.org, and not email@example.com or something like that.
In the event that users got curious and decided to follow the link in a message, again, make sure that it’s the real website, not a fake.
Use a reliable security solution with antispam and antiphishing protection — it will detect fraudulent e-mails and warn you clearly.