It’s Fraud Awareness Week, the perfect time to bring attention to the many new ways that scammers are trying to defraud people via technology. Online scams and fraud are not only more prevalent than ever, scammers are reaching out in newer ways, going beyond e-mail to text messaging, instant messaging apps, and even social media and targeting people through everything from romance scams to travel and leisure scams, and employment scams. The methods are clever and if they reach you at the right time, even the most aware person can fall victim.
According to Shred-It’s 13th annual Data Protection Report (DPR), the number of data breaches are currently in line with the all-time high, which was set in 2021. This has not only implications for customers but also brands: 81% of customers in a Ping Identity consumer report cited by Shred-It said they would stop engaging with a brand online if there was a data breach. What’s more, data breaches have costed Canadian businesses more than $5.1 million.
Newer Types of Scams
Most people know the basics: don’t click on a link in an e-mail from an unknown source, even if it looks legitimate. Check for telltale signs that it’s not real, like weird fonts, incorrect spelling, a sender e-mail that doesn’t match the name, and so on. When in doubt, don’t panic and immediately believe that your Netflix account has been hacked. Reach out to Netflix’s 1-800 number or the help e-mail provided on the website and confirm before doing anything further, including clicking on any link in an e-mail.
When it comes to social media, e-mail, and even instant messaging, there are new types of scams emerging. Here are some examples based on my own experience and those of others I know.
Instagram Help
Recently, I received a direct message on Instagram that was purportedly from Instagram Help. It indicated that a copyright complaint was filed against a recent post and I needed to appeal this or my account would be deleted. At first, it looked totally legitimate with the account icon displaying the Instagram logo. I thought perhaps an image I had posted from a local retail store could be the offending ones, or maybe a post with music in the background. Upon further inspection, I realized the logo icon was not identical to the real Instagram Help logo icon. When pressing the person about which photo specifically was problematic, they continued to insist that I click the link and follow the steps to avoid account deactivation. At this point, I was certain it was a scam given the bad grammar used in the reply. I instantly reported the account as fraudulent. Going back to my Instagram direct messages now, the sender now shows as an unverified Instagram User.
E-Mails With Sense of Urgency
By now, most people instantly delete those silly e-mails that claim you have just inherited a million dollars or won a prize. The messages that your bank account will be suspended are transparent as well, especially considering you’ll often receive similar messages from all major banks in the same week, with the sender hoping to land on the right one eventually. But these scams are becoming cleverer. I consistently receive messages about a UPS package waiting for me that could not be delivered because it was sent to the incorrect address. The missive then requests that I reply with my correct mailing address. UPS labels typically don’t include e-mail addresses so how would the company have mine to link to a package in the first place? The e-mail is clearly from an arbitrary e-mail address that has nothing to do with UPS (despite the adorable package icon in the sender field). Nonetheless, it’s easy for someone like me who receives tons of packages to see this and immediately think it’s legitimate. It’s not.
There’s another scam method via e-mail that attempts to capture you in a state of panic. The one I received reads “a user just logged into your Facebook account from a new device iPhone 11 Pro.” It looks legitimate, especially since some social sites actually do send e-mails like this if a login is detected on a different device than your usual one (both Apple and Google, for example, do this). There’s even an authentic looking disclaimer at the bottom. Having several friends whose Facebook and Instagram accounts were hacked recently, it would be simple for someone busy like me to frantically tap the button “Report the user” in hopes of saving my account. But a few telltale hints make it clear this message, which was picked up by my e-mail spam filter, is not real. First is the spacing in the word Facebook. Second is the random e-mail address from which it comes. Clicking this, I can also see that the “Reply to” field is filled with other e-mail addresses.
Sponsored Posts With Fake Deals
One of the most difficult scams to spot are fake sponsored posts on sites like Facebook. These attempt to replicate the official accounts of local businesses and offer ridiculous deals that sound too good to be true. When it comes to things like kids’ events and venues, parents anxious for getting the best price might just quickly jump on board to buy thinking they might miss out then realize it’s a scam once it’s too late.
One such ad recently popped up in my Facebook account purportedly to offer a fantastic deal in celebration of the Toronto Zoo’s 50th anniversary. Next year would indeed mark the 50th anniversary of the zoo. But a quick search shows the official Toronto Zoo Facebook page uses a completely different profile image. What’s more, the deal doesn’t appear on the official Toronto Zoo page. The link also takes you to a Shopify page (presumably a fake one) versus the actual Toronto Zoo website where tickets are typically purchased. All these are red flags that this deal isn’t legitimate at all.
Instant Messaging Employment Scams
Scammers are preying on the fact that many people are out of work and desperate for a job. I have found that lately, my instant messaging apps have been infiltrated with spammers and scammers. While I haven’t experienced anything through the secure Signal app, WhatsApp is a different story.
A recent one, for example, came from someone claiming to be from an advertising media marketing center online, which immediately sounds like a made-up company using a bunch of keywords that might relate to my job. It says they are looking to recruit staff to work for only an hour per day. The vagueness of the message and the fact it comes through WhatsApp versus an app like LinkedIn instantly suggests this is a scam. Another one I received in the summer promises a ridiculous earnings of up to $10,000 a day, something that will surely gain the attention of someone looking to make a quick buck.
Text Messaging Banking Transfer & Other Scams
WhatsYourTech’s Yasmin Ranade had her own experience recently. She was expecting funds and, at the worst time (but perfect timing for scammers), received a text message that an e-transfer deposit needed to be confirmed. Since she happened to be expecting one, she clicked the link only to clue in immediately after that it was a scam. She quickly changed her online banking password, contacted the bank, and had her debit card cancelled and a new one sent. These scams are sent repeatedly in the hopes of catching people during a time when they are indeed expecting money or a package delivery, for example. They’re more likely to quick right away. Even if the reality that it was a scam kicks in immediately after, it might be too late. This proves that with the right timing, even those who are acutely aware of these scams can fall victim.
Text messaging scams run the gamut. I have recently received fake text messages claiming to be from Snapchat, notifying me that I have friends on the social site with a link to click and view their details. While I do have a Snapchat account, it is not linked at all to my phone number, nor does Snapchat send text messages encouraging you to login.
What Should Small Businesses Do?
These scams prove that no business is immune, even the most educated individual can fall victim in the heat of the moment, and scammers continue to find new and unique ways to target you. From a business perspective, this makes keeping consumer data protected more crucial than ever, especially for small businesses that can be crippled by an attack. Despite the majority (81%) of small business leaders in Canada saying they are concerned about future data breaches, according to the Shred-It study, only 60% say they are proactive about data and information protection.
Training and education are one of the most important things you can do since many data breaches start not with a complex technological hack but rather human error. Only 15% of small business leaders require their employees to take any training and 63% say they don’t have a reliable source to maintain relevant policies and training.
Third-party partnerships are also recommended by Shred-It. Of those who already have a third-party partnership in place for a compliance strategy, 90% say they feel it’s deeply valuable. Forty-seven per cent of small business leaders don’t have a current third-party partner at all.
“Small business leaders need to be proactive and allocate more budget upfront or risk significant revenue loss that is difficult to recover from,” says Michael Borromeo, Vice President of Data Protection at Stericycle, parent company to Shred-It. “They have an opportunity to protect themselves by offering regular employee training and developing an understanding of the shifting data protection regulatory landscape — both of which a trusted third-party partner can provide valuable guidance.”
Learn more about how to combat cyberattacks from our recent interview with Jon Ferguson, General Manager of Cybersecurity & DNSat the Canadian Internet Registration Authority (CIRA).
-30-
More on Cybersecurity