Phishing scams have been on the rise in recent days, all too often taking hundreds of thousands of innocent victims to the cleaners and leaving them red-faced and with little-to-no money left in the bank.
To make matters worse, we're all vulnerable. - from mom, dad, even the kids to CEOs of big companies. In fact, for businesses alone, a recent FBI report shows that since January 2015, email scams account for a stunning $3.1 billion in losses.
What is a phishing scam? In short, phishing scams come in the form of emails. These emails will hit your inbox and usually pose themselves as coming from a legitimate business that needs your attention on some matter. From there, they attempt to get you to click on their spoofed, fake and malicious links - which is all the scammers need to gain access to a treasure trove of personal information like credit card numbers, personal data or usernames and passwords to SomeSite.com.
In order to stay protected from these seriously scary scams, you need to know what to look for. Today, I'll show you five of the latest phishing scams to be aware of and point out all of the red flags, because sometimes the best defense is a good offense. Are you ready?
One of the biggest scams that has popped up since the extremely popular Pokémon Go app was released on July 6 is a phishing scam that claims you need to pay for a $12.99 game upgrade.
The scam includes an email with the following message: "We regret to inform you that due to the overwhelming response to our new Pokémon GO app and the need for more powerful servers we can no longer afford to keep your account as free. Your account will be frozen in 24 hours if you do not upgrade."
Users are then asked to sign up for this new paid version. The paid version is fake, of course, but as gamers sign up the hackers collect all of their account login information.
What to do: Don't be gullible. Know that the game is free. Always be wary of emails labeled "urgent" and require immediate action. Nintendo also would never freeze your account.
Netflix Payment Scam
Hackers who refuse to pay for their streaming services are stealing your Netflix logins and passwords and selling them online, in the Dark Web, for as little as $0.25.
It all starts out as a phishing scam, which uses social engineering, fake sites and malware to trick you into coughing up your credentials. Oftentimes, the victim will be sent an email that claims something was wrong with their payment verification. However, the emails look legitimate, and that's what takes the cake. Next, the victim enters their payment information, only the money doesn't go to Netflix. Your information and payment card numbers are now in the hands of a criminal.
What to do: Educate yourself on the surefire signs of a phishing email, such as typos, spoofed addresses, suspicious "From" lines and more. Click here to take our Phishing Quiz and see if you can spot all the red flags common to all phishing emails.
You'll also want to take control of your Netflix account and kick off anyone who may be intruding. Follow these instructions.
Game of Thrones Scam
The hugely popular hit HBO show "Game of Thrones" was the most pirated program in 2015. It's been a constant problem for HBO and the company often has to send out warning emails to users and take down demands to torrent sites.
But now, even if you're not pirating "Game of Thrones" you could get one of these notices - but it's not what it seems. Scammers have started to send spoof warning emails from HBO in order to get victims to to send over some serious cash. Click here to see an example of the phishing email vs. HBO's real cease and desist letters.
The spoof emails instruct the victim to pay a few hundred dollars as part of a settlement for being caught pirating Season 6, Episode 10 of "Game of Thrones." The email later says you only have 72 hours to complete your settlement, otherwise further legal action will be taken.
What to do: The email is very convincing and could fool nearly everyone. It is professionally-worded and has minimal typos. So in this case, the best defense might be knowing what HBO's real cease and desist letters look like. Click here to see it. It's important to note that the real cease and desist letter doesn't demand money and there's no time limit. It also specifically names the IP address, whereas the fake email doesn't.
Facebook Friend Request Scam
You're sitting on Facebook. Suddenly, you get a friend request. Everything is pretty common. It happens all the time. You probably wouldn’t think twice about accepting a friend request from a familiar face or longtime friend. But you have to ask yourself: “Am I already friends with them?” If the answer is yes, the request is likely a scam by a criminal up to no good.
The new tactic works like this: A criminal re-creates a random person's existing Facebook profile using that person’s profile picture and “About” information. The criminal then uses the phony new profile to send friend requests to the real person’s Facebook friends.
If you accept, you’ve just given this stranger access to the many personal details on your profile: status updates, location, date of birth and photos. Those simple details, in the hands of today’s cyber criminals, can be used to steal your full identity and wreak havoc with your entire life. Posing as you, the scammer can also message your friends asking for money or trying to meet up in person.
What to do: If you get a friend request from an existing friend, verify that the request is real. And of course, be very wary of friend requests from people you don’t know.
Your best way to stay protected is to tighten your security settings so that only your Facebook friends can view your profile, photos and other info. Also, go into the “Friends” section of your activity log. At the top, it says, “Who can see your friend list?” In the drop-down, select “Friends,” rather than “Public.”
Business Email Compromise Scam
This type of attack is so good at what it does, it goes by three different names. Known as B.E.C. scams (business email compromise), CEO Fraud Scams and Payroll Attacks, this scam is on the rise and has been taking some big businesses, like Snapchat, to the cleaners.
In this scam, an employee at a company receives an email, seemingly from the company CEO or someone in the payroll department. It's a quick email asking for, let's say, payroll information, or a quick money transfer.
The employee doesn't bat an eyelash, assuming the email is nothing out of the ordinary, responds, or clicks on a malicious link and all of a sudden sensitive information of the company and its employees is in the wrong hands.
What to do: This scam has gotten so big, the FBI had to step in and issue the following guidelines:
- Be wary of email-only wire transfer requests and requests involving urgency.
- Pick up the phone and verify legitimate business partners.
- Be cautious of mimicked email addresses.
- Practice multi-level authentication.
If someone in your company falls for one of these scams, the FBI urges you to:
- Contact your financial institution immediately.
- Request that they contact the financial institution where the fraudulent transfer was sent.
- File a complaint—regardless of dollar loss—with the IC3.
General Ways to Stay Safe
Scammers are getting trickier by the day, so you'll have to stay one step ahead of them. One way to do this is to know the warning signs and red flags to look for before clicking on any links or sending out any sensitive information. Here is a list of the general things to look for in any email that you find suspicious:
- Keep an eye out for typos and bad grammar within the body of the email.
- Be able to identify where the email is coming from.
- Hover your mouse over any links before you click to see the site it is pointing to.
- If links are provided to go to a website, don't click it. Navigate to the company's site yourself without the link.
- Be wary of email-only wire transfer requests and requests involving urgency.
- Be cautious of mimicked email addresses. If an email claiming to come from Amazon.com has the return email address as gmail.com (for example), it's a scam.
- Practice multi-level authentication, which means you have at least two forms of verification, such as a password and a security question before you log into any sensitive accounts.