The art of scamming is a time honored fraudulent practice. Scamming results in good ROI (Return on Investment) for perpetrators, and spells trouble for victims. Fraudulent practices like scams and schemes occur both in the offline and online world. Both practices operate in the same fashion but on different platforms.
There are more than four billion netizens online today. These billions of internet users are interacting with a vast amount of different services, applications, and web pages. This means that the possibilities and opportunities for cybercriminals are endless. On another note, it makes hiding much easier for them too. Cyber incidents involving the exploitation of vulnerable internet users, their data, finances and sensitive personal information occur dozens of times every minute, all over the world. To put it into perspective, financial losses incurred from cyber incidents are on par with natural disasters.
This is why it is important to understand what a cyber scam (internet scam) is, the types of cyber scams out there, and finally how to protect against them. What can you do after you have already been scammed, is the most important question to ask. Thankfully, today there is a substantial cybersecurity knowledge base from which tips and recommendations can be drawn to help internet users protect themselves from such risks.
A Brief Look at The Worst Cyber Scams
Throughout the years, the world has fallen to several types of cyber scams. All scams are not equal, because some are no longer utilized, while others that have existed for decades still reap dividends for cybercriminals to this day. Cyber scams have cost the U.S. billions of dollars per year, as it stands today, with the average victim losing almost $500 on average in each scam. Some of the most serious cyber scams that are still active today are; Nigerian 419 scams, Indian IT call-center scams, and counterfeit services and goods scams. Adding to this list is everything imaginable from lottery scams, romance scams, illegitimate check scams to social security scams. Practically any service or product can be a part of a cyber scam. This is why it is important to be armed with safe internet usage best practices as well as good cybersecurity knowledge. Especially, if one becomes a victim of a cyber scam.
Types of Cyber Scams
Cyber scams come in numerous forms and various types of attack schemes and methods. All cyber scams have a ‘social engineering’ component intrinsic to them because scamming someone involves sharp manipulative social skills to trick a victim into divulging valuable information. Technically, most of the notorious cyber scams come in the following forms;
- Phishing, spear-phishing, vishing, smishing, and pharming
- RAT attacks
By far the most popular, and most successful, method of scamming belongs to the phishing social engineering category. This is simply because email-based scams are by far the easiest to orchestrate, with the least resources expended. For example, phishing campaigns orchestrated by cybercriminal groups can reach millions of people via email with a minimal financial outlay by the criminals. Cybercriminals can even automate this email process, sit back and wait for internet user credentials to be ‘harvested’. Email-based scams affect absolutely everyone, from regular citizens to the largest corporations. Statistically speaking, almost 25% of all phishing attacks worldwide were focused on financial institutions. In second place was social media, resulting in 24% of all phishing attacks. A close third is the Saas/Webmail sector. As far as the ‘victim count’ is concerned, phishing is the leader by far again, followed by non-payment/non-delivery scams and extortion in third place. Personal data breaches, identity theft, and spoofing are much lower on the list, but undoubtedly still cause damage and plague the economy.
What to do in an Event of a Scam And How to Stay Safe From Cyber Scams
First of all, it is important to look at what to do if one is already involved in a cyber scam. Following this, recommendations and tips will be given on how to prevent cyber scams in general. There are several steps to take if one has already been involved in a cyber scam. This can fall into the following categories;
- If a scammer has successfully accessed a device
- If a scammer has access to personal information
- If a scammer was paid
It is primarily important to note that a scam can be identified most easily via any unauthorized changes or charges across user accounts.
Firstly, in the unfortunate event that a scammer has successfully received payment from a victim, it is crucial to remember that the individual immediately contacts the financial institution, reports a fraudulent charge, and requests for a transaction reversal. Secondly, if it is confirmed that a scammer has access to personal information it is recommended by the U.S. Federal Trade Commission to visit IdentityTheft.gov. Furthermore, if a scammer has access to username and password credentials, one should immediately change their password across all devices and ensure that they are unique, long, complex, and stored in a safe place offline. And thirdly, if it is confirmed that the scammer has accessed a personal device (laptop, smartphone, or other) then it is recommended that one runs an antimalware and antivirus scan on the device. Otherwise, individuals should contact their service provider for support as well as change the account credentials immediately. Scams can also be reported directly to the Federal Trade Commission (FTC.)
Internet Safety Best Practices
In general, there are a few steps to take to avoid cyber scams in the future which are the following;
- Using a premium Virtual Private Network or VPN when connecting to the internet will obfuscate the connection and make it difficult for cybercriminals, data collection agencies, and marketing companies to track individuals online
- Making sure that no suspicious emails are opened, especially to avoid clicking on suspicious attachments from unknown senders
- Installing and running a premium antimalware software, as well as a premium antivirus at all times
- Avoiding oversharing and divulging personal information over social media
- Being suspicious of any email urging payment, help, or any bizarre claims
- Checking that the website being visited has an HTTPS lock sign in the address bar
- Cross-checking the URL address by doing an online search, to determine whether the website is real or a scam
- Applying spam filters to user email
- Keeping software on all user devices automatically updated
- Using multi-factor authentication across all accounts wherever possible
- Backing up as much data as possible
- Applying a WHOIS lookup online to check who the owner of the website domain is
Sticking to the above recommendations, as well as common sense, should help users avoid common cyber scams and stay safe online in the future.