Sample email scam from consumer.ftc.gov
An explosion in cybercrime targeting Netflix users has been reported since the coronavirus outbreak, with hundreds of phishing schemes and fraudulent websites set up to trick users. The fake sites, including netflixgiftcard.site and netflix-payment1.com, attempt to dupe victims into entering their personal information and payment details.
Cybersecurity risks are not just related to Netflix, however. There are many types of scammers out there. A scammer is anyone who uses fraudulent schemes to obtain personal data and money from unsuspecting victims. Online scams use email, text messages, or websites to trick you into giving them your information.
For example, a scammer may tell you that you’re being audited by the IRS or that your computer has a dangerous virus they can fix if you hand over your personal information. Then they can rope you into signing up for a product or service that you don’t really want or need; and even worse, they may try to steal your passwords, bank account numbers, credit card numbers, and social security number.
Do you plan to rent an apartment or apply for a car loan? What if someone stole your identity, took out loans in your name, and prevented you from qualifying for the loan you need? Common sense and a “trust but verify” approach is the best way to protect yourself from online scams. Here are ten simple things you can do to make sure a malicious person does not steal your hard-earned money or your personal identity:
1. Change passwords. If a hacker gets your password, they can try to gain access to your email, bank, or other accounts. You should use strong passwords that have at least nine characters with capital letters as well as numbers and special characters interspersed with lower case letters. Don’t use the same password for your email as you do on other accounts, especially your bank account. This one simple step can offer great protection, so one hacked account doesn’t result in all your accounts being compromised.
2. Don’t email signatures or account info. Don’t send full account numbers, passwords, or other personal info via email. Use a secure file-sharing service to send documents that have personal data or signatures. For other types of account information such as passwords or account numbers, call and verbally relay the information. This will prevent hackers from intercepting your data and using it for online scams or gaining unauthorized access to your accounts.
3. Never give out your credit card number unless you have initiated the charge. Whenever you stumble into something on the internet that requests a credit card, be very, very careful. At a minimum, make sure to read the fine print. Free services should not ask for a credit card. So always assume anything that says it’s “free” but requires a credit card is a scam. Even if it’s not a scam per se, it’s a good sign that what you’re signing up for won’t be free forever.
4. Don’t open attachments or click on email links if you don’t recognize the sender. Malware (malicious software) can be installed on your computer when you click on an email link or open an attachment from an unknown source. This is a technique called phishing – where scammers send an email in hopes of gaining access to your computer and gathering your information. The best course of action is always to play it safe. If you don’t recognize the sender, don’t open any attachments or click on any links. If it really is important, they’ll find another way to reach you.
5. Beware of phishing emails that look like they’re from a company you know or trust. At first glance, an email might look real, but it’s not. Tell-tale signs include an alarming subject line (“Recover Your Account”), a generic greeting (“Hi Dear”), poor grammar, typos, or a domain name that doesn’t look quite right. For example, legitimate Netflix emails should come from @netflix.com. A phishing email that wants you to think it came from Netflix may have a domain name such as @netflix.mail.invoices. If you get an email that appears to come from a real institution such as your bank, go to the bank’s website directly and log into your account to check for any notifications.
6. Don’t fall for unsolicited email offers that promise you “free stuff.” Scammers can create emails that look like they’re from real companies, and even use company logos. But scammers who send emails like this don’t have anything to do with the companies they pretend to be. Ask yourself if you signed up to get email discounts from this company. If not, it’s unlikely they’d send you a discount out of the blue. If you’re not sure that an email is legit, don’t on click anything, not even the “unsubscribe” link. Think about it, is a scammer really going to unsubscribe you? No, that just tells them your e-mail is active and they’ll keep sending you more stuff. Attachments and links can also install annoying adware or harmful malware.
7. Make sure an e-commerce site is secure. When buying items online, don’t enter your credit card info if the site does not include an “s” in the URL. If the URL begins with “https,” that means the site is secure, and you are safe to use a credit card for your online purchase. In other words, http:// = NOT SECURE; https:// = SECURE.
8. Don’t use public Wi-Fi. A public Wi-Fi network is inherently less secure than your own home network, because you don’t know who set it up or who else is connecting to it. Ideally, it’s better to use your smartphone as a hotspot instead. But if you have to use public Wi-Fi, you need a VPN (virtual private network). A VPN allows you to create your own secure connection to another network over the internet.
9. Monitor your credit card statements for fraudulent charges. Check your credit card statements regularly and look for suspicious transactions, no matter how small. Scammers who get their hands on your credit card details don’t always charge huge purchases. They might test you first to see if you’ll notice, by spending minimal amounts. As a credit card holder, you have the right to dispute any transaction or recurring charge that you don’t recognize.
10. Protect your computer by using security software. Everyone should install a good anti-virus, anti-malware, and anti-spyware program. Set the software to update automatically so it can deal with any new security threats that come up. If your computer gets infected by a virus or malware, not only can hackers dig through your data to steal your identity, but they may lock up your files and ask for a ransom to get them back. Consider adding a web monitoring tool like Norton Family – right now you can get six months for FREE (offer ends May 31, 2020). In addition to personal information protection, it blocks harmful or inappropriate sites, flags unsafe behavior, lets you set screen time limits, and more.
Individuals aren’t the only victims of online scams. Scammers also target small businesses. Even large corporations can be infiltrated by hackers. Data breaches have occurred at Target, Home Depot, Staples, Amazon, eBay, Facebook and Twitter, just to name a few. So you can assume that somewhere on the “dark web,” your account info is for sale. It’s only a matter of time before someone tries to exploit it. But if you change your passwords frequently, this makes the stolen data obsolete. Also, this is another good reason to check your credit card and bank accounts regularly. Doing so can tip you to fraudulent activity long before any issues show up on your credit report. Finally, be sure to take advantage of free identity theft protection services that companies may offer you after a data breach.
Do you have any other advice for avoiding online scams? Please let us know in the comment section.