Trust&Protect Part 3: Identifying Cybersecurity Scams
- Pete Boergermann
Trust&Protect is our 4-part guide to financial safety designed to provide you with peace of mind in times of uncertainty. In the third part of our series, we will discuss the role of knowledge in the front-line battle against cybersecurity. It’s often said that the most important part of protecting your information online is education. Being able to detect a scam early can save you from falling victim, potentially save you money and allow you to surf the web with confidence. Here are some of the most common scams, how you can avoid them and what steps you should take if you fall victim.
Phishing, Spear Phishing & Vishing
Phishing attacks are one of the most widely used scams used by criminals. These attacks come in the form of an email or text message that appears to be from a trusted source and directs people to click on bad links. Phishing attacks via text message are often referred to as “smishing.” These malicious links can then install malware onto your system, freeze your system as a ransomware attack or trick the user into giving away their personal information like passwords or credit card information. These attacks can result in stolen money, unauthorized purchases or even identity theft.
While phishing attacks are usually sent to a large number of people in the hopes of hooking as many victims as they can, spear phishing is a phishing scam that deliberately targets a person or organization. In these scams, criminals usually have some knowledge of the person or company they are targeting and include that knowledge into their scheme. For instance, the criminal may pose as a company’s IT department and ask their victims to “log in” to view a password-protected document. By doing this, the offender receives your login credentials, giving them access to your company’s network.
Vishing is a phishing attack that is perpetrated over the phone. Criminals will call their victims using a variety of methods, such as pretending to be their bank to let them know their account or credit card is compromised, posing as the IRS to issue a warning about their tax returns or presenting themselves as Medicare or Social Security and threaten to suspend benefits.
Phishing, Spear Phishing and Vishing are all similar in their execution and therefore have common themes that you can recognize to help avoid being victimized. Some red flags that could indicate a scam include:
- Asking for your information. Your bank, the IRS, the Social Security Administration and all other official entities will not ask for your personal information, especially not your password, debit card PIN or credit card number.
- Creating a sense of urgency. Whether by email, text message or phone, the scammers will try to catch you off guard by telling you to act immediately. Remain calm and do not give out any of your personal information.
- Using strange URLs or return email addresses. If they don’t look like they are from the company they claim to be, they probably aren’t. Always think before you click on anything in a communication.
If you think you are being scammed, delete the email or text, or hang up if it is over the phone. If you are curious about their claims, you can use an independent source to look up the contact information for the company or agency and get in touch with them directly. If you gave away any of your personal information, be sure to change all your passwords immediately.
Charity scams are designed to take advantage of people using emotional appeals. In these scams, criminals will lure victims by appealing to their sense of humanity, hoping they will freely give up their personal information. This is often done through phishing scams as detailed above which pose as a charity or government entity.
Before you give donate any money, it’s important to first check to see if you are donating to a legitimate organization. A few great resources to help you search are CharityCheck101.org or CharityNavigator.org, which are searchable databases that will give you an organization’s identity and tax status to give you confidence in its authenticity.
Unfortunately, these types of scams always see an increase around times of major catastrophes or events in which people want to help. We saw a rise in these scams throughout COVID, during natural disasters and we are seeing increased attempts right now with the situation in Ukraine. If you are interested in making a donation to help the Ukraine crisis, you can visit charitynavigator.org for information on 38 separate charities, broken down by confidence and the type of assistance they provide.
Ransomware is a type of software that enters your device, often via phishing scams, that will threaten to permanently block access to your computer files until a ransom is paid. This can include videos, photos, and other important documents that you store on your device. Because of the nature of Ransomware attacks, preventative maintenance is the best course of action against it. You can protect your files by backing them up regularly using an offline source. With your files backed up, you can restore your computer’s files to stop the attack. You should then contact a computer specialist to determine how it was infected and put measures in place so it doesn’t happen again. If you do not have a backup system, you should immediately call a computer security specialist and discuss your options. Either way, you should never pay the ransom. To learn more about this type of attack, you can visit our C&N Library article on Ransomware.
Being able to recognize a scam attempt quickly is the best way to make sure you don’t fall prey to a cyber-attack. As these scams become more sophisticated, it is important that you stay informed on what types of attacks occur and what you should do if you are being targeted. In Part 4 of our Trust&Protect series, we’ll discuss the dangers of misinformation and what you can do to ensure the information you consume is accurate.
Pete Boergermann joined C&N in 1998. In his role as the Director of Information Security, he is responsible for managing the information security program at C&N, while also championing IT security to make it a critical part of C&N’s business operations. Pete has previously served as Information Technology Manager/Information Security Officer.
A United States Air Force Veteran, Pete graduated from the BAI Graduate School of Bank Operations through Vanderbilt Owen Graduate School of Management in 2006 and completed the Pennsylvania Bankers Association’s (PBA) School of Banking in 2009. He earned his credentials as a Certified Information Executive from USC Upstate Campus’s Institute for CIO Excellence in 2016. He also puts his expertise to valuable use as a member of the PBA IT Technology Committee and Chair of the PBA Cyber Sub-committee.
In his spare time, Pete serves as a School Board Member of New Covent Academy and as an Elder at the Church of the New Covent and volunteers for Susquehannock Trail Performance Rally and the Annual Laurel Classic Mountain Bike Challenge. He lives in Wellsboro with his wife, Cassie, and has three daughters, Alyssa, Joy and Mikaela.