The holidays are fast approaching, frequently celebrated with lots of good cheer and commerce. Unfortunately, this is also a popular time for scammers to come out of the woodwork, taking advantage of both our desire for charity during this time of year as well as the search for a good deal and completed holiday lists. Our guard is often down at this time of the year, leaving us wide open to the opportunistic machinations of greedy Grinches. So how do we keep the Grinch from stealing our holiday cheer and our money? The remedy calls for a healthy helping of introspection and vigilance.
Long gone are the days when hackers cracked systems for bragging rights, amusement or revenge. Because so much valuable data lives online, hackers now seek monetary gain through selling hacked data, research, passwords or personal information, by stealing your identity, gaining access to your computer or directly stealing your money. Knowing that there is a financial motive is the first step toward arming your defenses against scams.
Successful scammers employ social engineering techniques to try to trick you into giving them what they want. These techniques include (but are not limited to):
- Luring you with too good to be true opportunities
- Alarming you into acting without thinking
- Preying on your desire to do the right thing and your honesty
- Enticing your curiosity
It is important to recognize these types of social engineering and to apply a test to every e-mail, web page, pop up, phone call, or text message you receive. Ask yourself how the contact makes you feel. If you are immediately elated, afraid, concerned, worried or curious, the contact may be a scam.
Opportunities abound on the Internet and scammers take cover in a sea of legitimate offers to sneak their attack. The old adage “if it sounds too good to be true, it is” applies here. If you receive an opportunity online that looks amazing, whether it is free stuff, a job or internship offer, a prize or a great deal on an item you want to purchase, you should think twice before proceeding. Do a little research on similar opportunities. Visit Snopes.com to make sure that it is not a known scam. And most importantly, remember that nothing online is ever free. There is a cost for everything, whether it is your privacy, your data security, or actual real money.
One of the greatest tools that successful scammers use is to manipulate you into acting without thinking. They elicit fear or alarm with scams that claim you have an overdue bill, a purchase you made has shipped, your computer has a virus, or even that they have compromising video or photos of you.
When you receive something of this nature, your natural instinct is to try to stem the damage and address it immediately. Instead, if you receive something that alarms you or makes you worried or fearful, verify the information in another way. For instance, in the case of an overdue bill, log into the biller’s website using a bookmark or known/official URL and verify if your bill is actually overdue. If you think your computer may have a virus, run your antivirus software and contact the ITS Service Desk instead of clicking on anything or calling any number proffered by scammer. Always use official/known channels to address anything that might incite alarm.
Successful scammers also utilize your desire to do the right thing. Charity scams are particularly prevalent after natural disasters. These thieves seek to take advantage of our natural tendency to want to help others in need. If you wish to do some good, do some due diligence, give to known/established charities or better yet, through the Pomona College Charitable Giving Campaign to make sure that your generous dollars to go to where they’re needed most and not into a scammer’s pocket.
Another popular spear phishing trick that preys upon your desire to the right thing involves an e-mail from someone who works with you, probably your boss, asking you to do them a favor. You naturally want to help the person out and soon the scammer is directing you to buy gift cards and to send them the card codes. In this case, you should be wary of requests that seem out of character from people you know.
Scammers will try to use your honesty against you to collect data about you. They may call and start a conversation that seems like small talk -- asking you where you went to school, your parents’ names, your birthday -- but what they are really doing is collecting personal data on you that can be used to circumvent password security questions. Be wary when providing these types of information to strangers.
Another tactic employed by scammers is to use curiosity to lure you in. “Click Bait” is a term that refers to links that appear in newsfeeds, popups or ads that entice you to click by offering some amazing information. You won’t believe what Ginger from Gilligan’s Island looks like now. These five tips will make your marriage happy. Find out which Smurf you are. More often than not, the information provided rarely meets the expectation suggested by the title (or is altogether fake news) and it gives scammers the opportunity to drop viruses and malware onto your computer. Stick to reputable sites and even there, avoid clicking on click bait.
Scammers are using these tactics to separate you from your money, data, or personal information in a variety of ways, not just limited to e-mail or computer pop-ups. They are also using phone calls, text messages, and US Postal mail. Employing introspection (how does this contact make me feel?) and vigilance to discern the motive of the interaction can help hone your instincts for spotting scams and keep the Grinch out of your holidays.