“Congratulations! You’ve been pre-selected for a gift card! Click this link to claim your prize.”
If you’ve ever gotten a message like this, chances are that you haven’t won anything. You’ve been targeted by a phishing scheme, and someone was trying to obtain your personal information for fraudulent purposes.
The good news is that the overall number of identity theft victims is falling. The bad news is that in 2018, there were still 14.4 million identity theft victims. This is down from 16.7 million in 2017. Numbers are dropping, but financial costs to victims are rising. Victims’ out-of-pockets losses doubled from 2016 to 2017, to $1.7 billion.
How do you avoid the worst kind of April Fools trick—having your identity compromised and your financial security breached? Educate yourself and stay alert!
Phishing, Vishing, Smishing & Catfishing Scams
Phishing is any attempt to obtain sensitive information, such as passwords, usernames, personal details, account numbers, etc., for fraudulent purposes. Phishers may solicit information via email, phone (vishing, short for voice phishing), or text message (smishing).
You may be asked by email to click on a link to claim a prize, verify an account, or deal with a “security breach.” Someone may call you, claiming to be from your bank or credit card company. They may ask for personal details or request that you create a new pin or password. You may receive a text with a “special offer” or a “cool link.” All of these are examples of phishing.
Catfishing is when the criminal creates a fake online profile or persona and establishes a relationship with the victim. Once they have the victim’s trust, they press for personal information that they intend to use for criminal purposes.
Never open an email from an unknown party or click on a link in a social media message from a sender you don’t recognize. These are the two most obvious ways to avoid a phishing scam. Phishing attempts may be more covert than this. Here are some frequent scams to look out for.
IRS Scams
IRS scams are an increasingly common threat. A caller says they are with the IRS and threatens some sort of “consequence” if you don’t pay overdue taxes immediately. They will ask you to pay via gift card, preloaded credit card, or wire transfer.
The real IRS will never threaten you over the phone with arrest or deportation, and it cannot revoke your driver’s license. Anyone making these threats is a phony. The IRS notifies taxpayers of monies owed via mail. They may come to your door or business unannounced to collect a debt, but they will not ask you to address payment to anyone other than the U.S. Treasury. These scams happen often enough that the IRS offers a guide to help you know if you’re being contacted by a real IRS representative or a fake.
Quizzes & Fake Giveaway Scams
Quizzes and games spread like wildfire on social media, such as Facebook. If these quizzes ask for personal information, like your pet’s name, the street where you first lived, your mother’s maiden name, or where your parents met, they may be a scam. Fraudsters use the guise of “discover your superhero/rockstar/etc. name” to collect information they can use to hack into your accounts.
If you receive a text, email, or social media notification saying you’ve won a trip, prize, or lottery that you don’t remember signing up for, don’t click any links or give out information. Often scammers will ask for bank account information to collect “taxes” on your winnings. U.S. law doesn’t allow the purchase of international lottery tickets, so if someone claims you won a lottery in another country, it is a scam.
Fake Cryptocurrency & Shadow Product Website Scams
Be wary of ads for websites that sell Bitcoin and other cryptocurrencies or fake apps selling cryptocoins through legitimate venues, such as Google Play or the App Store. Look out for ponzi schemes and other crypto-scams.
All over the Internet, there are shadow websites set up to resemble legitimate businesses selling crypto coins and other goods. These websites are designed to trick you into giving up personal information. Stay away from brand new crypto exchanges and always google a company or website to cross-reference and compare logos.
Be wary of bad grammar and misspellings on “professional” sites, and don’t go through email links to retrieve an offer. If you get an email saying a product is on sale, search to find the company’s website. Click on the deal through a browser link rather than going through a link sent directly to you. Take this extra step, even if the email seems to be from a site you trust and where you shop often.
Fake Subscription Scams
Be careful when signing up for subscription-based products. Search for online product reviews, and keep a close eye on your bank account. Scam subscriptions exist. Victims sign up and have funds deducted each month for products or services that never materialize.
The Distressed Loved Ones Scam
If a loved one reaches out to you via email or social media, claiming to need funds for some sort of emergency, contact that person another way. Call or text their personal number, and ask if they sent the request. Often these are scam requests created through fake accounts.
Clickbait Scams
We’ve all seen those tantalizing headlines: ”Where are these celebrities now? What do these athletes look like 20 years later?” Sometimes clickbait sites send you to a webpage that downloads malware on your computer.
This malware may memorize your keystrokes for passwords or otherwise collect information without your permission. Copyright infringement sites, such as unauthorized sites showing TV shows, are riddled with malware.
Fake Charities & Lottery Scams
Fake charities may mimic efforts made by real charities to get your “contributions.” Always do your research before donating. Don’t contribute to Go Fund Me and other crowdsourced causes unless someone you know can personally vouch for the legitimacy of the fundraiser.
Fake Debt Collector Scams
Be wary of debt collectors. Ask for their name, address, phone number, and professional license number. Arkansas law requires any agency collecting debt in the state to be licensed, whether or not the agency is based out of state. You can check an agency’s credentials through the Arkansas State Board of Collection Agencies.
Never give out your account or credit card information before verifying the debt collector. Never send wire transfers or prepaid credit cards at all, since they are often impossible to trace. Debt collectors do not have the power to have you arrested. If someone threatens arrest, it is probably a scam.
Credit Card Scams: Skimming & Shimming
Credit card skimmers fit on top of the card reader at an ATM or gas pump and often look just like the card reader. Shimmers fit inside card readers and steal info from your card’s chip. Before using a credit card at one of these places, tug on the card reader. If it seems loose, don’t use that machine. If there is more than one pump or ATM, visually compare the card readers. If they don’t match, avoid the machines. If the machine or reader is has dents or shows signs of tampering, do not use that machine. If the card slot is so tight that you have a hard time getting your card inside, keep a close eye on your account. A tight card reader is a red flag.
The safest bet is to pay for gas inside, rather than paying at the pump. Only use ATMs in well-lit, busy areas, where a thief will be less likely to install a reader.
Want to Know More? Wondering About Your Cybertheft Risk?
The Arkansas Attorney General’s Office has a great list that offers more information on common scams.
Take our free cybertheft risk assessment test and consider protecting yourself through our CyberScout identity theft protection program. Cyberscout is free when you purchase auto insurance through Farm Bureau Insurance.
Have questions about Cyberscout? Contact a local agent today.