October is Cybersecurity Awareness Month, but being safe online is important year-round. It’s easier to be safe when you know what cyber-scam attempts to look for.
How It Works
Phony websites: Fake websites and bogus mobile apps have long been the territory of online shopping scams. More people than ever are shopping online since the start of the pandemic, and scammers have created more fake shopping destinations to keep up with demand .•Phishing: Emails, texts and instant messages abound, impersonating legitimate senders (like a bank, shipping company, retailer, charity, or friend, among others). The typical goal is to get you to click on a link to address a problem or learn about a free federal grant, or some other ruse. Increasingly, we are seeing fake emails from Amazon, claiming they need you to click on a link to verify a purchase made on your account .•Spear-phishing: When criminals have obtained someone’s personal information (from social media, data breaches — even public records), they use it to make a targeted attack. Whereas scammers cast a wide net with phishing, spear-phishing targets an individual or organization.
What You Should Know •Fake websites and apps seek to lure us in, get us to pay for a product that never comes, or load malicious software on our devices to steal logins and passwords .•Phishing relies on the criminal’s ability to impersonate a trusted entity. Clicking on the provided link could lead to loading dangerous malware onto our device that can steal logins and passwords. It can also lead to identity fraud .•Spear-phishing is often focused on businesses to obtain access to systems and confidential information, but it isn’t limited to this. We also see it used in what we call, “Can you do me a favor?” scams. It might involve a scammer impersonating a leader of a faith community, for example, sending a quick email or text to you as an active congregant and asking you to buy hundreds of dollars in gift cards for a family in need. He directs you to snap a pic of the front and back of the card and share it, with a commitment to reimburse you later. Only the criminal impersonator drains the cards as soon as you send the pictures (and the faith leader didn’t know a thing about it)
.What You Should Do• Engage your inner skeptic when looking at emails, texts and social media messages. Scammers are banking on getting us to act without first thinking things through .•Set your device’s operating systems and protective software to update automatically, so you don’t miss out on changes that are intended to address vulnerabilities. •Enable two-factor authentication everywhere it’s offered; it confirms that you are indeed the person seeking to access a password-protected site. With this, the site will require you to prove it’s you by sending you a code by text, email or automated phone message, and having you enter that code before being able to access the site. This is intended to stop a criminal from accessing your account.

Reprinted from AARP Fraud Network.