Scammers only need to get lucky once, you need to be vigilant all the time
If you think you’ve heard it all when it comes to cybercrime, think again, because the scams are constantly evolving and becoming increasingly sophisticated.
An example is ‘whaling’, an incarnation of the phishing scam, which uses stolen personal information to access accounts. Rather than targeting individuals, whaling scams seek to defraud companies’ financial departments. While this may seem harder to achieve, the potential scale of the fraud makes it worthwhile for the criminals.
If you’re complacent about being scammed or think you’re too clever or sophisticated to fall for a scam, you’re a good target for a cybercriminal. You might spot 99.9% of the poorly executed attempts, but only need to make one error of judgement.
Take, for example, the company director who was expecting a SARS refund and received an e-mail, apparently from the Revenue Service, saying the money had been paid and was in the bank account. Typical of a phishing scam, it included what appeared to be a convenient link to his bank’s website, where he could enter his password to confirm the payment. He did click on the link, but fortunately stopped short of entering his details.
He nearly fell for one of the most common bank scams in which fraudsters ask you to provide your account details or other information such as your pin number to confirm a payment. This information is then used to raid your account.
Some of these scams are so sophisticated, and the phoney web pages so realistic, that afterwards the victims will be adamant that they never revealed any personal or company information.
The bottom line is that you should never click on a link to a banking website in an e-mail, sms or instant message no matter how realistic it seems. Always enter the bank’s website address in your browser.
Another way scammers use bogus corporate identities is to pretend they are offering low-interest loans. Again the e-mail appears to come from a well-known company offering loans at very low interest rates, but asks the recipient to pay an upfront fee in order to secure the loan or to cover administrative or legal costs. Legitimate companies do not ask for an upfront fee or deposit to secure a loan. Another red flag is that if the interest rates seem too good to be true, they probably are.
Often this kind of scam pressures people to respond quickly or miss out. The scammers hope that in their haste to respond the victims won’t look too closely at the offer or contact the company.
Perhaps the best-known scams, and also the ones which should be easiest to spot, offer a large amount of money as an incentive to provide personal details or a down payment. Typically people are told they’ve won a lottery, stand to inherit some money or need to assist with a currency transaction and are either asked for their bank details or to pay a deposit to secure the transaction.
If you think criminals are hiding behind a well-known brand to try and defraud you, it’s important to report it, even if you have no intention of responding to the attempted fraud.
Most reputable financial institutions have fraud departments and will act immediately to shut down websites, bank accounts and other mechanisms used as part of the fraud.
Reporting scams is the best way to fight back. While you may not have fallen for the particular scam, by reporting it you prevent others from falling victim. Who knows, one day you might be grateful that someone flagged one that may have caught you.