How to avoid online scams and what to do if you become a victim
Cybercrime is on the rise, but even the best antivirus software can’t thwart scammers who target the human psyche.
Some of the most damaging and costly scams involve what’s known as “social engineering.” That’s when fraudsters use time-tested techniques of deception and emotional manipulation, tricking people into divulging personal or financial information, or even granting remote access to their computers.
This is what happened to Barry Heitin, a 76-year-old retired lawyer who lost roughly $740,000 to sophisticated swindlers impersonating bank and government officials.
People of all ages and socioeconomic levels are potential targets, but older Americans are particularly vulnerable. They’re more likely to have amassed savings, and they’re perceived to be more isolated or perhaps less computer savvy.
There are also more entry points for scammers now — in our text messages, social media, dating sites or online groups. That silly personality quiz you just whizzed through on Facebook? It might have been created by fraudsters phishing for personal details.
“What is changing is the criminals’ ability to connect with us, and that’s because of the device we carry with us 24/7,” said Amy Nofziger, director of fraud victim support at AARP Fraud Watch Network. “A day doesn’t go by where we don’t have a million-dollar loss.”
Nobody ever expects to be the victim, but criminals are constantly fine-tuning their techniques and operating from well-worn playbooks.
Here are tips on how to avoid some of the most devastating schemes and what to do if you or someone you care about becomes ensnared.
Avoiding Scams
Familiarize. People may be susceptible to scams because of their life stage or circumstances. Young college graduates may be targeted by promising job offers. People buying homes are being tricked into wiring money to scammers. Older people tend to fall into schemes involving fraudsters who claim to be a government official or someone offering tech support. And people of all ages are lured into frauds promising lucrative investment returns, often in cryptocurrency.
To stay informed, familiarize yourself with the most common scams circulating. The Federal Trade Commission sends consumer alerts, and the FBI, which issues public service announcements on the latest schemes, will soon offer an option to subscribe to email updates.
Check your emotions. Criminals appeal to our lizard brains and often combine those emotional appeals with a false sense of urgency.
“I am a sophisticated person and aware of these scams, but when I heard the words, ‘We are going to kill your daughter,’ all sense nearly went out the window,” said the Rev. Debra Andrew Maconaughey, rector of St. Columba Episcopal Church in Marathon, Florida, who was targeted last month by criminals demanding money.
A retired corporate executive who lost $100,000 in a romance scam said that, in hindsight, he realized he was hooked through an “intoxicating combination” of emotions at a vulnerable moment. He was extremely lonely when an attractive banker who called herself Alice contacted him on Facebook.
After winning his trust, Alice suggested that he trade into bitcoin, “investing” money incrementally. But when he went to withdraw his fictitious winnings from what he later realized was a phony trading app, the platform told him that his account was frozen because of potential money laundering — and that he would have to pay to release it. When he told the trading app that he would contact the FBI, Alice vanished.
“I would say it was greed,” he concluded. “Never get lonely with a woman on Facebook.”
Understand what you won’t be asked for. Nofziger sees complaints daily. Her advice: “Just listen to what they’re asking for,” she said. “If anyone is asking you for prepaid gift cards, bitcoin via ATM machines, gold bars, cash, Venmo, CashApp, Zelle or Social Security numbers or Medicare information, stop,” she said.
Government and law enforcement rarely reach out to citizens by phone, and, even if they did, they will not ask you to pay them using cryptocurrency, prepaid cards and wire transfers.
Remember online hygiene. There are some basic practices that can help, but slowing down and moving more deliberately, like taking time to check whether suspicious emails have official looking addresses (or are off by one letter or digit), can help.
Don’t download software providing remote access to your computer or cellphone. Don’t click on sponsored links, advertisements and pop-up screens, all of which can contain malware. Turn on pop-up blockers in your web browsers.
Scammers can spoof legitimate numbers on your caller ID so it looks like they are calling from, say, your bank or the Social Security Administration. Be sure to call back providers using phone numbers you found independently, or on the back of your bank cards. (Also be aware that scammers have been known to take over mobile phones and redirect outgoing calls.)
If You Become a Victim
What’s my first step?
The nature of each scam is different, so the remedies will vary. But generally speaking, the first call should be to your financial institution to alert it. If you’ve wired money to a fraudster, you can try to request a recall or a reversal, but that needs to be done almost immediately.
If you’ve purchased a gift card, immediately report it to the gift card issuer.
Which law enforcement agencies can help?
Many people don’t report frauds because they feel so much shame, but it’s important to do so quickly with as much information as possible. That helps law enforcement aggregate complaints, detect patterns and emerging threats, and identify and investigate criminals.
Local police. Experts suggest starting with your local police department, though not every one will have experience or training in cybercrime. If yours doesn’t, ask for a detective who specializes in economic crimes. But some locales, including San Diego and Santa Clara, California, have created specific task forces to investigate online scams or elder exploitation.
FBI. All cybercrime victims should file complaints with the bureau’s Internet Crime Complaint Center, or IC3, the government’s central reporting hub.
The center’s Recovery Asset Team helps to facilitate communication between local FBI offices and financial institutions, which can potentially freeze funds. Last year, for example, IC3 received a complaint from a homebuyer in Stamford, Connecticut, who was deceived into sending $426,000 to scammers to close the transaction. IC3 was notified within two days and was able to freeze the scammer’s account and returned all but $1,000.
But IC3 itself does not conduct investigations, so don’t expect a call back. Instead, an analyst reviews your complaint and forwards it to the proper federal, state, local or international law enforcement or regulatory agencies with jurisdiction.
Victims should keep all paper and digital evidence in the event an investigation is opened.
For more guidance, see the IC3 website.
Secret Service. The Secret Service may not immediately come to mind, but its cyber investigative section may be able to help, particularly if you’ve wired money. You can report crimes to your local field office.
But you need to do so almost immediately if you want to have any shot of recovering the funds. Jason Kane, special agent in charge of the agency’s Nashville, Tennessee, office, said that if a person wires money to a fraudster and can contact the Secret Service less than 48 hours later, agents may be able to help.
“The sooner you call, the better our chances to recover funds, but if we are past the 72-hour mark, the likelihood of funds return is significantly less,” Kane said.
The Federal Trade Commission also collects complaints.
I would like someone to help walk me through this process.
The National Elder Fraud Hotline, run by the Justice Department, can help. The AARP Fraud Watch Network (available weekdays at 877-908-3360) can also provide more guidance.
What are the chances I can get my money back?
It’s sometimes possible but usually not probable. It depends on the scam and how quickly it’s reported to the financial institution and appropriate agencies.
What should I do if my computer may have been compromised?
If you believe a scammer may have had access to your device, get your machine scrubbed clean by a professional, like BestBuy’s Geek Squad service (just beware of related scams!), Apple’s Genius Bar or a local computer technician.
That means formatting your computer back to its factory settings and reinstalling the operating system. Taking this step would remove any malware you can’t see, including remote access trojans, which let hackers control your device, said Sinan Eren, a cybersecurity expert and CEO of Opnova, a startup that automates security.
“This is the correct approach to remove any doubt,” Eren said.
If my computer starts sounding alarms, what should I do?
Several victims seem to have clicked on a pop-up window, ad or some other link that caused their computers to make loud noises, as if it were under attack. Do not follow the instructions on the screen. Instead, shut the machine off and disconnect from the internet. Then you’ll want to scrub the machine clean to ensure it’s free of any lurkers.
What should I do if I suspect my phone has been compromised?
Fraudsters can infiltrate your mobile device in different ways like having calls and messages forwarded to another number, or porting your phone number to a device they control (known as SIM swapping).
If you think your phone has been tainted, visit your mobile carrier’s store, or call the provider from another phone number.
Tell them about your suspicion and go over your account settings with them, including call forwarding and your voicemail password, Eren said. “It is a good idea to establish a security PIN with your mobile carrier, which will be asked when you call for service from there on,” he said.
Eren also suggests returning the device to its factory settings, recovering data through iCloud or Google Play, and always updating the operating system as soon as an update becomes available.
Anything else?
It’s always a good idea to get a free copy of each of your credit reports from the three credit agencies — Equifax, Experian and TransUnion — to see if fraudsters have opened up any accounts in your name. Then, freeze your credit files, which restricts access to your credit reports and makes it more difficult for scammers to open new lines of credit in your name.
Change passwords for email, financial institutions, computers and mobile devices and any other sensitive accounts. Always use two-factor authentication, if you don’t already.
Protecting Others
Falling victim to a scam does not necessarily suggest a parent or grandparent is experiencing cognitive decline, but it can be an early indicator. Research has shown that difficulties managing money and financial decision-making can be one of the first signs of dementia.
If cognition is a concern, general screens can be performed by a primary care physician, and a more detailed evaluation can be done by psychiatric or neurology specialists. But a combination of factors, with or without cognitive issues — loneliness, trouble sleeping, depression — can make an older person more vulnerable to scams. “That really increases their risk,” said Jacob Holzer, a geriatric and forensic psychiatrist, and assistant professor at Harvard Medical School.
That’s why placing trusted contacts on financial accounts is important; doing so gives institutions someone to alert if firms have reason to believe a customer is being exploited.
There are also services like Carefull, which provides a bird’s-eye view across all accounts and monitors for unusual activity or uncharacteristic behaviors. The service alerts individuals, or their trusted contacts, if they detect something suspicious.
This article originally appeared in The New York Times.
© 2024 The New York Times Company