The deception was fairly cunning: A buddy messaged Giordano on Instagram asking if she could assist her in winning a competition (full disclosure: Giordano is a friend of mine).
All Giordano had to do to respond to her friend’s text messages containing links was to take a screenshot of the message. Giordano followed directions.
A short while later, she received an email from Instagram informing her that someone had accessed her account using a different location and device.
What happened to Giordano was actually fairly easy, even though it sounded like a lower-stakes but the higher-tech version of The Ring.
There was no contest, and her pal did not send the text. Giordano’s friend, or most likely someone impersonating her friend and accessing her account, went to Instagram’s password reset page and asked for a link to change Giordano’s password.
Instagram responded by texting Giordano a link to her Instagram account so she could access it.
The URL of the link was in the text, so when Giordano grabbed the screenshot and emailed it back, the con artist just typed the URL into their smartphone, and that allowed them to get into Giordano’s account without the need for a password or a curse.
Fortunately for Giordano, she quickly noticed Instagram’s email and was able to go back into her account before the fraudster took control of it. She disabled two-factor authentication, changed her password, and barred her friend’s access to her account.
Giordano admits, “I was just really trusting and ignorant. “After everything was said and done, I felt fairly dumb.”
She wasn’t supposed to. Giordano’s other friends had previously requested her assistance with (actual) social media-based contests, so of course, she didn’t think much of the Instagram messages that appeared to be from a friend. She was assured that sending a screenshot wouldn’t jeopardise her account’s security.
She didn’t even know how it happened till we spoke; it took me some time to understand until I saw this tweet warning about this particular scam. Giordano might have lost access to her account permanently and would have likely tried to con all of her friends had she not seen that email from Instagram.
We’d like to believe that frauds only affect those who are less intelligent or knowledgeable than ourselves.
This is why the vast majority of those who are victimised by scams never report it: Either they are ashamed to acknowledge they were conned or they are unaware that they were.
But anyone, including you, could experience it.
According to Yael Grauer, content lead for Consumer Reports’ Security Planner, “Some of these frauds are good, which is why they work.
“Even though I believe that education is crucial, social engineering exists for a reason. You can’t always be vigilant and faultless.
Scammers prey on our deepest needs and fears. It’s worthwhile to invest the effort in learning to identify their strategies because they keep getting better.
The platforms that con artists employ may alter, but many of their fundamental tactics do not, and so do the suggestions for how to guard against them.
Don’t freak out…
My initial reaction was utter dread (My checkmark! ) when I noticed a new login to my Twitter account from Moscow in an email. My DMs! My standing!).
The email first resembled Twitter’s official login confirmation emails at first sight. It was even sent from an email address that is quite similar to the one Twitter uses for these warnings. I’ll admit that I nearly clicked the link for account restoration.
After the adrenaline subsided, I realised that “Twitter-act.com,” rather than “twitter.com,” was the sender of the email. It contained a misspelling and was sent to my business email address, which is separate from my Twitter account.
Most importantly, I recalled that a few days earlier, some of my coworkers had received similar phishing emails. I actually knew to anticipate this one, but for a brief moment, I forgot—and that was the whole point.
According to Kathy Stokes, director of fraud prevention at the AARP, “it’s really, extremely hard for us to access logical thinking when we’re in a heightened emotional state, and it’s so hard to come out of that condition after you’ve engaged.” “Try to let it be your red flag if you sense an immediate sort of visceral, emotional reaction to something heading your way.”
Scammers are aware that feelings facilitate their work. People tend to become careless or let their guard down, which is why so many scams begin with urgent messages instructing you to take immediate action, such as disputing an incorrect charge on your Amazon account, repairing your social media account after it was hacked, or avoiding an arrest by the IRS police by paying a bill that can only be settled with gift cards.
A genuine message nearly always doesn’t require a response within the following 30 seconds. So before you click anything, take those 30 seconds to collect your thoughts and relax.
… and don’t interact
The wisest course of action is to disregard a message or call you weren’t expecting or don’t recognise. Even what seems to be a completely benign SMS with the wrong number could actually be someone trying to deceive you by striking up a discussion.
I’ve received a couple of those texts with the incorrect number, and while I’d like to think that they kept texting me back because of my wit and conversational finesse, it’s highly unlikely that this was the case.
Someone texts you something significant enough to alert them to the error, and then all of a sudden, they say, “You sound like a terrific person,” according to Grauer. The majority of the time, it’s a hoax.
Find another place to meet your soul mate.
This is particularly true for texts and phone calls that you are aware are scams. The best thing you can do is block the number and carry on with your life, despite your initial thoughts that it will be cathartic to answer by cursing out the people attempting to take your money.
Engaging with a scammer will simply set you up for receiving additional messages, calls, and emails since it will reveal to them that there is a real person on the other end of your phone number or email address.
According to Alex Quilici, CEO of robocall-blocking software business YouMail, “the basic rule of thumb is simply hang up and call whatever enterprise you think phoned you directly.” If your “bank” calls, for instance, you should hang up, look up the bank’s phone number on your debit card (or another official source, such as its website), and then dial that number. “That’s the only absolutely safe course of action in this situation.”
Stopping fraudulent texts and calls from ever reaching you is even better. Phone providers now provide free spam-blocking systems that can recognise and reject conceivable spam or scam calls.
Certain services can stop suspected spam texts, like text filters built into iOS devices and the Google Messages app, which can alert you if a text appears suspicious.
Never divulge your password.
By now, shouldn’t this be clear? Obviously not, as it’s estimated that 90 per cent of cyberattacks are the result of successful phishing scams, in which a hacker or con artist deceives victims into believing they are giving their sensitive information to a reputable or established source.
Better than others are some. In my own life, I’ve witnessed some intelligent people fall victim to email attacks from their employers (they clicked the links, but I hope they all stopped short of giving out their passwords).
Because of this, the majority of companies will inform you that they will never ask for your password, and authentication documents typically include something to the effect of “[Company] will never ask you for this code.”
Additionally, since texts are significantly less secure than authenticator apps, you should really cease utilising two-factor authentication with them. One is produced by Google for both iOS and Android.
Social media is a favourite tool for scammers for locating victims. If you’ve ever tweeted the word “hack,” you’ll receive a stream of what I like to refer to as “Twitter Scam Reply Guys,” who will typically advise you to get in touch with someone they say they know who can help you get your account back as long as you provide your login information and/or pay them (don’t do this).
Malicious links, frequently found in emails, texts, or direct messages (DMs), are a typical way for people to be defrauded or hacked. Before clicking on a link, always look to see where it will take you, and only visit trustworthy websites.
Of course, it’s easier said than done; on a tiny mobile device, it can be difficult to see where a link is leading you, and shortened link services may make it impossible to predict where you’ll end up.
You might not be aware that the website you are being sent to isn’t FedEx if you receive a text from FedEx regarding a package delivery that includes a link, for instance.
Going directly to a company’s website is preferable to clicking on a haphazard link in a text you weren’t expecting in the first place.
If you receive an SMS claiming to be from FedEx or Wells Fargo, go to those websites instead of clicking the link in the text.
And if you’re not 100 per cent certain that a website is what you believe it is, don’t enter any important information on it, including your credit card number, social security number, or password.
Use payment apps with extreme caution.
Overpayment scams, in which a person delivers you more money than you anticipated and then demands that you return the excess, are still prevalent today. Paper checks and wire transfers were formerly the norms. It has become simpler thanks to payment apps.
In fact, because it’s so easy to transmit money through peer-to-peer payment apps like Venmo, Zelle, and Cash App, and because those transfers happen instantly, many frauds have become more prevalent.
There’s a reason why those applications keep warning you to double-check that the recipient of your money transfer is who they say they are: Once your money is sent, you frequently have no way of getting it back.
The security features of these services are not as strong as those of, say, a credit card or, in some cases, PayPal.
Scammers use random accounts (like yours) to send money, then claim they sent it to the wrong person and beg you to send the money back as an example of how they take advantage of these apps and human decency.
Being gracious, you give the money back, only to learn later that it was sent using a credit card that was stolen. You now have to pay back the entire amount.
Even if the sender makes a strong case for why you should return the funds if you get extra or unforeseen funds, you shouldn’t automatically do that. The best course of action is to speak with the payment app and resolve the issue through them rather than with the person who sent you the money directly.
On these apps, there are a few ways to safeguard yourself. Most will include a method for you to ensure that you are transferring money to the correct individual by calling or checking their email address first. Use these safety measures.
Consumer Reports advises using a credit card to join peer-to-peer payment apps rather than a bank account since credit cards offer additional security against fraudulent transactions.
Even though most payment apps charge a 3 per cent fee on credit card transactions, your credit card provider may be able to protect you if the app is unable to do so.
Put a PIN number on such apps as well so that even if someone gets their hands on your phone, like if they borrow it to make an emergency call, they can’t access your apps and take your money.
Using your payment app will now require an additional step, but entering a quick four-digit PIN that you can quickly remember might help you save a lot of money.
Even under ideal conditions, the cryptocurrency market is a loosely (or minimally) regulated one that is both unpredictable and complex. That has contributed to it becoming a top target for scammers and hackers.
Cryptocurrency’s decentralised nature may be part of its attraction, but it becomes significantly less so when you check your wallet one day and find that all of your monkeys have vanished.
If you’re lucky, OpenSea will temporarily halt the trade-in of your stolen NFT, or Coinbase will compensate you if your cryptocurrency was taken as a result of a weakness in its own security. Don’t rely on it, though.
Sean Gallagher, a senior threat researcher at Sophos, advises people not to get engaged in something if they don’t understand how it works.
It’s probably not a good idea for most people to go into bitcoin investing, given that many people who consider themselves to be knowledgeable about cryptocurrencies yet manage to get scammed.
Even though cryptocurrency is still relatively new, many individuals are being duped by some of the oldest tactics in the book.
According to Stokes of the AARP, she has witnessed “a tonne” of scams in which con artist gets the trust of their target and promises to invest their money in cryptocurrency with a high rate of return.
Consumers lost $1 billion to cryptocurrency-based fraud between January 2021 and March 2022, according to a recent report from the Federal Trade Commission. Most of these losses were caused by false investment schemes, the majority of which were spread through social media posts or advertisements.
Again, most people don’t record being cheated, so those losses are only those that people reported to the FTC. Nowadays, it’s simple enough to lose money when investing in “legal” cryptocurrencies. Why increase the risk?
Defend yourself against yourself.
Protecting your accounts as much as you can in advance from your blunders is one approach to avoid being conned.
The scammers would have needed the code from Giordano’s authenticator in addition to the URL to access her Instagram account if it had two-factor authentication.
There are a few techniques to prevent account hacking, such as enabling two-factor authentication and utilising unique passwords across the board with the use of a password manager.
Using hardware authenticators and anti-malware software, both of which are available for mobile devices, you can further secure your system.
According to Mark Ostrowski, chief of engineering at cybersecurity company Check Point, “that’s what security software is designed to accomplish.” If there is “a lack in judgement or if the fraud is really, really, really, really good,” it should safeguard you.
Your security precautions can seem like more work than they’re worth at some time. I’ll confess that it was simpler when I didn’t have to maintain my password manager, two different authenticator applications, and text messages for accounts that don’t support authenticator apps.
But rather than risking being hacked and (temporarily) losing $13,000, as I did the last time hackers broke into my bank account, I’d rather have to go through an extra step to enter into an account. Who has your password or how they obtained it is always a mystery?
Consumer Reports’ Grauer claims that the continual usability vs security debate is frustrating, time-consuming, and unpleasant.
You must choose where usability and security should coexist while keeping in mind what you would lose if someone stole your accounts.
After then, all you can do is make an effort to remember these suggestions, pray for the best outcome, and don’t be too hard on yourself if the worst happens.
Read more:-
- Biden Signs Historic Gun Legislation and Claims That “Life Will Be Spared”
- Once More, the Uvalde Parents Have Been Let Down
- Foreign Shipments of Infant Formula Are Increasing Amid a US Scarcity
Ostrowski declares, “I think it’s vital to have a healthy paranoia,” before acknowledging that even he has made mistakes and clicked on a few inappropriate sites. I hate to say it, but I believe that everyone has, right?
