Don’t
be
their
next
victim
–
here’s
a
handy
round-up
of
some
the
most
common
signs
that
should
set
your
alarm
bells
ringing
We
all
spend
so
much
of
our
time
online
these
days.
It’s
estimated
that
the
average
adult
spends
the
best
part
of
seven
hours
per
day
glued
to
their
screens.
When
we’re
finished
with
work,
we’re
hitting
up
our
apps
to
watch
TV,
do
our
online
banking,
play
games,
socialize
with
friends
–
even
visit
the
doctor.
Cybercriminals
and
fraudsters
know
all
this.
They
know
we’re
comfortable
with
digital
interactions,
and
that
we
routinely
hand
over
personal
and
financial
information
to
the
organizations
we
interact
with
online.
And
they’ve
devised
a
variety
of
ways
to
get
ahold
of
that
info,
and
our
hard-earned
cash.
This
is
where
we
all
need
to
get
a
bit
more
digital
savvy.
By
learning
what
typical
tactics
the
bad
guys
use,
we
can
stay
safer
online
and
keep
our
personal
data
and
money
under
lock
and
key.
We’ve
rounded
up
10
of
the
most
common
warning
signs
that
should
set
your
alarm
bells
ringing.
1.
The
message
is
unsolicited
These
are
the
classic
phishing
emails
or
even
texts
(smishing)
that
form
the
basis
of
many
fraud
and
cybercrime
attacks.
There
is
an
almost
limitless
variety
of
themes,
but
phishing
generally
works
via
social
engineering,
a
way
that
fraudsters
trick
victims
into
doing
their
bidding
–
for
example
by
forcing
them
into
making
a
rushed
decision,
and/or
pretending
to
be
a
representative
from
a
reputable
organization
like
the
government,
a
tech
vendor
or
bank.
The
end
goal
is
usually
to
steal
logins
and
personal
and
financial
information,
or
get
you
to
unwittingly
download
malware onto
your
device.
Fake
email
notification
2.
They
call
you
out
of
the
blue
Also
known
as
voice
phishing,
or
“vishing”,
scam
calls
are
on
the
rise.
One
report
claimed
they
surged
550%
in
volume
year-on-year
in
Q1
2022.
Fraudsters
often
use
these
calls
as
part
of
a
multi-stage
phishing
attack,
with
victims
tricked
into
calling
the
number
via
a
scam
email.
These
“hybrid”
vishing
campaigns
now
number
26%
of
all
vishing
calls.
Popular
tactics
include
cold-calling
victims
pretending,
for
example,
that
something
is
wrong
with
their
computer
(tech
support
fraud)
or
that
there
is
something
wrong
with
any
of
your
valuable
online
accounts,
i.e.,
typically
those
containing
your
personal
and
financial
data.
Example
of
a
phone
scam
where
fraudsters
attempt
to
convince
a
target
that
their
identity
was
stolen
(both
samples
feature
pre-recorded
messages,
but
in
the
second
one
the
target
is
eventually
connected
to
an
actual
person.)
Transcript
of
another
vishing
voicemail
message
(source:
Twitter)
3.
You’re
being
rushed
into
action
This
is
a
common
tactic
used
in
social
engineering
and
phishing
attacks,
designed
to
pressure
the
victim
into
making
a
rash
decision.
It
could
be
a
prize
draw
that’s
about
to
end.
It
could
be
a
fake
delivery
notice
which
says
the
item
will
be
returned
to
sender
unless
a
tax
is
paid.
The
idea
is
to
force
that
user
into
opening
a
malicious
attachment,
clicking
on
a
malicious
link
and/or
entering
their
personal
details.
4.
Something
doesn’t
feel
right
While
fraudsters
are
working
hard
to
sound
more
convincing
and
are
bound
to
co-opt
tools
such
as
ChatGPT
for
their
own
ends,
don’t
expect
all
social
engineering
scams
to
suddenly
use
perfect
English.
If
an
email
opens
with
a
generic
salutation
like
“Dear
client”
and/or
is
laden
with
grammar
mistakes,
you’re
most
likely
dealing
with
a
scammer.
A
message
that
is
sent
from
a
legitimate
organization
is
unlikely
to
contain
a
large
number
of
misspelled
words
or
odd
mistakes.
5.
Out-of-the-blue
requests
to
download
a
new
update
Software
updates
are
important
for
your
secure
and
optimized
user
experience,
but
you
need
to
make
sure
you’re
downloading
your
updates
from
the
right
source.
In
other
words,
be
wary
of
installing
anything
on
your
computer
that
isn’t
properly
vetted
or
is
not
listed
for
downloaded
on
a
legitimate
vendor
site/app
marketplace.
Phishing
tactics
often
try
to
persuade
you
to
do
so.
The
original
message
may
be
spoofed
to
appear
as
if
sent
from
a
legitimate
vendor
or
service
provider
like
a
mobile
carrier.
The
Pink”
trojan
can
now
auto-reply
to
received
messages
not
only
on
WhatsApp,
but
also
Signal,
Skype,
Viber
and
Telegram.
The
replies
link
to
a
malicious
website
further
distributing
the
malware.
#ESETresearch
@LukasStefanko
1/3
pic.twitter.com/B5X0DEQTx2—
ESET
Research
(@ESETresearch)
April
19,
2021
6.
A
popup
alert
with
a
number
to
call
in
order
to
cleanse
your
device
of
malware
Fake
alerts
are
sometimes
designed
to
facilitate
scams,
especially
tech
support
scams.
Here,
fake
popups
might
appear
on
your
screen
after
visiting
a
malicious
site.
The
message
may
incorrectly
say
the
machine
has
been
compromised
with
malware
and
that
you
must
call
a
support
number
to
get
their
machine
cleaned.
In
fact,
doing
so
will
take
them
straight
through
to
a
fraud
call
center.
Example
of
a
tech
support
scam
7.
An
offer
that
seems
too
good
to
be
true
Scammers
frequently
take
advantage
of
the
credulity
of
many
internet
users.
It
could
be
high-value
products
for
sale
that
are
significantly
marked
down
in
price.
Or
lavish
prizes
being
offered
for
participation
in
surveys.
Or
even
investment
opportunities
in
cryptocurrency
with
no
downsides.
The
bottom
line
is
that
if
it
looks
too
good
to
be
true,
it
usually
is.
No,
you
haven’t
won
a
lottery
8.
You’re
lavished
with
love
after
just
a
few
interactions
Lonely
hearts
who
try
their
luck
on
dating
sites
should
be
aware
that
many
of
the
profiles
they
interact
with
may
be
fakes.
Scammers
befriend
their
victims
online
and
then
swiftly
move
the
conversation
onto
unmonitored
channels
like
encrypted
messaging
apps.
They
soon
profess
their
love
then
try
to
extract
money
from
their
victim,
usually
for
spurious
reasons
like
medical
bills,
or
plane
tickets
to
see
their
Valentine.
9.
A
request
to
fill
out
a
survey
in
return
for
a
gift
As
mentioned,
survey
scams
are
an
increasingly
popular
way
for
crooks
to
elicit
personal
and
financial
information
from
victims.
One
criminal
campaign
is
netting
US$80
million
per
month
from
fake
surveys
and
giveaways.
Beware
those
offering
generous
gifts
and
too-good-to-be-true
offers.
There
will
always
be
a
catch,
whether
it’s
handing
over
your
personal
info,
or
paying
a
small
fee
in
return
for
a
prize
that
never
materializes.
This
survey,
which
was
part
of
a
scam
campaign
we
wrote
about
in
2018,
isn’t
real
10.
Upfront
requests
for
money
Instant
money
transfer
apps
like
Zelle,
Cash
App
and
Venmo
have
made
it
child’s
play
to
pay
friends
and
family.
But
scammers
are
also
requesting
payment
via
these
apps
–
for
non-existent
items
they
may
be
selling
online,
or
in
romance
scams
like
the
one
above.
They
may
even
pretend
to
be
friends/family
requesting
emergency
funds,
or
might
impersonate
a
legitimate
company
and
send
an
invoice
for
payment.
The
bottom
line
is
that,
unlike
card
payments,
these
apps
don’t
allow
the
user
to
recover
funds
if
stolen
via
fraud.
Like
cash,
once
the
money’s
gone,
it’s
gone.
With
these
and
any
other
scams,
it
pays
to
be
skeptical
online.
Don’t
download
anything
you
haven’t
verified
is
legitimate.
Don’t
reply
to
unsolicited
emails
or
texts.
Don’t
hand
over
any
info
over
the
phone.
Stay
safe!
About Author
