Recognizing and Avoiding Online Scams

Recognizing and Avoiding Online Scams

By George V. Howe, Wealth Manager

Now, I don’t want to scare anybody but it sure seems like cybercrime, and the devious thieves behind it, is increasing rapidly. According to the Federal Trade Commission (FTC), identity theft is the fastest growing crime in America, affecting nearly 10 million people, if not more. Although online crime is a fast-moving target, currently, the primary methods in use by identity thieves are social engineering and phishing -- or typically a combination of both.

This crime occurs when a thief obtains confidential information -- including passwords, personal ID numbers, Social Security numbers, or an account number used with a financial institution -- and uses it to commit fraud. Identity thieves use a victim's stolen information to open bank and brokerage accounts, run up bills for credit card purchases, obtain loans, and commit other forms of financial fraud.

Criminals obtain a victim's personal information in a number of ways -- both online and off. But as incidents of identity theft grows, so too does the arsenal of tools and sophistication level of techniques used to perpetrate the crimes.

As the term implies, social engineering relies heavily on human interaction and often involves tricking unsuspecting victims into breaking normal security procedures. In short, it is a way for criminals to gain access to your computer or mobile device and the sensitive personal data it stores. For instance, a social engineer may use text messaging to contact a mobile device inviting the user to click on a link to a bogus website where the thieves collect user credentials and other personal information.

Similar results can be achieved through a phishing attack, in which the criminal uses email to lure victims to fake websites and then gain access to their passwords and usernames, credit card numbers, and other key data. Phishing emails often appear to be from a legitimate company that the victim recognizes.

In yet another instance, attackers may inject infected "malicious" code onto your computer via email attachments, links contained in emails, infected search engine results, or through videos and documents on legitimate websites, particularly social networking sites. In the mobile device world, criminals can corrupt a legitimate smartphone app and upload it to a third-party site. If users innocently install the app, they expose their devices to assaults by hackers who collect personal user data, change device settings, and sometimes even control the device remotely.

In today's 24/7/365 world, it is nearly impossible to secure all sources of personal information that may be "out there" waiting to be intercepted by eager thieves. But you can help minimize your risk of loss by following a few simple hints offered by the Federal Bureau of Investigation (FBI):