We’ve asked around to several industry leaders to compile our list of the top phishing scams of 2022 and how you can protect yourself and your business. One of the biggest red flags we saw in our research was a recent report from SLASHNEXT, in which they recently analyzed billions of link-based URLs, browser channels, emails, attachments, and mobile messages and found that in the 6 months of research there were more than 250 million attacks. If that number doesn’t scare you then the next one will. SlashNext stated that was a “61% increase from 2021.” That’s an aggressive one year change. There is no such thing as the perfect email filter so it’s up to us to weed out the less obvious and at times well designed scams. SofTouch believes in behavior-based security as a proactive approach to security in which all relevant activity is monitored so that deviations from normal behavior patterns can be identified and dealt with quickly.
The first line of defense to any invader is knowledge. An act of aggression can not be defended if you don’t know what’s coming right? So, combined with a strong MSP (managed service provider such as SofTouch Systems) and a bit of proactive education, you can be safe from scams such as job scams, email phishing, and other opportunistic schemes designed to take advantage of others.
1. Google Voice Scam
Sometimes our phone numbers make their way into the wrong hands. I’m sure most people have been called about an “extended warranty” at this point if not, you know someone that has. Scammers or “baddies” as I like to call them will get your phone number from any number of social media sites you use when you asked for a restaurant reference, buying a car, furniture or any interaction you have had and they will reference the post for validation. The next thing they will do is ask you to verify you are the person that made the post and that you aren’t in fact “a scammer.” The first thing that happens is they will have a Google Voice send you a “verification” code. (Google Voice is a VOIP which makes this scam possible) The “baddie” will then ask you to “verify” that code to them. Once you read it back to them, they’ve got what they need because now, thanks to you, they have a Google Voice phone number/account set up as you. From here they can use YOUR Google Voice phone number to cover their tracks for other scams. This may be a low “impact” scam on you personally, it can have serious ramifications for everyone else to include those closest to you.
Our best advice to protect yourself from this style scam is two part. 1. NEVER give out verification codes, passwords, or anything that could be considered confidential to anyone. If you don’t trust your own instincts, ask a professional. In the event a professional is not available when you want to know if something is confidential, be patient and wait until one is. 2. If you must put your number out there, make sure you have a two factor sign in set up with your carrier. Be sure to save your information somewhere secure. HAVE WE TALKED ABOUT PASSWORD MANAGEMENT?
2. Program Assistance Scam
This is another really broad scam that has seen surges post pandemic. With less than confident media sources available to the masses it can be difficult to know what assistance programs are available and who they affect. In 2021 we saw state and federal assistance programs available some needed to be applied for by a certain sector and this opened the door for “baddies” to play real life Among Us and pretend to be associated to these programs. Programs to watch out for; rental assistance, FEMA payments, college tuition, social security, and IRS.
Our best advice to protect yourself from this scam, is to do your due diligence. Make sure you verify who it is you are communicating with. Get them to send you an email but you tell them what to use as the “subject” line so that you will be able to find it easier. Ask for a call back number in case of the call getting dropped and then purposely drop the call and call them back. Use your best judgment but remember the more vigilant you are about security the less likely you will be a victim.
3. Job Scam
Not everyone has job security and that leads to many of us keeping our toes in the water to see if our services might make us more money elsewhere. Keeping a profile on LinkedIn, Monster, Indeed, or the like can’t be avoided because, well, that’s where the jobs are. What happens is that baddies will pretend to have a job for you. (Yeah the old carrot and the ass treatment) They will be after as much information as you are willing to give them and trust me when I say everything you say will be kept and recorded and saved as data somewhere. Then they also might have a high paying offer for you but you will have to pay to apply for this job. If you send them the funds they will promise you a job that fits perfectly and will be hard to resist.
Our best advice to avoid a scam like this, 007. Do your best “James Bond” and create a “job searching” profile. Create a free email account, create a free VIOP account, and remember not to share more than a person can learn from your resume. Also if you get a job offer, independently call that companies HR to verify. Doing your homework didn’t stop after school, they didn’t tell you?
4. Fake Employee Scam
A recent study shows that 1/3 of the fake employee scams were when the “baddies” do their best “Amazon” employee. We are all affected by online impostors, it destroys trust and creates a chaotic atmosphere where the “baddies” benefit most. Amazon is targeted because they are the largest brick and mortar-less entity but all businesses are at risk. “Baddies” will contact you about a package and need you to click on a link or open an attachment. This scam is one of the oldest known to man and has many different paths that can be taken depending on their method of delivery. If you click a link it will take you to a very real looking “sign in” page for the retailer/vendor in question but if you put your details and hit enter, you will have just given them your user name and password. NEVER use a link connected to an email account you don’t recognize. Get used to paying attention to email names. If
5. Gift Cards
The old “gift card” scam isn’t going away anytime soon, not as long as you can exchange cash for plastic. Now this type of scam either happens to people with terrible friends or friends that aren’t very good at taking care of their identity. If one of your “friends” contacts you on social media and they are “frantic” about whatever situation they have found themselves in and they need your help. Now if the only way they can help you is through gift cards, I’d be willing to be with 90% accuracy that this is in fact a scam. Maybe your friend had their identity stolen or possibly they themselves are caught up in a scam and aren’t aware. If you buy a gift card, put it in a stocking, envelope, or just hand it to the person you want to have it because any other use is just shady.
Our advice to avoid this scam, follow our previous advice of not sharing ANY verification codes, passwords, or the numbers on the back of cards. Unless you are speaking to a business and using a card for the purchase, you should never share your cards information. Every day we take the risk that the business that we are using will treat our bank information securely and that risk will always be there. Again, know who you are talking to, working with, and paying.
8. Peer to Peer (P2P) Payments
This one is new to the current generation of scams where in people are getting scammed while using P2P platforms such as Zelle, Cash App, Venmo, and such. The P2P platforms are not scams, these are just the format in which the “baddies” use to get your money. Ultimately you have the power here. Just don’t send businesses money using these platforms.
Our best advice for avoiding a scam using the P2P platforms again goes back to doing your “due diligence” and knowing who you’re sending money to. The reason “scams” are hard to convict is because the “baddie” only talks people into giving away things. Usually they are after money but there are other times when they want information, emails, leverage, or any number of things they can use to their advantage.