Top Phishing Scams in 2022 and how to stay safe.

We’ve asked around to several industry leaders to compile our list of the top phishing scams of 2022 and how you can protect yourself and your business. One of the biggest red flags we saw in our research was a recent report from SLASHNEXT, in which they recently analyzed billions of link-based URLs, browser channels, emails, attachments, and mobile messages and found that in the 6 months of research there were more than 250 million attacks. If that number doesn’t scare you then the next one will. SlashNext stated that was a “61% increase from 2021.” That’s an aggressive one year change. There is no such thing as the perfect email filter so it’s up to us to weed out the less obvious and at times well designed scams. SofTouch believes in behavior-based security as a proactive approach to security in which all relevant activity is monitored so that deviations from normal behavior patterns can be identified and dealt with quickly.

The first line of defense to any invader is knowledge. An act of aggression can not be defended if you don’t know what’s coming right? So, combined with a strong MSP (managed service provider such as SofTouch Systems) and a bit of proactive education, you can be safe from scams such as job scams, email phishing, and other opportunistic schemes designed to take advantage of others.

1. Google Voice Scam

Phone numbers often end up in the wrong hands. Most people have received an “extended warranty” call, or they know someone who has. However, newer scams can feel more personal. Scammers may find your number through social posts, marketplace listings, or local recommendation threads. Then, they may mention your post to make the message feel legitimate.

Next, the scammer asks you to prove you are the real person behind the post. They may also claim they need to confirm you are not a scammer. That request sounds reasonable, but it is the trap. They may use Google Voice or another VoIP service to send a verification code to your phone. Then, they ask you to read that code back to them.

Once you share the code, the scammer may have what they need. They can use your phone number to help set up a Google Voice account. After that, they can use that number to hide their identity during future scams. This may not harm you immediately, but it can still create serious problems.

The safest rule is simple: never share verification codes, passwords, PINs, or account recovery links. If someone asks for a code, stop the conversation. If you feel unsure, ask a trusted IT professional before you respond. Waiting a few minutes is better than helping a scammer gain access.

Also, protect your phone carrier account. Ask your carrier about account locks, port-out protection, and two-factor sign-in. Then, store those account details in a secure password manager. Strong password habits make these scams much harder to pull off.

2. Program Assistance Scam

Government assistance scams often rise when people feel stressed, confused, or unsure where to turn. After disasters, shutdowns, economic trouble, or new relief programs, scammers move fast. They pretend to represent real programs for rent, FEMA aid, tuition, Social Security, taxes, or business support. Because the topic feels official, many people lower their guard too soon.

However, a real offer of help should still survive basic verification. Ask for the caller’s name, agency, case number, official website, and callback number. Then, end the call and contact the agency through its official website or published phone number. Do not rely only on the number, link, or email the caller gives you.

Also, be careful with email. You can ask for written information, but check the sender address before you respond. Scammers often use lookalike names, rushed deadlines, and official-sounding language. Therefore, never send passwords, verification codes, banking details, tax records, or Social Security numbers through an unexpected message.

The safest rule is simple: verify first, respond second. If something feels urgent, slow down. If the caller pressures you, stop the conversation. The more disciplined your verification process becomes, the less likely you are to hand useful information to a scammer.

3. Job Scam

Not everyone has job security and that leads to many of us keeping our toes in the water to see if our services might make us more money elsewhere. Keeping a profile on LinkedIn, Monster, Indeed, or the like can’t be avoided because, well, that’s where the jobs are. What happens is that baddies will pretend to have a job for you. (Yeah the old carrot and the ass treatment) They will be after as much information as you are willing to give them and trust me when I say everything you say will be kept and recorded and saved as data somewhere. Then they also might have a high paying offer for you but you will have to pay to apply for this job. If you send them the funds they will promise you a job that fits perfectly and will be hard to resist.

Our best advice to avoid a scam like this, 007. Do your best “James Bond” and create a “job searching” profile. Create a free email account, create a free VIOP account, and remember not to share more than a person can learn from your resume. Also if you get a job offer, independently call that companies HR to verify. Doing your homework didn’t stop after school, they didn’t tell you?

4. Fake Employee Scam

A recent study shows that 1/3 of the fake employee scams were when the “baddies” do their best “Amazon” employee. We are all affected by online impostors, it destroys trust and creates a chaotic atmosphere where the “baddies” benefit most. Amazon is targeted because they are the largest brick and mortar-less entity but all businesses are at risk. “Baddies” will contact you about a package and need you to click on a link or open an attachment. This scam is one of the oldest known to man and has many different paths that can be taken depending on their method of delivery.

If you click a link it will take you to a very real looking “sign in” page for the retailer/vendor in question but if you put your details and hit enter, you will have just given them your user name and password. NEVER use a link connected to an email account you don’t recognize. Get used to paying attention to email names. If

5. Gift Cards

The old “gift card” scam isn’t going away anytime soon, not as long as you can exchange cash for plastic. Now this type of scam either happens to people with terrible friends or friends that aren’t very good at taking care of their identity. If one of your “friends” contacts you on social media and they are “frantic”, that should be a red flag. No matter whatever situation they have found themselves in and they need your help. Now if the only way you can help them is through gift cards, I’d be willing to be with 99% accuracy that this is in fact a scam. Maybe your friend had their identity stolen or possibly they themselves are caught up in a scam and aren’t aware. If you buy a gift card, put it in a stocking, envelope, or just hand it to the person you want to have it because any other use is just shady.

Our advice to avoid this scam? Follow our previous advice of not sharing ANY verification codes, passwords, or the numbers on the back of cards. Unless you are speaking to a business and using a card for the purchase, you should never share your cards information. Every day we take the risk that the business that we are using will treat our bank information securely. That risk will always be there. Again, know who you are talking to, working with, and paying.

6. Peer to Peer (P2P) Payments

This one is new to the current generation of scams where in people are getting scammed while using P2P platforms such as Zelle, Cash App, Venmo, and such. The P2P platforms are not scams, these are just the format in which the “baddies” use to get your money. Ultimately you have the power here. Just don’t send businesses money using these platforms.

Our best advice for avoiding a scam using the P2P platforms again goes back to doing your “due diligence”. The reason “scams” are hard to convict is because the “baddie” only talks people into giving away things. Usually they are after money. Then there are times when they want emails, leverage, or any number of things they can use to their advantage.