Cyber scammers have gotten so good at ripping us off in recent months, I no longer trust any text, call, or email message from a company — even when it’s legit. That might sound extreme, but I get at least one scam text, a handful of calls, and nearly a dozen fraudulent emails every single day.
I’m far from alone in battling this constant barrage.
A new AARP cybercrime study estimates that 229 million adults in the U.S. — roughly nine out of every 10 people — experienced an attempted fraud in 2020. Of those, nearly one in seven (33 million) lost money. (My own mom was among them earlier this year too.) The FTC and BBB report similar statistics.
To make matters worse, I’ve come closer than ever before to falling for a cyber scam in recent weeks. Me! A person who warns other people about cyber scams regularly!
Just the other day, I nearly let a cyber scoundrel get to the bad-guy equivalent of “second base,” by almost clicking on an embedded phishing link in an email. That’s just one of many ways crooks steal our private information and try to rob us blind.
Oh, and there’s more to this perfect storm of digital deception too. These skyrocketing rates of cybercrime come on the eve of what’s predicted to be the biggest online shopping season in history. So now we have to be even better at spotting the scams. #NoPressure.
It’s a tough job for sure, but one we turned to the best in the scam-busting industry to help us all out with. Here are the simplest ways to spot the scams…before it’s too late.
#1. GIFT CARDS
If anyone asks you to pay for a service or solve a problem with a gift card. It’s a scam.
Just ask the 80-year old woman who lost $13,000 a few weeks ago, when hit by the exact same tech-support scam that duped my own mom out of $2,000.
“Scams using gift cards as the mode of payment are dramatically on the rise,” Stacey Wright, VP of Cyber Resiliency Services at the Cybercrime Support Network and former Cyber Intelligence Analyst with the FBI says over the phone. “One in every four scams use them now since they’re an entirely untraceable payment method. No reputable person or agency will ever demand payment on the spot, especially not in the form of a gift card.”
Wright says gift cards help scammers succeed because as soon as they have the card information, they have access to the money loaded on the card, and then it’s theirs— no paper trail—and no way to recoup any money.
#2. URGENCY!
Whether you get hit with a fake pop-up ad blaring an alarm, like my mom and the woman who lost $13,000 did, or a Facebook scam pretending someone stole your account if there’s a sense of urgency to “do something right now or else,” it’s likely a scam.
“If I had just taken the time to slow down and be more present, I wouldn’t have looked past all of the red flags,” 40-year Mark Labriola II told me over the phone from his home in Centennial, Colorado. He lost $700 to a gift card scam that targeted him through his Facebook business account. “I was so frustrated because I wanted to post some ads, but it told me I was logged out, and couldn’t log back in, and I thought I had to solve this problem right away.”
Mark Labriola II warns others not to fall for the gift card scam that conned him out of $700.
Labriola, the founder of digital marketing and content creation company Brand Viva Media, created a YouTube video about the scam, even though he says he was “super embarrassed and kind of ashamed.”
The former American Idol alum is the last person you would expect to fall for a scam. Afterall, he’s totally tech savvy, and he’s not a senior citizen, a more typical target, though younger adults—age 18-24—now lose the most money to cyber scams according to the BBB and FTC.
Still, when he thought someone had taken over his business account, it created a sense of urgency and frustration. He used Facebook’s own Search tool to look up “Facebook Support.” That landed him on a public Groups page that scammers used to lure him into calling a phone number he thought was a real customer support line.
FYI, there is no Facebook Customer Service phone number that connects you to a real person. There used to be one that at least gave automated responses, but it doesn’t work at all anymore. “A lot of major companies have numbers that are dead now, and that’s intentional,” Wright explained. “Imposters and spoofing are so common, they want you to go to their website and use the little chat box or fill out that contact form on their page.”
Once Labriola was on the phone with the scammer, they made just enough sense to send him off to the store for gift cards to “verify his identity.” That’s the crooks’ whole goal, according to that AARP report, to “knock us off that solid cognitive foundation and into the murky and unpredictable world of passion and emotional reactivity.”
When Labriola realized he was being scammed, he connected with Facebook’s actual Help Center via chat, and was told, “sorry, there’s nothing we can do, sorry you got scammed,” he recalls. “Now I try to tell everyone I can that there are people trolling community support sites, just sitting there with their phishing poles out waiting for someone to bite.”
#3. PHISHING: DON’T TAKE THE BAIT
You know all those text messages, DM’s, and emails you get that ask you to click a link? They are ALL scams. One quick way to see this for yourself right away is to look at the URL address of the sender, which you can see if the photos I’ve screen-grabbed and shared here.
You’ve likely gotten a message pretending to be from Amazon, Costco, Wells Fargo, PayPal, Home Depot, or any number of others trying to get you to click on a link, in order to steal from you. Expect them to ramp up during this hot holiday shopping season too.
Or maybe you’ve clicked on a link in a Facebook ad that takes to a fake website that’s so close to the real thing, you don’t notice it’s “Walmart.con,” not “Walmart.com.”
If you get any kind of message asking you to click anything, just don’t do it, Wright says. Even Labriola triple-checked that I am a real person before doing an interview for this article. “When I got the email about doing this interview, I first looked at where it came from, what’s the URL, then Googled it, and then Googled you, because I’m thinking like, maybe it’s another scam,” he laughed.
Turns out a little paranoia is not only healthy but exactly what it might take to slow the scammers down.
#4. GIVEAWAYS, SWEEPSTAKES, PRIZES
You always see advice to be wary if something sounds too good to be true, but this holiday shopping season, there are some remarkable bargains and legitimate promotions. How can you instantly tell if it’s a scam, like the “free coat giveaway” that recently made rounds on Facebook — versus a legitimate win?
One way to find out is to Google it. If it’s real, the retailer promotes it, and trusted news sources often talk about it. For instance, PayPal is giving people the chance to win $10,000 and other prizes through December 19th, as a way to encourage people to use PayPal at checkout.
That’s real, and it’s pretty great. But when I first heard about it, I thought it was one of those “too good to be true,” scenarios. When I reached out to PayPal, they shared this advice for spotting fakes.
Here are some of the signs to help you spot a fake PayPal email:
- A generic greeting, like “Dear user” or “Hello, PayPal member.” We’ll never send an email with a generic greeting. We’ll always greet customers with their first and last name or the business name on their PayPal account.
- A request for financial information or other personal information Never share your bank account number, debit, or credit card number. We’ll never ask for those details via email.
- A request for account details. If someone asks a customer for their full name, account password, or answer to security questions via email, it’s not a request from us. We’ll never ask for details like that via email.
- A prompt to provide the tracking number of a dispatched item before receipt of payment. We’ll never ask for this information before a customer has received payment for the dispatched item.
- An invitation to update computer software. If an email includes a software update install, it’s not us. We’ll never ask you to install anything onto your computer.
#5. SHOP, SCROLL AND DEFEND LIKE A PRO
We’ve covered the advice that “assuming paranoia” is now a healthy way to respond to messages in all forms around “delayed shipping,” “call this number,” “click this link,” “unusual payment methods.”
Another major piece of advice? Learn to recognize phishing, spoofing, pharming, and other common tactics criminals use every minute of every day.
I turn to the FTC, BBB, ScamSpotter, Trend Micro, Norton, AARP, and others to help me sort it all out, and you can do that too. A few other fast and easy go-to bits of advice include:
- Go straight to a retailers address versus clicking on an ad in a Search Engine
- Look for a secure URL that includes HTTPS
- Avoid unusual payments methods, and use a credit card that protects you against fraudulent charges
“If they want me to call a phone number or click a link, I just don’t do it anymore,” Wright reiterates. “I’ll call the phone number on the back of my credit card, or call the retailer, power company, or IRS directly.”
Wright also says this is a conversation everyone should have with family when they gather for the holidays this year. “I hate that there are bad guys out there who want to prey on good people,” she adds. “It just fundamentally bothers me, and we all need to do more to stop them.”
