Fraud Prevention for Suckers: Phishing Scams

To say our lives have been digitized would be an understatement. Between online shopping, account credentials, and more, our personal data has become increasingly valuable. Consider the Twitter breach in July 2022 that allowed personal data of 5.4 million users to be stolen, or the September 2022 Uber hack by an activist that gave him access to customer payment information and locations. It should come as no surprise that fraud prevention is a perpetually hot topic.

But it isn’t always a hacker that gets access to our data. Sometimes it’s an Average Joe that takes advantage of the uninformed by using a tactic called phishing. Phishing scams come in the form of emails and telephone calls in which an individual pretends to be from a certain company to coerce someone into providing sensitive information, such as a social security number or credit card number.

How to Identify Phishing

It’s important to learn how to identify phishing scams (before you make a huge mistake). Here’s an example of a phishing scam that my dad received by email:

From: John Maryline [mailto:[email protected]]

Sent: Friday, February 16, 2022 1:21 PM

Subject: Your ATM Cards Released.

Attention: This is to inform you that we have agreed to release your fund valued at USD $5.8 Million which will come to you via ATM Cards. Please do re-confirm your information as below to avoid wrong delivery. Forward your information to the delivery office here: [email protected] and instruct them to send the card to you immediately.

Full Name (Receiver):_____,

Country of Resident: ______,

Office/Home Street Address: _____,

Nearest Airport: _____,

Mobile Phone Number: _____,

Identification papers (Passport copy or ID card) which you will present it before delivery is made: _____

Thank you for understanding and may God bless you.

Yours faithfully,

Mr. Mark James

Email: [email protected]

My dad sent Mr. Mark James / Mr. Maryline (did you notice that the top of the email identifies the sender as one and the signature line is that of the other?) the requested information and then forwarded the email to his entire company telling them that he quit.

No, my dad is not really an idiot.

My dad did send the email to his company, but everyone knew he was kidding. And no, he didn’t really reply to the email he received from Mr. Mark James / Mr. Maryline.

Phishing is Everywhere

There’s a sucker born every minute, as the saying goes, but good, smart people are fooled every day. Want to know how to identify a scam email? You should definitely learn. Why? Because in 2021, phishing accounts for 90% of all data breaches, and phishing attempts grew 61% since 2021.

Instances of fraud among the elderly are especially rampant, and the last thing you should do if your elderly loved one falls for a scam is to blame or shame them. Instead, take a more proactive approach in their education about fraud prevention.

How to Talk to Loved Ones About Scams and Fraud Prevention

Sid Kirchheimer, writing for AARP, interviewed Anthony Pratkanis, a social psychologist at the University of California, Santa Cruz. Pratkanis noted, “When protectors take over finances or lecture parents about their mistake, it plays right into the scammers’ hands by threatening the target’s independence.” In other words, as Pratkanis said, “[F]or scam victims to admit they were wrong means they’re stupid and unable to take care of themselves.”

Some scams are harder to detect than others, and some perpetrators are experts at what they do. Don’t blame the victim.

There are things you can do to protect you and your loved one’s personal data ahead of time from fraudulent scams. For example, as Kirchheimer counsels in his article:

1. Don’t just tell them to hang up or throw out the letter. Have a talk about why.
2. Try some reverse psychology. Kirchheimer states, “If you become aware that an aged parent is playing a sweepstakes or making a ‘double your money’ investment, ask how you can do the same. Psychologists say this tactic sometimes prompts a warning—your parent doesn’t want you to lose money, too. That’s your cue to ask, ‘Then why do you do it?’ This could start a conversation that helps the parent come to terms with the scam.”
3. Consider setting up online access to their bank and credit card accounts and check their credit report regularly. It’s generally easier to fix problems when you discover them sooner.

[Editors’ Note: If you or a loved one do fall victim to fraud, you or they can call the AARP Fraud Fighter Call Center at (877) 908-3360 for help.]

Can You Detect a Scam? Identifying Phishing Examples

Some scams are harder to detect than others, and some perpetrators are experts at what they do. However, there are some pretty obvious red flags that make a scam more identifiable.

1. Emails or Calls that Ask for Personal Information

Computer help desks do not have to ask you to read information from your computer screen if they are already monitoring your computer and calling you to tell you that something is wrong.

Banks, credit card companies, and other financial institutions do not email you asking you to sign into your account using a link contained in the email. An “important update on your account” will never require you to update your personal information through a link. In these cases, it is probably best to pick up the phone and call your bank to verify the email and update the information by phone.

If you ever get an email like the one here, for example, you can be sure it is not really from Bank of America.

Fraudulent emails that purport to be from a company, by the way, rarely use email addresses that end with the company name. The one above, for example, was sent by someone using a “comcast.net” email address. Learning how to identify phishing examples takes practice, but some are easier to spot than others. For example, Bank of America can afford a custom email domain and will not send emails from domains such as Gmail, Hotmail, Yahoo, or AOL.

Use a site like domaintools.com to find out who owns which domain name. Companies with domains ending in “.edu” or “.gov” are usually much more reliable than those ending in “.com,” “.org,” and “.net.”

2. Bad Grammer… er, Grammar

Emails written with typos or bad grammar are most likely fraud. And if you’re buying products online, check the grammar on the seller’s product listings. Grammatical errors on product listings are a good sign that English isn’t the seller’s first language. While not all international sellers are scammers, be cautious and do a background check on the seller to confirm that they’re not selling you any counterfeit goods. If you want to know how to identify a scam email, start with a quick grammar check.

3. Emails with Big Promises

If a company emails you promising “big winnings,” like a free trip to Fiji or a free iPad, or if they ask you to “enter your email and password so we can send you further information on how to collect your prize,” it is a scam.

The Secret Service offers these tips for determining telemarketing fraud:

1. High-pressure sales tactics
2. Insistence on an immediate decision
3. Too-good-to-be-true offers
4. A request for your credit card number for any purpose other than to make a purchase
5. An offer to send someone to your home or office to pick up the money (or another method such as overnight mail to get your funds more quickly)
6. A statement that something is “free,” followed by a requirement that you pay for something
7. An investment that is “without risk”
8. Unwillingness to provide written information or references (such as a bank or names of satisfied customers in your area) that you can contact
9. A suggestion that you should make a purchase or investment on the basis of “trust”

4. Emails with Generic Greetings

First impressions are everything. If an email starts with “Hi,” “Hello,” or doesn’t refer to you by name, you should be cautious. If you are a Bank of America customer, for example, then it’s likely that Bank of America will greet you by name.

5. No Contact Details

If an email signature doesn’t have proper contact details, then it may be a scammer. Reputable companies will leave their contact information, such as an office telephone number and extension. If the email just has a person’s name and a potentially fake title, you should probably reconsider.

6. Threatening Language

You may have seen the Youtube videos of scammers that call random numbers pretending to be from the IRS or a sheriff’s department. They claim that the person is in trouble and must provide their bank account information to avoid arrest. Urgent and sometimes threatening messages or phone calls can be a major sign of a scam.

In addition, if an email has attached photocopies of account “evidence” or government documents, it’s important to know that photocopies are not legitimate forms of verification.

Be Part of the Solution

If you receive a phone call or email that you think is a scam, and if you have a few extra minutes, you may want to check out one or more of these resources:

• Report Fraud: Report fraud, scams, and bad business practices to the Federal Trade Commission. Find out how you can protect yourself and help stop fraud.
• The National Do Not Call Registry: The National Do Not Call Registry is managed by the Federal Trade Commission (FTC), the nation’s consumer protection agency. Sign up, and legitimate phone solicitors should stop calling you. This will not, however, stop scammers.
• There are also paid and unpaid services (including apps) that you can get. Examples include Hiya Caller ID, Nomorobo Robocall Blocking, and RoboKiller.
• Kitboga: He is a fun YouTuber who wastes scammers’ time for entertainment

In the end, if don’t know how to identify a scam email, or if you fall for a scam, don’t beat yourself up. Seek help immediately.

Always think twice before sharing your personal information with anyone or clicking on any attachment to any email you may receive.

The best fraud protection is common sense. Consider freezing your credit and using credit monitoring and identity protection services; use very strong, long (and different) passwords on each of your financial accounts; and, when it comes to inbound calls or emails, follow that old rule: don’t talk to strangers.

---

Did you enjoy the article? We have several related webinars that can help you learn more about how to better protect yourself and your company online:

• Cybersecurity & Data Privacy Series
• Data Privacy Compliance

For more information about our on-demand webinar series, click here.

---

This is an updated version of an article originally published on September 5, 2019. ©2023. DailyDAC^TM, LLC d/b/a/ Financial Poise^TM. This article is subject to the disclaimers found here.