Imagine receiving a call from the IRS informing you that you owe taxes and must immediately confirm your social security number or face criminal penalties. Or you get an email stating that there is a warrant out for your arrest, and the only way to get out of it is by sending money.
If you have a phone or email address, you likely regularly receive scams like these. And that’s what they are: Scams. They are messages from cybercriminals who are attempting to trick you into taking a certain action or giving your personal information away. These cyberattacks are not like the sophisticated ones you see in spy movies, though. Instead, they generally occur through a simple email, phone call or text message. And they’re rising in frequency especially during a time like now, when the world may be distracted, uneasy and even more vulnerable.
According to Business Insider, in addition to the trillions of dollars that cyberattacks cost businesses, individuals lost over $57 million in 2019. Even more recently, Americans recorded $7 million in losses to COVID-19 related fraud in only the first nine days of April!
Why should I especially look for cyber-scams right now?
$1,200 stimulus checks are being sent to millions, the IRS is changing tax filing deadlines, and federal and state governments are continually sharing evolving guidance. With all of this uncertainty and constant need for information, one common feeling – whether it is an essential worker on the front lines or an individual that has recently become unemployed – is stress. Hackers love an environment with stress because they can target our emotions and vulnerabilities, deceiving us into clicking a bad link or responding to an email or phone call.
Generally, hackers go after three emotions: fear (You owe taxes, due immediately!); excitement (Congratulations, you have won a free cruise!); and curiosity (You have received a new friend request!). If you ever receive an email that causes one of these emotions, it should be a red flag.
How do hackers attempt to steal information?
While this simple blog will not list all of the methods used by hackers, here are some of the most common types that you may encounter:
- Smishing: Hackers may send infected links by text message to your phone. For example, you receive a text message from an unidentified number that says something like “check this out!” followed by a link. Clicking the link could lead to an infected website or a site designed to trick you into providing account information. The hacker is assuming that you will be curious enough to click the link.
- Vishing: Hackers may call your phone pretending to be a government agency, bank or company that may store your sensitive information. Generally, they will provide negative news, such as “Your bank account has been shut down; please provide your social security number to verify your account so it can be restored” in hopes that you actually give it to them.
- Phishing: Hackers send you an email directing you to an affected site, manipulating you to download an infected attachment, or tricking you into giving away account information. For example, you receive an email from someone pretending to be Facebook, and when you click the link, it takes you to a fake Facebook website asking you to confirm your account password. If you fell for this, the hacker would now have access to your account.
So how do I protect myself?
Here are some steps you can take to protect against the growing threats of online attacks, especially during this COVID-19 crisis when hackers are more active in trying to secure sensitive information.
- Always check with the source. For example, if you receive an email from the IRS informing you that you owe taxes and you must click a link to confirm, do not click the email link! Instead, go to the government agency’s website – whether it’s the IRS or another one – for information on how to contact the agency directly. The same goes for banking sites and social media sites like Facebook. If you receive an email that you have a new friend request on Facebook, do not click the link in the email. Instead, visit the Facebook website and log into your account like you normally would.
- Be careful with links within emails even when it appears to be from a known source. Even when you believe an email is legitimate, ALWAYS take your mouse and hover over (DO NOT CLICK) the links in an email. Generally, you will be able to see where the link is actually taking you right below your mouse’s cursor or at the bottom of your email screen. Hackers can make a link look like it is going to a legitimate place like a government site when it can actually take you to an infected site. For example, you receive an email with a map of COVID-19 infections and a link that says cdc.gov. However, when you hover over the link, it is a long link name and does not end in .gov like federal government websites. That’s a clear sign that it’s not authentic.
- Avoid “Spoofing.” A common tactic by hackers is “spoofing.” This occurs when you receive an email that looks like it is from your bank, coworker, family member or the government. However, the hacker simply changed their email to appear like it is legitimate. This tactic also applies to phones as hackers can make the number appear in your caller ID as an authentic phone number, such as the number of a friend or relative. As stated above, always check with the source. If you receive an email from a family member that may be suspicious, ignore the email and call your family member to confirm whether they actually sent it.
- If there is any doubt, do not click. Being cautious, going directly to the source rather than responding to the call or clicking the email, can save you from the preventable attacks. REMEMBER, the government or any company with your information will not initiate contact with you to obtain your personal information – they already have it! The IRS even has a page dedicated to the various scams that it is aware of. If you are interested, please visit the following link – https://www.irs.gov/newsroom/tax-scams-consumer-alerts.
Using technology can be intimidating, especially with the presence of cybercriminals. However, it is important to remember that most of these attacks are preventable. Fighting the temptation to click on that email that says you won a free vacation, or contacting the IRS directly rather than responding to a suspicious call, can go a long way in protecting yourself against cyberattacks.
David Danielson is the Compliance and Privacy Officer for Catholic Charities New Hampshire.