That Random Text Message Could Cost You

We’ve all been warned for years about cyber criminals trying to steal our passwords and personal information to gain access to bank accounts or steal our identities. Phishing and smishing attacks—sending fake emails (phishing) or texts (smishing) that seem to be from reputable companies to get us to reveal personal or financial information, click on suspicious links, or download harmful software—are, unfortunately, commonplace today.

But these types of attacks aren’t the only ones threatening to empty our wallets. The Federal Trade Commission reports that more than 46,000 people fell victim to cryptocurrency (a.k.a. “crypto”) scams, losing more than $1 billion in the 18-month period from January 2021 to June of 2022, and that number is on the rise. 

But, wait, you say, “I am not a millionaire, so I am not a target for these scammers.” Think again. 

Crypto scams are on the rise, and they are targeting individuals at all levels of our society. It can be as simple as a “wrong number” text that starts the “game” and ends with you losing big. In fact, the threat has become so widespread that Senator Diane Warren (D-Mass.) recently introduced a bill, the Digital Asset Anti-Money Laundering Act, which aims to make it easier for government regulators to track suspicious activity around crypto and shut down scammers. 

The Best Defense Against Crypto Scammers

Being aware of the types and scope of crypto attacks can be your best defense against falling victim to these scams. The more you know about it, the better you will be at spotting the clues and determining that “something’s not right.”

First, let’s start with some basics about crypto.

Crypto 101

Crypto is digital currency—it only exists online. There is no physical asset. There are multiple types of crypto, with the most well-known being Bitcoin and Ether.

Crypto can be purchased electronically (using your computer or phone) through an exchange, an app, a website, or a cryptocurrency “ATM.” There are also other ways to purchase crypto which involve solving complicated puzzles. Once purchased, crypto is stored in a digital wallet from which you can spend or invest your money.

The major drawback with crypto is that it is not regulated and there are no legal or government protections for those who put their money into it. So, if you fall prey to a password breach or other type of fraud, there is no recourse.

Types of Crypto Scams

There are many types of crypto scams, so awareness is key to avoiding them. Watch out for the following:

  • Celebrity Enticement. Social media messages from celebrities promising to multiply any crypto you send to them are a typical scam. Think about it, would Brad Pitt or Oprah Winfrey really be looking to partner with you? 
  • Too-Good-To-Be-True Investment Opportunities. When an investment manager contacts you “out of the blue” with promises of big payouts if you invest in crypto, it is often a scam. Also watch out for those offering “free money” or guaranteeing unusually large returns on investment. 
  • Romance. The number one way scammers lure their victims is by promising romance. Scammers use dating websites to lure victims into believing they are in a romantic relationship. There have even been reported cases in which scammers send a “wrong number” text message to an individual, strike up a conversation, and develop a romantic relationship. Then, when trust is established, the scammer urges the victim to invest in crypto with them, with the victim transferring cryptocurrency or account information to the scammer. This story from the San Francisco Chronical shows you how easily the average guy can fall victim to scammers.

Once the scammer draws you in, false reports of huge gains keep you, the investor, “on the hook” and wanting to invest more money. Unfortunately, it is when you try to withdraw your money that the scam is revealed. Then it is too late.

The Bottom Line

No matter who you are or how much—or little—money you have, you need to be aware of the types of scams out there. 

Watch the news or read about scams on the internet so you know what to look for. 

Be vigilant—or even a little suspicious—at all times. Never click on unsolicited links in email or text; never give out account information (through email, text or phone) without verifying that the receiver is who you think they are (i.e., your bank, your credit card company, etc.), and even be wary of romantic partners looking to help you invest.

Finally, think! If it sounds too good to be true, it usually is.

Gone Phishing: Protect Your Business from Phishing Attacks

Turn on the television news and you’ll likely hear about malware, ransomware, and other cyberattacks that extort millions of dollars from international corporations, small businesses, schools, and individuals alike. We hear about these “breaches” at an alarming rate. 

One of the fastest growing types of cyberattacks is phishing. Some experts estimate that up to 83% of all cyber security incidents involve phishing—and that number is increasing, as is the sophistication of the phishing techniques.

So how can you protect yourself and your business from falling prey to these scammers? First, let’s look at what phishing is and how scammers get to us, then let’s talk about the ways to protect against it.

What is Phishing?

Phishing is a form of social engineering, a cyberattack that manipulates or “reels in” people (humans) into sharing sensitive information (i.e., account numbers, social security numbers, passwords, etc.) that hackers can use to steal money or create fake identities.

Phishing attacks are typically carried out through email, phone, text, and social media. Hackers pose as legitimate organizations and “bait” users into clicking links to malicious websites or revealing personal information. For example, a phisher may send an email that appears to come from your bank, telling you that there is a problem with your account and urging you to click a link to talk to a representative or to fix the issue. In fact, this type of attack is often referred to as “cloned phishing” as hackers try to duplicate or clone an actual email used by the bank in order to reel the user in.

Social Media Attacks

Another example of phishing scams that affect small businesses is social media attacks—also called “angler phishing.” Many small businesses rely on social media platforms to advertise and sell their products and services. Social media platforms like Facebook and Instagram are popular and inexpensive ways to market a small business. Unfortunately, they are also easy targets for hackers.

Angler phishing scams can include fake URLs, bogus profiles, or phony instant messages. For example, a user may receive a fake notification that there was a problem with one of their posts or an instant message request from known contacts. Once the user clicks on a malicious link, a hacker can take control of the user’s account and hold it for “ransom.” The user cannot access the account and must either pay the ransom to regain access or start all over again, losing the site they’ve built and the audience they have worked so hard to attract. It can cripple an entrepreneur and kill a business.

How to Protect Against Phishing

With phishing attacks becoming more frequent and phishing tactics becoming more sophisticated, it is crucial to guard against them. Nothing is fool proof, but there are things you can do to mitigate your risk. For example:

  • Installing up-to-date security software and firewall protection is the first line of defense. Things like two-factor authentication and password management can go a long way in protecting against vulnerabilities.
  • Since phishing baits the end user—human beings— to gain access to systems or sensitive information, training employees how to spot phishing attacks can help prevent breaches. Awareness is key to avoiding a phisher’s bait. Some “warning signs” and best practices include:
  • Avoid posting personal details on social media (i.e., birthdays, addresses, phone numbers, etc.)
  • Look for odd or non-standard URL and email addresses
  • Look for misspellings, language differences, grammar mistakes, or things that catch your attention
  • Only open attachments from trusted sources
  • If you get an email about an account (i.e., bank account, utility account, subscription, etc.) don’t click through the email. Instead, verify the information by calling the organization or by going to the organization’s website and signing into your account as you typically do
  • Never give account numbers, credit card information, or other sensitive data to unsolicited phone callers
  • Never reveal personal information over email or in text messages

Phishing attacks can severely damage or even kill a business. Even scarier, they are becoming more frequent and more sophisticated. If you’re not taking steps to prevent a phishing attack, you are leaving yourself and your business open and vulnerable. 

Don’t get caught in a phisher’s net. Make sure you are protected with the latest software and prevention tools. Contact CloudG to get started.