Five Online Scams You Should Learn to Avoid in 2018
Not everyone can be a successful scammer. First and foremost, you need to be completely ruthless. Swindling people out of their hard-earned cash is for those who don't feel sorry for the harm they cause. There's more to it than that, though.
With time, scams get old, people learn about them, and they learn how to avoid them. If they're going to keep the fraud going, scammers need to change and adapt the cons in order to stay one step ahead. Many of them do this, and it's sometimes quite astonishing how clever their schemes can become. Listing all of the really elaborate ones is not possible, but today, we'll tell you about five scams that have been doing the rounds lately and are rather easy to fall for.
Give me that code, and I won't reset your password. I promise.
First reported about four months ago, this one seems to be highly targeted, and the chances of encountering it in the wild are not huge. If you do happen upon it, however, you can easily fall for it.
The following tweet shows what the user sees:
This is the most CLEVER phishing scam I’ve ever encountered and for a second it almost got me.
Here’s how it works: they ask you to send them the password reset code they have requested gmail send to you, claiming it will stop someone’s access but in fact it just lets them in. pic.twitter.com/OUCbw4BmqU
— Tiller, but he brave sometimes (@_thp) March 31, 2018
Several things happened here. First, the crooks managed to obtain the victim's email address and phone number. Then, they sent the first text message lying to him about a password reset request that doesn't exist. Obviously, the victim doesn't want his password changed, so he replies with "STOP." It is at this point that the crooks actually initiate a password reset procedure. To complete it, however, they need a six-digit code which is sent to the victim's phone. They ask politely for it, still trying to impersonate Google's automated system, and the idea is that the victim will be fooled.
In this particular case, it didn't work out, but it's not difficult to see how the whole scheme could work on many occasions.
Use this link to pay for the car. It's completely safe.
This scam has actually been going on for a while now, and recent reports suggest that it's not going to stop any time soon. On July 10, for example, ABC7 told the story of Frank Piaia, a Luxembourger who really wanted to buy a pickup truck from the States without actually going there. He stumbled upon an online ad, got in touch with the seller, and negotiated a bargain of a price.
The seller sent Frank a link and told him to use it to send the money to Edmunds who will keep it in escrow until the truck is delivered. Frank followed the link, sent the money to what he thought was Edmunds, and waited. Then, a friend of his tipped him off that the price was simply too good to be true, and Frank got suspicious. He got in touch with Edmunds who told him that they've received no money from him, that they don't even offer escrow and shipping services, and that he was most likely the victim of an elaborate scam. The link the seller had sent led to a fake website designed to look like Edmunds'.
Frank's bank stopped the transaction in the nick of time, and he managed to escape unscathed. The scammers were very close to earning themselves more than $34 thousand, though.
I know what you've been watching. I also know your password.
Reported by Brian Krebs last week, it's one of the most recent email scams we've seen.
It's a message which allegedly comes from a hacker who has infected your computer with malware. He/she did it, the email says, through an adult website you visited, and he/she now knows what you've been watching. Some recordings have also been taken from the camera of your device, and they will be sent to all your friends and relatives if you don't send a certain amount of cryptocurrency to a specific address mentioned in the email.
Users have heard this story before, and they're not very likely to fall for it. One sentence found in the recent emails, however, might send them scrambling for their cryptocurrency wallets:
"I’m aware that [a real password that in many cases is still used by the victim] is your password."
It's easy to see how the victim could be fooled into thinking that their computers really are infected with malware and that the threats aren't completely unfounded.
In actual fact, the password you see in the email was breached years ago, and the hackers just found it, along with your email, on the Internet. They haven't installed anything on your computer, and they don't have any recordings from your web camera.
Mixing social media and cryptocurrency. What could possibly go wrong?
This one seems to have affected a relatively small number of people, but it's elaborate enough to deserve a mention. Ashley Grieg, a Malaysian lecturer, fell victim to it not that long ago, and later reported the unpleasant experience.
If you're targeted, people will start seeing articles detailing how you've become rich and famous trading bitcoins even though you might not have traded bitcoins at all. Scammers scrape your personal information and photos from your social media profiles, and they then use them to put together a bogus story saying that you've amassed a fortune buying and selling cryptocurrency. The story will then be put on a website that looks like a legitimate news source and will be shown to your Facebook friends via ads. The idea is that they will click links which will help them follow in your footsteps. Ashley's report doesn't clarify what the said links contain, but we can bet that it's not something nice.
Quite apart from the fact that your friends and relatives are put at risk, this particular scam is a brutal invasion of privacy, and it can once again serve as a reminder of how dangerous sharing too much information is.
Celebrities are giving away cryptocurrency on Twitter. Or are they?
You are most likely aware of this one. Although it started off quite a few months ago, it's still going strong, despite the numerous media reports.
You probably follow more than one celebrity on Twitter, and you enjoy seeing what they have to say. Upon opening one of their tweets, however, you see another one, seemingly coming from the same celebrity. It's an attractive proposition. Apparently, the rich and famous have too many digital coins to play with, and they're willing to give some of them away to their loyal fans. All you need to do is send a fraction of the amount you're about to receive to the address mentioned in the tweet.
None of this is true, of course. The giveaway tweets come from bogus accounts that use the same name and profile picture as the real ones. There is no cryptocurrency that is about to be given away. There are, however, too many bots that Twitter needs to delete.
These are just five of the online scams you need to look out for. Indeed, you are more likely to be targeted by something that's much simpler and a lot easier to avoid. Nevertheless, the elaborate nature of the cons we see above shows that you must be vigilant when you're online.