While we have no data to support how frequently the average American crosses paths with an attempted scam, personal experience leads us to think that it’s a minimum of once a day. A Bankrate survey released early this year reveals that about 1 in 3 U.S. adults experienced some kind of fraud or scam in the last 12 months, with 37% of those experiencing scams actually losing money.
At Asylas, we spend a lot of time thinking about large-scale cybersecurity issues–business risk assessments, security program and policy development, and incident response planning. But within our own lives and among our own friends and family, we are all too aware that everyday scams can cause lasting damage too.
When scammers come up with new ideas that work, they often proliferate quickly. This makes recognizing their patterns a little bit easier, if you’re willing to pay attention. Here are some everyday scams we’re seeing all the time.
Smishing
The act of sending fraudulent SMS (text) messages is known as “smishing.” It’s a form of social engineering attack where hackers send texts purporting to come from real companies or government entities. They’re usually written to make the receiver feel as if they’ve committed some type of wrong that needs to be righted quickly.
An unrelenting wave of “unpaid toll” texts has been hitting cell phones across the U.S. for the past year or so. Practically everyone has received one (or ten), even if they don’t live or travel in a state with toll roads.
The “unpaid tolls” in these texts are almost always very small dollar amounts. But they come laced with the threat of damage to your credit report and suspension of your driver’s license or car registration. The small dollar amount relative to the threatened consequences makes this the kind of problem that most people are more than happy to pay to make go away.
Researchers studying unpaid toll scams have found tens of thousands of registered domains for smishers posing as toll and package delivery services. Toll scammers benefit from the fact that it’s easy to trick users with their URLs–even legitimate toll domains vary widely. And researchers’ efforts to take these domains offline are often overtaken by the scammers, who can easily register thousands more domains each day.
Twenty-three percent of Bankrate survey respondents who lost money admitted that they sent funds directly to their scammer or paid for a phony service. While it might not be a big deal to be out $6.99 for a fake toll, the scammers have nabbed something even better–your credit card information.
Text messages aren’t the only place to watch for smishing style scams. Services with in-app messaging may also be hijacked by fraudsters.
If you’ve ever used AirBNB, you know that the service has a strict policy that guests and hosts only communicate via their platform. There’s a good reason for this–off platform communication is often the source of fraud. A friend of Asylas recently booked an AirBNB for her family’s summer vacation. She paid and communicated with her host via the app. But several days later she received a series of urgent messages telling her about an “issue” with her booking details.
Because she’s a friend of Asylas and a person alert to fraud, she knew right away that this was a scam. She alerted her host that their account had been hacked and did not visit the fraudulent site that was listed.
Gift Card Fraud
Gift cards sold in grocery and drug stores are a convenient way for consumers to purchase holiday and birthday presents for their loved ones. Some businesses even offer incentives for making gift card purchases in their stores. Unfortunately, gift card fraud is on the rise. The FTC reports that gift card scams led to $228 million in losses in 2023.
In one scheme, thieves scoop up a pile of gift cards and acquire the redemption numbers and PINs. Before they return the cards to the shelves, they also scratch off the bar codes, making them difficult for the buyer (or gift recipient) to redeem. The cards are then purchased by unsuspecting consumers and loaded with funds at the point of sale. Scammers check the balances on the cards they altered frequently and then drain the funds as soon as they appear. (The Today Show offers a good explainer.)
Retailers that carry gift cards are working to combat this type of theft. Kroger stores have altered their gift card displays to make it difficult to remove gift cards from their hangers and impossible to return them once removed. The hope is that this small change will slow down thieves in the picking up of gift cards and signal to consumers that improperly displayed gift cards have likely been altered.
Retailers are also adopting new signage that reminds consumers that gift cards cannot be used to pay a government agency. About 1 in 4 people who lost money to fraud and reported it to the FTC said that they paid with a gift card. Scammers request payment via gift card because it’s hard to trace. In addition to the signage, many retailers are training employees to ask questions about large gift card purchases and pass their scam knowledge on to consumers who may be at risk.
Who is Vulnerable
No one is completely immune to scams, but certain groups are more susceptible. Age, education level, and income are all factors when evaluating who is most likely to fall for fraud.
Gallup reporting shows that adults with no college education are about twice as likely as college graduates to say they have been victimized by a scam. And households earning less than $50,000 per year are twice as likely as middle- and upper-income adults to report having been scammed.
Over 70% of both Baby Boomers and Gen Xers have experienced a financial scam in the last 12 months. While both Millennials and Gen Zers have experienced scams at rates just above 60% over the same time period. Interestingly, Gen Z appears most likely to have lost actual money in a fraud scheme.
How to Protect Yourself
It’s not fun walking around feeling suspicious all the time. But to some degree, skepticism is your friend when it comes to every interaction on the internet and every financial transaction in the real or virtual world.
Here are some steps you can take to protect yourself from fraud:
- Avoid clicking on suspicious links or opening suspicious emails.
- Enable two-factor or multi-factor authentication on all accounts, especially those related to your money.
- Check your credit report regularly.
- Shred sensitive documents before disposal.
- Research and stay up to date on common scams.
- Set up spam filters on your phone and email services.
- Report suspicious activity or charges to your bank.
- And, above all, stay friendly with the folks at Asylas and keep reading our blog posts!
Need help integrating social engineering recognition into your cybersecurity training? Reach out to Asylas at 615-622-4591 or email info@asylas.com. Or complete our contact form.
