A Survivor’s Tips for Avoiding the Latest Digital Scams
scam /skam/ (def): a dishonest scheme; a fraud.
fraudster / frȯd-stər/ (def): one who intentionally engages in deceit or trickery; a person who is not what he/she/they seem to be.
An Unfortunate Reality: The Rising Tide of Digital Scams in Today’s Inter-Connected World
To this day it never ceases to amaze me how many people on this earth professionally dedicate themselves to the business of fraud. Whether it is their full-time job or simply a “side hustle”, the sad fact of the matter is that there are millions of people who have taken up the vocation of being a Fraudster: someone who generates personal income by stealing other people’s money through scams.
At what point did these peoples’ lives go so far off course? I don’t know. But no matter, these Fraudsters are out there working – harder than ever these days – to prey on the weak and/or unaware and scam them for their own financial benefit.
I’ve been the target and victim of such scams, which have ranged over the years from email-based to phone-based to online account hacking. At each turn I have been fortunate enough to avoid them – sometimes very, very narrowly – which has helped me better identify them. And after hearing numerous stories of many a good-hearted person whom has been a victim of these types of scams – which led to fiscal and/or health-related hardship a direct result of being defrauded – I’ve personally begun to try and share what I’ve learned to help people avoid these types of scams when and where they can.
Two Key Ingredients of any Good Digital Scam
If the best Fraudsters had a Pinterest page sharing best practices in how to digitally scam victims, I feel we would find two common ingredients in their “recipe for success”:
- Appear trustworthy
- Create a sense of urgency
A Fraudster must appear to the victim as someone who is telling them the truth. Quite often, they will attempt to appear as a legitimate brand-name organization to which the victim is likely a customer and would most likely trust.
I feel Fraudsters have really stepped up their game here in the ‘Trustworthy’ department as of late. For in the last several months alone, I’ve received a continual stream of emails, phone calls and/or text messages from what appeared to be the likes of PayPal, UPS, FedEx, US Postal Service, Netflix, Avis, Amazon, and Coinbase that all looked trustworthy on the surface.
Sense of Urgency
Urgency is key. A Fraudster must create a reason to act, and a reason to act now. And I’ll have to give it to them, Fraudsters have gotten pretty good at fabricating this sense of urgency around wanting you to give them your financial information. Below is a quick list from one of my personal email accounts over the last six months alone. You can see that each email has employed these two tactics fairly well:
On the surface, each of these emails looks legitimate. The sender’s name looks trustworthy. And each of the email subjects are well designed to create some panic in the victim to get them to address an “urgent” situation ASAP. Their ‘hooks’ are phrases such as:
“Your Account is on Hold”
“We’ve Detected Unusual Activity on Your Account”
“Your Package Will be Sent Back”
Each of these phrases put a small pit in my stomach and inspire a knee-jerk reaction to take action and immediately fix the issue. And that is exactly what the Fraudsters want: their goal is to prey on a victim’s emotional weakness in the moment and get them to act urgently – before the victim comes to their senses and realizes the scam. If this were a discourse on Fraudster KPIs, I would bet that one of the most important KPIs is the speed with which victims respond to their scam email: the faster a victim responds and more quickly coughs up their credit card and/or bank information (likely in a heightened emotional state), the more successful a fraudster is with their scam.
Digital Scam Survival Tips
Should you find yourself on the receiving end of an ‘urgent’ message about an issue with one of your online accounts, I highly recommend you step back for a moment, take a deep breath, and employ one or more of these tips below to investigate the supposed ‘issue’. Because the reality is that a Fraudster may in fact be trying to scam you.
Tip 1: Dig a Little Deeper
Upon further inspection of any of the above emails, there are a few ways to determine a potential fraud. Let’s take a look at an example.
Fraud Email Sample: “Your Account is On Hold” Netflix Email
I have a big family who views Netflix as a staple of our TV streaming app library so getting a message about our Netflix account being put on hold represents a mini family crisis! But there are a couple of standard things I check in order to preliminarily sniff out fraud.
1) Physical Email Address
Fraudsters were keen to give their fake email a name, in this case ‘Netflix’. But recognize: email ‘Name’ is different from the physical email address. Think of ‘Name’ as a description or nickname for the actual email account. And in the event of one of your legitimate contacts in your digital contact list, it would typically be first and last name helping you identify the sender of the email. Here, the Fraudsters are exploiting the email ‘Name’ field and putting in the name of a legitimate company to hopefully earn your trust. But the physical email address is what you want to check. And upon further review, the physical email address does not look legitimate.
For one, the physical name is completely garbled. Given that Netflix is a $30B global streaming and entertainment company, I could hardly image the head of customer service signing off on having customer service email accounts sent to its customers with the physical name of ”2flhlfjpyaohuux-dxekw-btcdbsoydidtvtm”. So this is the first red flag.
Secondly, the domain from which the email is coming from is not Netflix. Any legitimate email coming from a company of this pedigree would be coming from the company’s domain ‘@netflix.com’. But in this case, this physical email address is coming from ‘@llcqatar.com’. This is the second red flag.
2) Website Address where they are trying to get you to go
In any of these fraudulent emails, most often the end game for the Fraudster is to have you click on a call-to-action button that will take you to their personal website and have you give them your credit card or bank information. So another good item to check is the website where that big button is looking to take you. Here it is a large, aesthetically pleasing button – in the official Netflix red color scheme – that says ‘Update Account Now’. Upon hovering over the button (without clicking it), your browser can show you where that button is trying to take you. And in this case, the ‘Update Account Now’ button is looking to take me to ‘http:/t.co/bxJ6Db8R8j…’, which is not a website under the ‘nextflix.com’ domain. This is a third red flag.
Tip 2: Triangulate
Another tip I strongly recommend is to go into your on-line account – outside of this supposed ‘urgent’ email from the online merchant – and independently check your account status. That means do not click on any button in the email in question, but rather go to an independent browser session and login directly to your own account. Should you have an account truly locked or an expired credit card, for example, any reputable online merchant site would likely prompt you upon login that something requires your attention. If you see nothing and your account appears to be in good standing, then it most likely the email you received was a fraud.
Tip 3: When in Doubt, Hang Up
If an ‘urgent’ email, text or voicemail is asking you to call a phone number, and you are somehow unable to triangulate the situation and feel compelled to call to investigate, I highly recommend that you ask up front for them to verify THEIR organization, specific credentials, and your account specific details for you. And if you are doubtful of their legitimacy, I recommend hanging up. Here are two examples of me surviving two separate phone-based scams:
1.Credit Card Account “Frozen”
I encountered a phone-based scam where I received a voicemail about one of my bank’s credit cards that was supposedly ‘locked’ and would be closed unless I called them back ASAP. When I called the number, before I allowed the person to start their routine, I asked the representative what bank they were from, to which he responded, “We are your bank which holds your credit card”. A generic response was the first red flag. To that response I then asked, “Well, okay, can you share with me the type and number of the card where we have such an urgent issue?” To which he responded, “It’s your Visa, American Express, Mastercard”. This second generic response was another red flag. After several more attempts to have this “representative” confirm the identity of the bank and/or any of my account information, he kept regurgitating the same generic answers. So I hung up. It was a fraud.
2.”Express” Rental Car Pickup
I recently got a phone call while overseas from someone who presented themselves as a representative of a reputable global rental car company who wanted to help me ‘speed through’ my rental car pick-up the following day. I had reserved a car with this company, so it
seemed legitimate at first. This “express” checkout process seemed liked overkill, but I had never been in this country, so for a moment I took the bait and thought it may be a common practice there. I asked for them to confirm my reservation #, which they did, so they clearly had some legitimate information. But as they continued, they started to sell me on additional features and insurances. I had already pre-selected these options on my reservation, so this was the first red flag. The prices also sounded exceptionally inexpensive, and also not in line with what I recall seeing on the website a month or so earlier when I reserved it, so this was the second red flag. At this point I felt I knew where this was going: they had some of my info, but needed the rest, so they were driving the conversation to get my detailed credit card information (which by the way, was also already attached to my reservation). This was the third red flag. Before we got to that point, I abruptly shut down the conversation by saying I would deal with all of this tomorrow and just hung up.
Well wouldn’t you know it? Twenty-four hours later, I got a fraud alert on my phone detecting suspicious card activity – which my bank declined – that my bank wanted me to verify. It was a $6,000.00+ charge for ‘INTERNET SERVICE & EQUIPMENT’ that was attempted several hours after I spoke with this Fraudster. Thankfully my bank flagged it and declined it, which I confirmed with them it was fraudulent. I can only imagine that if I had given the Fraudsters what they wanted – my full credit card information including expiration date and CVV number – that this could have ended very differently, and with a lot more stress and headaches for me the victim to manage through this card theft issue with my bank.
The moral of the story is: in ANY situation in which your banking, credit or other financial account information is involved, any legitimate merchant or bank has a strict protocol regarding how to manage your personally identifiable information (known as ‘PII’) as well as any of your financial account information. If it doesn’t feel right, don’t hesitate to abruptly end the conversation. Don’t worry about explaining or justifying why: you are the customer here. And if there truly is an issue requiring your attention, any legitimate merchant or financial institution will continue to reach out – via legitimate means – to connect with you about it.
Other Helpful Resources to Sniff out Fraud
I’ve shared some of these stories with both friends and colleagues, who have shared some of their methods to navigate suspected fraudulent situations. Another helpful form of triangulation, for example, is taking the phone number and/or company name in question and adding ‘scam’ at
the end of it in a simple Google search (e.g., “[fill in company name] scam email”). This can quickly uncover any social media/blog forum chatter and uncover information about current scams going on, how people have identified them, and what they are doing to avoid them and/or shut them down. Also, most legitimate merchants have dedicated Fraud departments, and often have either specific fraud emails and/or online forms on their website to report instances when you feel you are being scammed. These vendors also often offer their own tips and tricks on how to spot and avoid these scams.
Being the proverbial prey of a targeted scam can be a stressful and highly life-distracting ordeal. I hope some of my thoughts and experiences help you feel better equipped to both identify and avoid them. And please don’t hesitate to share what you’ve learned on this topic with your network. For we all can benefit from one another’s insights to help us avoid becoming the next victim of digital fraud.