Posts

Two Common Government Employee Impersonation Scams: What to Watch For

One of the biggest threats that taxpayers are facing these days is an aggressive scam where criminals call victims and pretend to be IRS agents. The goal? To steal money.

All year but especially during tax filing season, the IRS will see a big surge in the number of scam calls, which tell victims that they will be arrested, deported, or have their driver’s license revoked if they don’t pay a fake tax bill.

How the Scams Work

These scammers make calls to people and claim to be from the IRS. They inform the victim that they have an unpaid tax bill, that must be paid immediately, either through a prepaid debit card or wire transfer. To make this sound even more legitimate, the scammers might also send a phishing email or make robo-calls to the victims.

To get the victims to pay, and to pay quickly, they make threats, as mentioned above. On top of this, they also can alter the number they are calling from through caller ID spoofing services to make it look like the IRS is actually calling. The scammers also will use badge number and IRS titles to make themselves sound more official.

The IRS is onto these scams, of course, and it has released information to remind taxpayers to be aware of them. For instance, a report from the Treasury Inspector General for Tax Administration, TIGTA, states that there are more than 12,000 people who have paid more than $63 million due to these phone scams over the past few years.

Recognizing an IRS Scam

There are certain things that the IRS will never do, so if you see any of these things, or you are asked to them, you can be sure that it’s a scam.

The IRS will NEVER:

  • Threaten to bring in local police for not paying your tax bill
  • Ask you to pay via a gift card or wire transfer
  • Demand that taxes are paid without question or the opportunity to appeal
  • Ask for debit or credit card numbers over the phone
  • Call about an unexpected refund
  • Call to collect money without first sending a tax bill

If you get a call from the “IRS” asking for any of this, hang up.

There are Social Security Administration Scams Out There, Too

The IRS is not the only government agency plagued by scams. People are also getting scammed by people claiming to be from the Social Security Administration, or SSA. The goal here is to try to get your Social Security number.

Basically, someone will call you and claim to be from the SSA in an attempt to collect your personal information, including your Social Security number. If you get a call like this, you should definitely not engage with the caller, nor should you give them any money or personal information.

One of the ways that scammers are so good at getting this information is that they try to trick their victims by saying their Social Security number has been suspended due to suspicious activity, or that it has been connected to a crime. They will ask the victim to confirm their SSN in order to reactivate it.

Sometimes, they might even go further with this and tell the victim that their bank account is about to be seized, but they can keep the money safe…by putting it on a gift card, and then sending the code to the scammer.

You might wonder why people fall for this, but it really is easy for these scammers to change their phone number to show the same number as the SSA on caller ID. But this is a fake number…it’s not really the Social Security Administration.

There is also the fact that the scammers will say that someone has used your personal Social Security number to apply for a credit card, and because of this, you could lose your Social Security benefits. They also might say that your bank account is close to being seized, and you must withdraw your money or wire it to a “safe account,” which is, of course, the account of the scammer.

Here’s some of the details about these scams that you need to know:

  • Your Social Security number won’t be suspended. You never have to verify your number to the SSA, either and the agency can’t just seize your bank account.
  • The SSA will never call you about taking your benefits or tell you that you must wire money to them. If you are asked for money from the SSA, it is a scam.
  • The SSA’s number is 1-800-772-1213, but scammers are using this to appear on caller ID. So, it looks legitimate. So, if you get a call from this number, hang up and call it back. This way, you can be sure you are talking about the SSA and get the information you need…or find out that someone was trying to scam you.

Do not give your Social Security number to anyone over the phone or via email…also, don’t give your credit card number or bank account number to anyone over the phone or via email.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

Florida City Pays Hackers $600,000 after Scam

Riviera Beach, a city in Florida, has agreed to pay a $600,000 ransom to hackers who attacked its network.

This week, the City Council voted to pay the demands after coming up with no other option to meet the demands of the hackers. It seems that the hackers got access to the system when a staff member clicked on a link in an email, which uploaded malware to the network. The malware disabled the city’s email system, direct deposit payroll system and 911 dispatch system.

According to Rose Anne Brown, the city’s spokesperson, they had been working with independent security consultants who recommended that they pay the ransom. The payment is being covered by the city’s insurance. Brown said that they are relying on the advice of the consultants, even though the stance of the FBI is to not pay off the hackers.

There are many businesses and government agencies that have been hit in the US and across the world in recent years. The city of Baltimore, for instance, was asked to pay $76,000 in ransom just last month, but that city refused to pay. Atlanta and Newark were also hit with demands.

Just last year, the US government accused a programmer from North Korea of creating and attacking banks, governments, hospitals, and factories with a malware attack known as “WannaCry.” This malware affected entities in over 150 countries and the loses totaled more than $81 million.

The FBI hasn’t commented on the attack in Riviera Beach, but it did say that almost 1,500 ransomware attacks were reported in 2018, and the victims paid about $3.6 million to the hackers.

Hackers often target areas of computer systems that are vulnerable, and any organization should consistently check its systems for flaws. Additionally, it’s important to train staff about how hackers lure victims by using emails. You must teach them, for instance, not to click on any email links or open emails that look suspicious. It is also imperative that the system and its data, and even individual computers, are backed up regularly.

Most of these attacks come from foreign entities, which make them difficult to track and prosecute. Many victims just end up paying the hacker because the data is precious to them. They also might work with some type of negotiator to bring the ransom down. In almost all cases, the attackers will do what they say and allow the victims to access their data, but not all of them do. So, realize that if you are going to pay that you still might not get access to the data. Ransomware simply should not happen to your network. If all your hardware and software is up to date and you have all the necessary components and software that your specific network requires based on its size and the data you house then your defenses become a tougher target. Additionally, proper security awareness training will prevent the criminals from bypassing all those security controls and keep your network secure as it needs to be.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

Scammers are Targeting Your Venmo and P2P Accounts

Do you use Venmo or other P2P accounts? If so, you definitely could be a target of scammers. Across the county, people are losing their cash, and it often happens so quickly that they don’t even know what’s happening.

You might think that you couldn’t be a victim, but scammers are often smarter and trickier, and they won’t hesitate to take advantage of you.

Here’s how they are doing it:

A stranger approaches you to use your phone. They have a sob story to make this scam more credible. You hand your phone over, they make it look like they are dialing, but instead, they are doing something else: swiping and searching your phone for “Venmo” and easily getting into your Venmo account and transferring money to themselves. People are losing thousands of dollars simply for being kind to a stranger.

Tips to Keep Yourself Safe

When using a P2P payment system, you should know that they all require access to your financial info. So, when you use them, make sure that your account settings are set in a way to ensure all of the security measures that you can set. In order to keep yourself safe from scams like this, there are some tips that can keep you safe.

  • Two step authentication. Access the menu, turn it on. This might include using PIN, a biometric log in, like a fingerprint.
  • Get the money out of your account. In most P2P apps, when you get a payment, the money is generally added to the balance held in the app. It doesn’t appear in your bank account until you transfer it or use it in another way. If you want to transfer money to your bank account, you should definitely make sure that the deposit went through. Just keep in mind that it could take a couple of days to transfer.
  • Pay only those you know well. Scammers know a lot of tricks, and they will find methods to trick you into paying them in ways you would never expect. So, if you are sending money from one of these apps or sites, make sure that you know the person you are sending money to. If you are using the app or site to get money from someone else, transfer the payment into your bank account and make sure it transfers before you send any goods.
  • Disconnect from Social Media: Finally, keep in mind that there are apps or sites might share your transaction information on social media. Check your social media settings because some of these settings might be set to share this info. Just make sure you are comfortable with what is going out on social media.

Bitcoin Scams Up the Ying Yang

If you are thinking of jumping onto the Bitcoin bandwagon, or any type of cryptocurrency, you have to make sure that you are watching out for scams. There are a ton of them out there, including the following:

Fake Bitcoin Exchanges

You have to use a Bitcoin exchange if you want to buy or sell Bitcoins, but not all of them are legitimate. Instead, many of them are created for the sole purpose of taking people’s money. Only use well-known exchanges.

Ponzi Schemes

Bitcoins are not exempt from Ponzi schemes, and you have to look out for these. These are like pyramid schemes, and you definitely don’t want to get caught up with this, as you will certainly lose your money.

Fake Currency

You have certainly heard of Bitcoin, but there are other cryptocurrencies on the market, too, as alternatives to Bitcoin. However, there are also fake ones. For instance, one of these, My Big Coin, was fake, yet the people behind it managed to take more than $6 million from customers.

Well-Known Scams

Bitcoin scammers also rely on old school, well-known scams to trick people. They might, for instance, send emails pretending to be the IRS or even having some type of Bitcoin sale. People fall for these scams every day. If it seems weird, like the IRS emailing about Bitcoin, it is most definitely a scam.

Malware

Malware is another associated scam with Bitcoin. Most, or all wallets are connected online, scammers can use malware to access the account and take your money. Malware can get on your computer in a number of ways, including from websites, social media sites, and even through email.

Fake News

We live in an era where online news is the most popular method to get news, but it’s also very easy to create news stories that seem totally legitimate, yet they are absolutely fake. Basically, scammers create these stories to bait victims, so always think before you start clicking.

Phishing

These Bitcoin scammers also use phishing scams to try to get money from people who are trying to buy and sell Bitcoin. These scams are often done by clicking malicious links.

It doesn’t matter if you join the Bitcoin craze or not, you can also use these tips to keep yourself safe from other scams. Here’s some final tips:

  • Always do a security scan on your laptops, computers, phones, and tablets on a regular basis.
  • Do your research before investing in any cryptocurrency website. Make sure it is trustworthy and secure.
  • Store all of your cryptocurrency in a wallet offline, which keeps it protected from scammers.
  • Always monitor all of your banking, credit card, and cryptocurrency accounts.
  • Always insist the crypto site has two step or two factor authentication.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

Top 10 Tips for Securing Your Mobile Devices and Sensitive Client Data

Do you have employees who bring mobile phones to work and use those devices on the corporate network? Do they store company data on these “Bring Your Own Devices (BYOD)”?? Does your company have a policy in place for this?

First, the moment a person brings in their personal phone to work, there is a fusion of personal and business tasks that occur. And, equally as bad, company issued devices are used for personal use as much, if not more than the employees own devices. Not sure you believe this? Here are some stats:

A recent survey asked 2,000 office workers about their habit of using their personal mobile devices at work. Here’s what it found:

  • 73% of people admit to downloading personal apps to tablets they got from their company.
  • 62% of people admit to downloading personal apps to mobile phones they got from their company.
  • 45% of people admit to downloading personal apps to notebooks they got from their company.
  • The people who were most likely to do this were in the 25 to 38-year-old age group.
  • 90% of people use their personal mobile devices to conduct business for work.

As you can see, a lot of people are using their mobile devices on the job, and this could not only put your company data at risk, but also the data associated with your clients. Do you have a plan to minimize or even totally prevent how much sensitive company data is wide open to hackers?

Solutions to Keep Sensitive Business Information Safe

Decision makers and business owners should always consider their personal devices as equal to any business device. You definitely don’t want your sensitive company information out there, and this information is often contained on your personal mobile or laptop device. Here are some things that you can do to keep this information safe:

Give Your Staff Information About Phishing Scams

Phishing is a method that cybercriminals use to steal data from companies. Studies show that it is extremely easy for even the smartest employees to fall for these tricks. Here’s how they work: a staff member gets an email with a sense of urgency. Inside the email is a link. The body of the email encourages the reader to click the link. When they do, they are taken to a website that either installs a virus onto the network or tricks the employee into giving out important company information.

Inform Your Staff that the Bad Guys Might Pose as Someone They Know

Even if you tell your staff about phishing, they can still get tricked into clicking an email link. How? Because the bad guys make these emails really convincing. Hackers do their research, and they are often skilled in the principles of influence and the psychology of persuasion. So, they can easily create fake emails that look like they come from your CEO or a vendor, someone your staff trusts. With this in mind, it might be best to create a policy where employees are no longer allowed to click email links. Pick up the phone to confirm that whatever an email is requesting, that the person who sent it is legitimate.

Teach Employees that Freebies aren’t Always Goodies

A lot of hackers use the promise of something free to get clicks. Make sure your staff knows to never click on an email link promising a freebie of any kind.

Don’t Buy Apps from Third-Party Sources

Apps are quite popular, and there are many that can help to boost productivity in a business setting. However, Apple devices that are “jailbroken” or Android devices that are “rooted” are outside of the walled garden of their respective stores and susceptible to malicious viruses. Make sure your employees know that they should never buy an app from a third-party source. Only use the official Apple App Store or the Google Play Store.

Always Protect Devices

It’s also important that you advise your employees to keep their devices protected with a password. These devices are easy to steal since they are so small. If there is no password, there is nothing stopping a bad guy from getting into them and accessing all of the accounts that are currently logged into the device.

Install a Wipe Function on All Mobile Devices Used for Business

You should also require all employees to have a “wipe” function on their phones. Even if they are only doing something simple, like checking their work email on their personal mobile device, it could get into the wrong hands. With the “wipe” function, the entire phone can be cleared remotely. You should also require employees to use the setting that erases the phone after a set number of password attempts.

Require that All Mobile Devices on the Company Network Use Anti-Virus Software

It’s also important, especially in the case of Android devices, that all mobile devices on the network have some type of anti-virus software.

Do Not Allow Any Jailbroken Devices on Your Company’s Network

Jailbroken devices are much more vulnerable to viruses and other malware. So, never allow an employee with a jailbroken phone to connect to your network.

All Employees Should Activate Update Alerts

One of the easiest ways to keep mobile devices safe is to keep them updated. So, make sure that all employees have update alerts enabled, and make sure that they are updating their devices when prompted or automatically.

Teach Employees About the Dangers of Public Wi-Fi

Finally, make sure your staff knows the dangers of using public Wi-Fi. Public Wi-Fi connections are not secure, so when connected, your devices are pretty open. That means, if you are doing things that are sensitive, such as logging into company accounting records, a hacker can easily follow. Instead, urge employees to use a VPN. These services are inexpensive and they encrypt data so hackers can’t access it.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Are you Scam Aware or a Sitting Duck?

You might have heard about all of the scams out there, and think that you are pretty scam savvy. But, the truth is, most of us aren’t, and even a simple phone call could get you caught up in a big scam.

One such scam occurs when criminals call random phone numbers and ask questions, such as “Can you hear me?” When you say “yes,” they record it. They then bill you for a service or product, and when you try to fight it, they say…but you said ‘Yes.’ Not only does this happen with private numbers, it also happens with businesses. So, you have to ask…are you aware of the possibility of scams, or are you a sitting duck just waiting to be targeted? HOWEVER, this scam is unproven. Meaning I don’t think it’s a scam at all. And the scam is that this is not a scam!

Do You and Your Staff Know What To Avoid?

Do you think your staff, or even yourself, knows what to avoid when it comes to scams?

  • It’s always a good idea to have some type of awareness program in place to teach your staff what they should avoid to avoid becoming a statistic. Phishing training and social engineering information should be a part of this.
  • Do you think you or your staff would know if they fell for a scam? To teach them, make sure to give them a general, broad view of various scams and avoid being too specific. Instead, broaden the perception they have of various attacks.
  • If someone on your team was the victim of an attack, would they even know what to do in that instance? It is important to have a “scam response plan” in place.

Reporting Scam Attacks

It is essential that your team understands how to report a scam. Whether that scam is a physical security scam, such as someone wearing a fake badge and gaining access to the facility or a cybersecurity incident.

It’s also important for you to realize that some people might not even want to report these incidents. They might not feel as if it’s a legitimate concern, or they might even feel stupid that they fell for it, so they hold the information back. Others might feel as if they are being paranoid, or feel as if it’s not a valid concern. Make sure your team realizes that we all make mistakes and you want to hear about it, no matter what.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Top 3 Social Engineering Scams

Think about hackers breaking into accounts. If you think they need top-notch computer skills, you would be wrong. These days, instead of requiring skills behind a keyboard, hackers generally rely on strategy…specifically a strategy called social engineering. This means that hackers don’t have to be technical, but they DO have to be clever and crafty because they are essentially taking advantage of people and “tricking” them into giving information.

There are four main ways that hackers use social engineering:

  • Phishing – where hackers use email tricks to get account information
  • Vishing – similar to phishing, but through voice over the phone
  • Impersonation – the act of getting information in person
  • Smishing – getting account info through text messages

Phishing accounts for 77 percent of all social engineering incidents, according to Social Engineer, but in vishing attacks, alone, businesses lose, on average, $43,000 per account.

Here are the top scams that all consumers and businesses should know about as we move into 2017:

Scam Using the IRS

Starting from the holiday season stretching through the end of tax season, there are scams involving the IRS. One such scam uses caller ID to change the true number of the caller and replaces it with a number from Washington, D.C., making it look like the number is from the IRS. Usually, the hacker already knows a lot about the victim, as they got information illegally, so it really sounds legit.

In this scam, the hacker tells the victim that they owe a couple of thousands of dollars to the IRS. If the victim falls for it, the hacker explains that due to the tardiness, it must be paid via a money transfer, which is non-traceable and nonrefundable.

BEC or Business Email Compromise Scam

In the business email compromise, or BEC scam, a hacker’s goal is to get into a business email account and get access to any financial data that is stored within. This might be login information, back statements, or verifications of payments or wire transfers.

Sometimes a hacker will access the email by using an email file that contains malware. If an employee opens the file, the malware will infect the computer and the hacker has an open door to come right in.

Another way that hackers use the BEC scan is to access the email of a CEO. In this case, they will impersonate the CEO and tell the financial powers that be that he or she requires a wire transfer to a bank account. This account, of course, belongs to the hacker not the business. When most people get an email from their boss asking them to do something, they do it.

Ransomware

Finally, hackers are also commonly using ransomware to hack their victims. In this case, the hackers are working towards convincing targets to install dangerous software onto their computer. Then, the computer locks out the data and the victim cannot access it…until he or she pays a ransom.

At this point, they are informed that they can get access back when they pay a ransom. This might range from a couple of hundred to several thousands. Usually, the hackers demand payment by bank transfer, credit card, bitcoin, PayPal, or money transfer services. Victims are usually encouraged to go to a certain website or call a certain number Unfortunately, too often, once the victim pays the ransom, the hacker never opens up the system. So now, the hacker has access to the victim’s computer and their credit card or financial information.

The way social engineering works in this scam is varied:

One way is this…imagine you are browsing the internet, and then you get a popup warning that looks quite official, such as from the FBI. It might say something like “Our programs have found child pornography on your computer. You are immediately being reported to the FBI unless you pay a fine.” When you click the popup to pay, the program actually downloads a program called spyware to your computer that will allow the hacker to access your system.

Another way that social engineering works with ransomware is through voice. In this case, you might get a phone call from someone saying they are from Microsoft and the representative tells you that they have scanned your computer and have found files that are malicious. Fortunately, they can remotely access the machine and fix the problem, but you have to install a program to allow this. When you install it, you give them access to everything, including personal and financial information, and they can do what they want with it.

Finally, you might get an email offering a free screen saver or coupon, but when you open it, the software encrypts your drive and takes over your computer.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Ransomware a $2.5 Million Service

One bitcoin = $590.

11DIf you’re sucked into a ransomware scam, you’ll likely be charged at least one bitcoin for the cyber key to unlock your computer’s files—that are being held hostage by hackers.

A report from Check Point Software Technologies and IntSights has discovered a gigantic ransomware-as-a-service (RaaS) ring, raking in $2.5 million yearly. Eight new scam campaigns are launched every day, with dozens of campaigns already in action, tricking people into allowing the ransomware software (namely Cerber) to take control of their computer.

Just in July, it is believed that victims were cleaned out of $200,000. Ransomware specialists have become quite sophisticated, having developed what is called bitcoin mixing: This prevents ransomware profits from being traced. Their technique bypasses even the blockchain, which is a database that records every Bitcoin transaction.

The crooks so not pool all of their profits into one “wallet,” but rather, they mix things up, splintering the profits into thousands of different wallets, creating a jumble that makes it impossible to track individual transactions or their origins.

Cerber is being sent out with automated tools that attack the unsuspecting in large masses; no longer is this ransomware software the weapon of only the highly skilled master hacker. In fact, the software can even be rented for malicious use, and a high level of tech savvy isn’t even required.

All a thief need do is get on the Dark Web and pay a hacker to commit the crime. Of course, the hacker will have to get a nice chunk of the pie. Though several other countries are getting hit harder with Cerber, the U.S. is in the fourth spot for the most targeted country.

Not surprisingly, the phishing e-mail is the scam of choice for ransomware specialists, with malicious attachments that recipients are tricked into opening—which then download the infection. The other way that Cerber takes control of computers is via the exploit kit-based campaign.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Beware of the Jury Duty Scam

Imagine getting a call from someone identifying themselves as a federal court official or U.S. Marshal, informing you that your arrest is imminent unless you pay a cost—all because you failed to respond to a jury summons (which you don’t remember getting). I’d like to think that you’d immediately smell the rotten scam here and hang up, but unfortunately, many adults fall for this jury duty scam.

10DFirst off, let me get it off my chest: Who the devil ever heard of being arrested or fined for not responding to a jury summons? This farce isn’t even depicted in any of the slew of crime and law dramas that have been on TV for decades.

But the scammer relies on inducing enough fear in the targeted person to win them over. These scammers are sophisticated and even have call centers, says Melissa Muir, quoted in an article on uscourts.gov. She’s director of Administrative Services for the U.S. District Court of Western Washington. She points out that a federal court will never call someone and make threats or demand payments.

So if you hear what sounds like a bustling call center in the background of the call, assume this is staged to make the call sound official.

So what is the federal court’s response when someone ignores a jury summons?

  • The court clerk’s office will contact you.
  • You may be required to appear in court before a judge.
  • At the court, the judge may order that you pay a fine—but not before you’re given the chance to explain why you failed to appear for your jury summons.

If you get a fraudulent call, do not give out any information; hang up. Call your local court clerk’s office or the U.S. Marshal’s Service office for peace of mind: Check if you really did miss a jury summons, but chances are extremely high, and I mean higher than a kite, that the call was a scam.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

How to prevent IRS scams

Once a thief knows your Social Security number…you’re at very high risk for having your identity stolen.

Computer crime concept

Computer crime concept

A report on bankrate.com says that the IRS is warning of a cyber attack on its electronic filing PIN application. Thieves infiltrated it with malware in an attempt to claim other people’s refunds as their own. Over 450,000 SSNs were involved, and over 100,000 of them enabled the hackers to access an E-file PIN.

Endless scams are directed towards SSNs, like the classic phishing attack. A phishing attack basically goes as follows:

  • An e-mail arrives with an alluring or threatening subject line, which may actually be a warning to protect your SSN.
  • The e-mail looks legitimate, complete with logos and privacy information at the bottom.
  • The hacker’s goal is to get you to fill out a form that includes typing in your SSN.
  • The FTC warns of a “Get Protected” subject line for the latest scam. This scam e-mail mentions the “S.A.F.E. Act 2015” that protects against fraudulent use of SSNs.
  • Like many phishing e-mails, the “Get Protected” one contains fake information.
  • These e-mails include a link that, when clicked, will release a virus, or take you to a website that will download a virus or lure you into revealing sensitive information.

Three Ways to Get Scammed

Most people make important decisions based on emotion. Cyber thieves know this, and they prey on fear, greed and generosity.

  • People aren’t thinking straight when emotions are ruling. Logic gets swept under the rug. There’s pressure to act quickly, such as helping the scammer (who pretends to be a grandchild of the victim) who was in an accident: wire money asap. Natural disaster scams prey on the desire to give. The emotion of greed is manipulated in “You’ve Won!” and inheritance scams.
  • Of course, before the fraudster plays with emotions like a cat playing with a mouse, he first gains your trust, pretending to like the same things you do, whatever it takes so that you don’t question him.
  • Scammers are adept at appearing credible, such as tricking your caller ID into showing “IRS” or the name of your bank in the ID field. They may have a snazzy website up, a “badge number,” noise in the background to simulate a call center, even a fake accent.
  • Remember, scammers are pros. It’s going to seem legitimate.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention.