At some point during your digital life, online or off, you have been subjected to at least one scam. Perhaps you have received a phone call from someone purporting to be “Microsoft Technical Support” telling you that they discovered a problem with your computer, or you received an email from an unknown source that asks you to fill out the attached form. Perhaps you have even had someone try to tell you that they are your technical support inside your workplace, looking for your login credentials. These scams, and many others, are a nuisance at a minimum and a danger to yourself or your organization’s data and business at worst.
Usually, these scams intend to either gather information for later use in some attempted breach or to get you to give enough information to allow the perpetrator to steal your money. In some cases, the scam is intended to enable the theft or misuse of sensitive information, such as military or governmental operations or plans. In some cases, corporate espionage is another goal, causing loss of profits and intellectual property.
There are several ways that these scams are perpetrated: Email, phone, messenger applications, in-person, social engineering, and others. If you have not been explicitly trained to recognize an attempt, it can be very easy to fall victim.
What to look for
Generally speaking, if someone uses any method to approach you for information that you know is sensitive, such as your Social Security number, login information, physical access protocols for work, or other institutions you visit, then you are likely the target of an attempt. If someone you don’t know tries to get you to authorize their remote access to a computer, phone, tablet, or other digital devices, then this might also be a scam. Two specific things to look for are:
- With emails, look for things that might be ‘off’ about the text, sender, address, etc. If it is an email sent to multiple people but targets a ‘specific’ computer or set of data, then it is likely you should notify someone of a potential problem.
- Phone calls from technical support that were not asked for are likely attempts to access your system. If you give them access, they can look at your data, steal information, install software, or even move to another system or server within your connected network. Spyware installed during one of these sessions can gather the information necessary to access your financial institutions or track your Internet activity without your knowledge.
What to do if you think you are being scammed or have been
Think smart, act smart.
If you think you are the victim of a scam or might be, the first thing to do is stop talking or allow access to your digital system (computer, phone, tablet). Disconnect the system, if possible, from the network so that no more information or access is possible. If you are using a system in your organization, notify the IT department or IT security folks that there may have been a breach.
Notify the authorities. Local police likely do not have the resources to investigate. Still, they can forward the information to those who do and will maintain a record in case other locals are targeted.
If you think your personal credit information or medical information has been compromised, notify the pertinent organizations and agencies immediately. This could stop someone from using that information to steal your money, commit fraud against you, and other problems. You may even need to close accounts or change your Social Security number. Monitor your credit reports for at least a year after the potential loss of information.
Even if you made a mistake and allowed the perpetrator to access or give them information directly, tell someone anyway. The ability to immediately respond to a scam or breach is paramount in any effort to reduce the effects of a potential breach. Not reporting could cause the loss of your job, and your finances or even end in jail time and fines.
