New Scams in Town: Protect Yourself From Financial Fraud in 2024
Recent financial fraud statistics prove that traditional con artists have seamlessly transitioned into the digital realm alongside us. The trends indicate that the most dangerous new scams in town are often the reinvigorated, sophisticated, and shockingly convincing recycled versions of old scams.
That’s right—all of those notorious “Craigslist hacks” are back, but they’ve become better, sharper, more accurate, and more convincing than ever. According to the FTC, one in four people reported losing money to scams during 2023. An email was the #1 contact method for scammers.
In the past, one could easily detect phishing emails. Most were unsophisticated, contained grammatical errors, or looked odd. However, modern shysters have scaled up. They increasingly use new AI tools to set their traps. They’ve even designed their own set of evil tools to create well-designed, impeccably styled materials to commit their scams. It can be impossible even for experts to tell the difference between fake and authentic messages.
Scammers Use AI Tools to Reinvigorate Old Scams
Who hasn’t experienced a momentary shock seeing a message that “Your account has been suspended” or “Your payment has failed“?
Scammers aim to stir shock, curiosity, and the fear of missing out (FOMO) on great opportunities in their victims, spurring them into action. For example, It’s hard to resist an email that says, “Your account has been compromised. Click here to secure your account immediately.” And who doesn’t enjoy receiving money or goods? “Here’s your gift voucher” sounds tempting to click.
It’s standard procedure for a business to track payments for orders or goods. A “You’ve received a payment” message with an official-looking logo could have you clicking a malicious link in minutes. However, it might just be one more example of a long list of PayPal scams.
The Three Most Dangerous Attack Vectors for Financial Fraud in 2024
A complete list of all the popular scams would cover hundreds of pages. For example, there are chargebacks, refunds, or failed payment scams. There are invoice and money request scams. Overpayment scams abound on payment platforms such as PayPal. Fake surprise deliveries, discount vouchers, and prize winnings are highly effective scam bait, as are “package rerouting” or “reshipping” scams.
However, most scams rely on these three cheap and easy attack vectors to commit mass financial mayhem on individuals and businesses worldwide.
1. Phishing and Smishing Attacks
The new golden rule is always to regard emails as mere notifications. Don’t use a shortcut or link in a message if you receive an email from an unknown sender, especially with an alarming message. Here’s what to do instead:
- Check the sender’s email address. The display name may look legitimate, but do a “mouse-over” by hovering your cursor over the address. If the sender’s address does not correspond with the company’s known domain name, it’s a phishing email. Remember to do the same for all hyperlinks in browser search results, website links, and email or text message links. If the URL doesn’t quite match the context, be careful. It may be a false link to a fake or malicious website.
- Don’t click login links or shortcuts in emails. Instead, type the entire domain name into your browser search bar to go directly to the (supposed) sender’s website address.
- Check browser search results carefully. Hackers use typosquatting (making tiny changes to a “real” domain name) to mislead people. For example, they could change Facebook to Faceb00k, which is easy to miss if you’re in a hurry.
- Additionally, hackers often use Black Hat SEO to boost their fake sites to the top of the search results. You can combat the dangers of malicious websites using an advanced VPN with threat protection abilities. It analyzes all sites and compares them to a list of malicious sites. If the website that comes up in search results is suspicious, the threat protection feature will block the page and display a warning message.
- Check that the site is secure (HTTPS, not HTTP), and look for a lock icon in the browser heading. Then, navigate to the login page.
- Use a password manager to log in. A fake site can fool you, but it won’t fool your password manager! If the password manager does not recognize and trust the website, it won’t show you your login details.
2. Distrust Hyperlinks Everywhere, Including Your Own Business Website
Fraudsters are misusing hyperlinks in new ways. According to a recent research paper, a specific set of mistakes or oversights while building or maintaining a website can set an unintentional trap for your website users. The result is millions of unintentionally “hijackable hyperlinks” across the web. Some even appear on the websites of large companies, financial firms, and the government, and you may even have a few on your own business website.
Programmers Typing Mistakes:
Programmers sometimes accidentally mistype web addresses in their code. For example, a link to the New York Times (nytimes.com) might accidentally link to nytims.com or something similar.
That incorrect name represents a new domain, often the one that has yet to be claimed or purchased.
These “available” domains are called phantom domains. If a hacker discovers this mistake on your website, they can snap up the phantom domain for a few dollars. Their next step is to set up a spoof of the original. Fake websites could trick people into revealing personal information or even instantly deliver malicious scripts.
Programmer or Marketing Team’s Oversight:
Incorrect links to phantom domains plague thousands of small and medium-sized businesses. Developers often use templates with placeholder domains for the initial web design, expecting their client’s marketing team to fix the links later. If your team misses it, it could impact your website ranking and reputation.
3. The Myth of Trusted Attachments and Trusted Senders
You’ll have heard that you should “never open unknown attachments from people you don’t trust.” But that’s a feeble warning. Even if you trust a person, they may have just been infected by malware and may be passing it on to you without either party being aware.
Almost any attachment can contain malware, including PDFs and Microsoft Notes.
Safe file sharing will become far more important in the near future. There are many far safer and better ways to share documents and data than sending it via email. You can start by installing an antivirus or get an advanced VPN with threat protection to scan files before downloading them.
Protect Your Business – Heed the Refrain
A very long list of globally significant companies have learned firsthand that prioritizing cybersecurity is good for their reputation (and bottom-line profit). That’s why they avoid emailing their clients with unsolicited attachments or links. They also warn their clients not to interact with emails that use generic greetings or convey a false sense of urgency.
These digital rules protect the privacy of employees and clients. Every business, regardless of size, should practice them daily and look for ways to extend the protection to their clients.