How Can We Help?

Protecting Yourself from Scams and Identity Theft

Created On
You are here:
← All Topics

Social Engineering is where the hacker tries to get the victim to provide personal information that can be used to access accounts, provide sensitive information that can be used to steal your identity or even voluntarily pay the hacker money.

Some common methods used are Phishing (email), Smishing (SMS) and Vishing (Calls/Voicemail).

Smishing is becoming more prevalent as most people use texting messaging to communicate as much as they use email.

Generic From and To Identifiers

  • Messages from people you do not know
  • Messages from people you know, but are requesting something that they would not ordinarily request of you
  • Messages sent at odd hours/dates (business emails sent when that business would normally be closed)
  • Business emails sent from public email domains such as gmail.com, yahoo.com etc.
  • Messages sent to you and a group of other people that you do not know
  • Email message that are sent to you and there are other variations of your email address in the To: or CC:

Content Identifiers

  • Anything that sounds too good to be true
  • Anything that sounds overly alarming or tries to create a sense of urgency
  • Threatening language of any kind
  • Request for payment in Bitcoin or other electronic currency
  • Messages that claim you did something that you know you did not do
  • Emails that claim to know your password
  • Someone you know has been kidnapped, arrested or in the hospital and needs money
  • Your device has a virus other than from antivirus software you installed on the device or came with the device
  • Poorly written messages with bad grammar and misspellings, especially if from a business (Text messages from your kids don’t count here)
  • Hyperlinks with misspellings or not the same as to what you normally use

Government agencies may contact you and request to call them back, but they will never request personal information in an email, phone call to you or text message. The government has on record most of your personal information.

If you receive a message that they need you to contact them, look up the office phone numbers or email address on line and contact them at that address.

Government websites and email addresses will typically end in a .gov extension, which is controlled by the government. Some states may have an address that ends in xx.us (where xx is the states initials), these are less common theses days.

Some common government scams

  • messages that your benefits may be affected in some way and prompt you to login or change your password
  • messages that you will not receive money or refund owed to you if you do not provide information to them

Companies you do business may contact you and request to call them back, but they will never request personal information in an email, phone call to you or text message. These companies have all of your information already.

If they request you to contact them, do not use the information in the message. For credit/debit cards you can usually find their number on the back of the credit card. For other businesses, go to their website or call them on the phone.

Some common business scams

  • messages indicating suspicious activity or log-in attempts and want you to login or change your password with a link in the message. Most systems will send you an alert and prompt you to login only only if it was not you.
  • messages claiming there’s a problem with your account or your payment information and want you to login or change your password. Most systems will alert you, but not prompt you to login with a link in the message.
  • message to confirm some personal information. This usual only occurs during an account creation. If you did not recently create an account then most likely this is a scam
  • messages that include a fake invoice
  • messages that contain a voicemail in a PDF document
  • messages to wire or bring money
  • messages to pay by gift card
  • messages wanting you to click on a link to make a payment
  • messages offering free stuff

Personal scam try to use your emotions and or relationship with other to convince you to send money or provide personal information

Some common personal scams

  • messages that someone you know has been kidnapped and needs money
  • messages that someone you know has been arrested and needs bail money
  • messages that indicate the have your password and incriminating video of you
  • messages that your email account has be compromised or that you need to change your password where the email address they indicate is for a service you do not use or the email address is incorrect

There are several things you can do to protect yourself.

Never…

  • Never give out your passwords
  • Never give out your Social Security Number
  • Never give out accounts or credit card numbers

Password Etiquette

  • Passwords should be at least 8 characters long
  • Use a combination of lowercase, uppercase, numbers and symbols
  • Use pass-phrases instead of passwords
  • If the websites you use offer multi-factor authentication, turn it on. Multi-factor authentication require you to enter a secondary authentication code (that changes each time you login) that is sent to your email or cell phone or via an app. This makes it almost impossible for someone to access your account even if they have a password.
  • If you are bilingual, use a combination of the two languages
  • Avoid using things can find out about you from public sites/databases
    • Family members names
    • Parts of date of births
    • Pets names
    • Favorite sport teams, actors etc
    • Nick names

You received a message you suspect is a scam

  • Contact the person or business directly using either a website you know belongs to them or their phone number.
  • Do not use the information in the message
  • Do not click on links in the message
  • Do a search on the Internet to see if other have reported a similar or identical scam
  • Don’t open attachments from people you do not know or do business
  • Check links via LinkChecker: https://www.psafe.com/dfndr-lab/

What if I already gave out account numbers, personal information or passwords?

  • Go to any sites that you use that password for and change the password immediately
  • If you gave out credit card information, contact the issuer intermediately and cancel the card
  • Contact the credit reporting agencies and freeze you credit reports with them.
  • Monitor you credit reports, credit card accounts and bank accounts for any suspicious activity.
Tags: