Psst: CISOs and experts, this is one of our beginner-oriented articles! If you're looking for more advanced material, we recommend a dive into the blog archives!
Picture this: you're scrolling through your inbox while committing some light time theft at work (scrolling while in the bathroom doesn’t count anyway) and suddenly, you see it: a message from your "bank", "Paypal", or "Patreon" telling you that there's been some suspicious activity on your account.
On the one hand, yikes! Better click the link and secure your account.
But wait a second…you read a blog about this on time (thank you): is it really from who it says it’s from? Or is it a scam? We’re here to keep you on your toes and break down different types of security scams so you can be better informed and protect yourself (and your company) from falling victim to them.
The first rule of fight club is NEVER click the suspicious link.
Inside of you (the internet) are two wolves (security scams): phishing and refund scams. Phishing is when a malicious actor (and we’re not talking about Willem Dafoe) poses as a genuine entity or person via phone call, email/text, message, or social media with the goal of collecting personal and financial information such as payment information, account numbers, debit cards and bank account numbers.
Classic refund scams are when you get a call telling you that your card has been charged for a tech service and thanking you for your business. When you say that you didn't buy any tech service, they offer to refund the money to your account.
During this process they make it seem as though they transferred extra money across (no money is actually transferred) and then threaten/beg for users to send them back the difference in the form of a wire transfer or gift cards.
Avoiding these scams are simple; don't provide personal or financial details to any phone call or emails, don’t click suspicious links, and always keep your operating system up-to-date! Your social security number will thank you.
The second rule of fight club is literally just don’t click the link we already told you this
As technology becomes more pervasive, cyber criminals have become increasingly sophisticated in the ways they target people with malicious scams. While it can be difficult to recognize phishing, hoaxes and other malicious emails, there are usually some tell-tale signs that you can look out for. For one, pay attention to the email address that sent the message, investigate any hyperlinks or files included in the message, and verify any requests for personal information.
Basically, when Frankie Valli said, “you’re just too good to be true...” we really felt that: if an offer or link in an email or message seems too good to be true, it probably is. We’re sorry to say that your boss probably isn’t emailing you from a slightly misspelled email address legitimately offering you a 150% reimbursement if you just go out and purchase 20 Amazon gift cards for them.
When your cybersecurity spidey senses start tingling, it’s usually a good idea to exercise caution and research further to make sure that it isn't a scam.
How to practice safe cyber security in an ever changing world
The only way to truly protect yourself 100% is to practice safe sex. Wait, wrong blog.
In the ever expanding digital age, it's important to take every precaution to protect yourself from security scams. If you get a message from your bank or anywhere suspicious, open your browser and go directly to the company website rather than clicking links from texts or emails.
Also, we advise you stay up-to-date on security news and expert advice (shameless plug to follow our blog if our witty charm and casual yet engaging educational vibe hasn’t compelled you already), turn on two-factor authentication software whenever it’s an option, use malware protection methods, and always sharing personal information online.
Now that you know what phishing, hoaxes, and scams are, as well as how to identify them, you can protect yourself and your team from these types of attacks.
Reminder: Stay away from dangerous links.
If you want to learn more about our innovative, engaging cybersecurity training, let’s talk! Get in touch with us.