I received the text in the screenshot above just yesterday. Behind it was another upsetting story about online scams.
This kind of scam happens all year long but is more prevalent during the U.S Tax season. A couple of friends asked me for help on this matter in the past week alone. Most of the time, though, when you realize you need assistance, it's kind of too late.
This post will explain the stages of a scam and how you can avoid it.
The three stages of an online scam
Computer experts tend to categorize online scams into many different categories, like romance scams, phishing, bank fraud, etc.
But they are all just one type: They trick you into believing in something that's not real to get your money, sometimes a lot of it. The scams can be so elaborate; it's hard to blame you.
Here are the three parts of how a scam work.
1. The hook
At this stage, you're presented with a startling or compelling message that urges you to take action.
The message can be an email, a text, or even a real phone call. Keep in mind that anyone's email address or even phone number can be spoofed. This means when you receive a message that appears from a known source; there's no warranty that it's actually come from that particular party.
The action can be various things, such as sending your personal information via email, downloading/installing software on your computer, or calling a number.
The scammers design the message to trick you. They pretend to represent an entity you can trust, like the IRS, a big company, a charity, or even someone you know.
The content of the message might vary, but it's always urgent, alarming, scary, or enticing. It even makes noise or ejects your computer's DVD drive to prove its point. It plays on one's vulnerabilities, including gullibility, anxiety, and greed.
"How did this happen to me? I didn't do anything!" you ask.
It doesn't take much to run into a message like that. And, if this makes you feel better, it happens to me quite often.
For one, we give out our email address to different people, companies or institutions -- we have to. That's how communication works. And, for example, if one of those got hacked, your email address is now in a bad guy's hand.
Another common way is fake websites. Scammers set up a temporary site using an address that uses a common typo of a popular legitimate website, such as wellfargo.com, microsof.com, etc. Or it can use a random domain with a link embedded to an email sent to you, and you click on it.
The bottom line is, don't worry about why and how a scam hook appears in front of you. Just don't bite!
And by that, I mean, do not follow any request or demand that appears on the screen, no matter how compelling it is. Instead, you should close the browser, or delete the email. If you can't, turn your computer off. If your computer appears to freeze, press and holds the power button for a few seconds, and it will go off.
If you keep receiving the same message when you turn your computer on again, it's likely because you allow the machine to automatically reopen the programs that were running in the previous section. You can uncheck the related box on a Mac, or follow this tip on a Windows computer.
But the good news is no damage has been done.
2. You take the bait
If you follow through with the scam message, depending on what you do, you'll face a minor or severe problem. Here are a few scenarios.
1. If you just reply to an email with some extra information about yourself, like a home address and phone number. Well, you can expect to hear more from the scammer. Now just ignore any further correspondence, and you're probably OK.
2. If you have sent the scammer some money. Too bad, your money is gone. Hopefully, that's the extent of the damage.
3. If you call a number, expect the person on the other end to sound very professional and authoritative. They are excellent actors. They will give you instructions to do things on your computer. They even probably call you back. Eventually, they always ask you to send money or pay for a "service", or give them access to your bank account. Hopefully, you'll realize something is fishy during the process and stop.
4. If you follow the instruction and download/install software on your computer, this is the worst. Unfortunately, this is also the easiest thing to fall for since it might take just a few clicks.
The scammer now can scan your computer and look for more personal information, such as your saved password, or a copy of your tax return.
So it's now your luck how much they can glean from the computer. At best, the bad guys don't get anything; at worst, they'll have a copy of your financial information as well as your social security.
With those, they can scam you and your family further and even use your identities to commit financial frauds, like getting a loan or, during this time, filing your taxes and getting fraudulent refunds.
They can also install ransomware on your computer and extort money from you over time.
If you're at this stage, make sure you turn that computer off and don't use it again. Seek professional IT help to recover your data and get your computer cleaned.
3. The headache
If you have fallen for a scam and believe that they have obtained your social security number, you need to assume the worst.
Even if you pay them the fee they ask, they'll keep coming back for more. What's more, they'll use your information to prey on your family and friends.
Here is what you should do:
- File your taxes as soon as possible. Don't let the bad guys do that before you.
- Use a clean computer and change all of your crucial online access passwords, including those of your banks, your email, or any other accounts with sensitive information. Get an online identity protection plan.
- Inform your loved ones of your situation so they can take precautions. Report the incident to your banks and the authorities.
How to be safe from online scams
By now, you might have noticed that the only way to stay safe online is not to go past the first stage mentioned above. In other words, don't take the bait.
Following are what you should keep in mind:
- Use common sense. If something seems odd, chances are it's indeed odd.
- No stranger (or website) who comes to you with unsolicited information means well. They all try to get something out of you.
- No authority will contact you online on serious matters. They will send you a letter via the post office or send a real person.
With that, here are what you should do when being online:
- Don't be a click-happy user! Consider a mouse click (or hitting Enter) as pulling the trigger on a gun. There's no undo after that. So, take a few seconds to make sure you're aware of what is about to happen.
- Use some online protection software, but don't trust it completely. No security software company guarantees the effectiveness of their product because they know they can't. You're the final defense.
- Don't react to any messages (email or website) without thoughts. The first thing you should ask yourself is: Is this real? And only take action when your answer is affirmative.
The final thought
Like things in real life, an online scam takes two, the scammer and the victim. You can't do anything about the former, but there are absolutely ways to avoid being the latter. Don't wait till it's too late.