

Consumer Technology Topic of the Month
What Is a Compromised Email Account? The Meaning & Telltale Signs to Look Out For
What is a Compromised Account?
A compromised email account occurs when an attacker or unauthorized individual access a legitimate user's email. Once attackers gain access to an email account, they can look at and copy all emails sent or received from that account- and any personal information attached to those messages.
Email accounts can be compromised by attackers' tactics, such as phishing and password spraying. Phishing involves the attacker tricking a user into revealing login credentials through fraudulent emails or websites, while password spraying involves trying common passwords across multiple accounts. Malware can be used to hack into email accounts.
If you suspect your email account has been compromised, you should immediately change the password to a new one that's hard for others to guess and enable two-factor authentication. You should also notify your service provider about the breach so they can help recover any lost mail or files as needed. Let your contacts know that you've had a security breach so they don't unknowingly engage in fraudulent activity stemming from your account.
It is essential to practice good cybersecurity to protect yourself from compromised email accounts. This includes using strong, unique passwords, being cautious of suspicious emails or links, regularly updating your devices and software, and using reliable antivirus and anti-malware software.
How Are Accounts Compromised?
- Phishing: Attackers create fraudulent emails that appear to be from a legitimate source, such as a well-known company or service. The emails may contain links prompting users- who are most likely expecting this kind of communication and don't check the URL before entering their login credentials-into believing they need to log back into something important. Once attackers have compromised these accounts, they can then use them for malicious purposes.
- Password Attacks: Attackers may use techniques like password spraying to try a small number of commonly used passwords across multiple accounts. They exploit weak or reused passwords to gain access to email accounts.
- Malware: Malware, including keyloggers and spyware, can be installed on a device without the owner's knowledge. This malicious software records login credentials (such as passwords) and sends them to an attacker.
- Credential Stuffing: Attackers exploit the practice of password reuse by using leaked login credentials (such as passwords) and sends them to an attacker.
- Social Engineering: Attackers may use manipulative tactics to trick individuals into revealing their email account login information. This may involve impersonating a trusted source, like a friend or coworker, or eliciting personal information through deceptive means.
To protect against email account compromise, staying vigilant and practicing good cybersecurity hygiene is crucial. This includes using strong, unique passwords, enabling two-factor authentication, being cautious of suspicious emails or links, and regularly updating devices and software.
What Are The Different Types of Account Compromise?
Business and personal accounts can be compromised in various ways, such as malicious phishing emails sent to employees or a data breach allowing unauthorized users to gain access. Weak passwords, malware, and social engineering attacks can all compromise personal accounts.
- Email Account Compromise (EAC): Hackers most commonly gain access to people's email accounts by planting malware on their computers, usually after the victim has fallen for an initial email phishing scam. This can lead to various fraudulent activities like sending spam emails and stealing sensitive information- or sending official-looking messages to other contacts from the victim's email, trying to trick users into giving up personal or financial data.
- Account Takeover (ATO): ATO occurs when a cybercriminal takes control of an individuals online identity and impersonates that person. Attackers can exploit these compromised accounts for financial gain and other malicious activities.
- Business Email Compromise (BEC): BEC refers to an attack where cyber criminals target employees responsible for financial transactions or sensitive information. Attackers often impersonate high-ranking executives, tricking employees into making unauthorized wire transfers or sharing sensitive data.
- Credential Stuffing: In this attack, attackers use username and password combinations obtained from previous data breaches to gain unauthorized access to various online accounts, including email accounts. They rely on the fact that many individuals reuse passwords across multiple platforms.
It is important to remember that this is just a small sample. New email hacking techniques are being developed all the time. So staying on top of solid security measures like using unique and strong passwords and enabling multi-factor authentication is your first line of defense. Being cautious with suspicious emails or links also helps mitigate the risk of account compromise.
What Are The Telltale Indicators of a Compromised Account?
It is important to act fast if you think your email account has been compromised. Start by changing the password to something secure, then take the necessary steps to ensure no further damage can be done. Some signs of a breach to look out for include:
Unfamiliar messages sent from your account
If you notice emails sent from your account that you did not write, this is a clear sign that someone else has gained access to the account, especially if the emails are sending messages and links to others. If other people are also complaining to you about receiving spam emails from your email address, then your account has likely been hacked.
Unexpected password reset notifications
Getting messages about changing passwords when you haven't changed anything may signal that someone else has tried to gain access.
Missing emails
Sometimes, hackers delete emails to cover their tracks, which can signify that someone else has accessed your account.
Other unusual activity
You may also watch for unusual activity from privileged accounts, increased access to services, or increased network activity. Also, watch for logins from unusual locations or strange emails being sent out, unauthorized settings, or registry changes. Finally, contact your IT department or security provider for additional help securing your account.
Steps to Take if Your Account Has Been Compromised
Change your password
Immediately change your password for the compromised account. Choose a strong and unique password not used for other accounts. This will help prevent further unauthorized access.
Check for and remove suspicious activity
Review your account activity and look for any unfamiliar or suspicious actions. If you notice any unauthorized activity, such as emails sent from your account without your knowledge, delete them and notify your contacts to avoid any potential scams.
Enable multi-factor authentication (MFA)
If available, enable MFA for your account. This adds an extra layer of security by requiring a second form of verification such as a code sent to your phone, in addition to your password.
Update you security settings
Review and update your account security settings. Ensure your recovery options, such as alternate email addresses or phone numbers, are current. Consider changing security questions and answers as well.
Scan your device for malware
Run a complete computer or mobile device scan with up-to-date security software. This can help to detect and remove any malware or keyloggers that may have compromised your account.
Be cautious of phishing attempts
Remain vigilant for phishing emails or messages that trick you into providing personal information or login credentials. Avoid clicking on suspicious links or downloading attachments from unknown sources.
Monitor your accounts
Check your financial accounts, credit reports, and other online accounts regularly for sign of unauthorized activity. If you notice any suspicious transactions or activity-report it immediately!
Report the compromise
Depending on the type of account, report the compromise to the appropriate service provider or organization. They can assist in recovering your account and take steps to prevent further compromises.
Remember, prevention is vital to account security. Changing your passwords regularly, using strong and different passwords for each account, and avoiding sharing personal information online is wise.
Tips & Best Practices to Prevent Accounts from Being Compromised
The best way to approach cybersecurity is preemptive. Taking proactive steps to secure your accounts can go a long way in preventing unauthorized access and safeguarding your data:
- Use strong passwords with uppercase and lowercase letters, numbers, and special characters.
- Enable two-factor authentication if available for additional protection.
- Check your inbox regularly for any suspicious emails or activities.
- Set up email filters to automatically delete or block known malicious emails.
- Use a secure email provider with built-in security measures to help protect your accounts from unauthorized access.
- Keep up with security updates and patch any vulnerabilities immediately.
- Monitor your accounts for any suspicious activity or changes in settings, and contact your IT department immediately if anything is out of the ordinary.
ANATOMY OF A FAKE CHECK SCAM
Fake checks drive many types of scams- like those involving phony prize wins, fake jobs, mystery shoppers, online classified ad sales, and others. In a fake check scam, a person you don't know asks you to deposit a check-sometimes for several thousand dollars and usually for more than what you are owed- and wire some of the money back to that person. The scammers always have a good story to explain the overpayment- they're stuck out of the country, they need you to cover taxes or fees, you need to buy supplies, or something else. But by the time your bank discovers you've deposited a bad check, the scammer already has the money you sent, and you're stuck paying the rest of the check back to the bank.
The Federal Trade Commission receives tens of thousands of reports each year about fake checks. Over the last three years, the number of complaints has steadily increased, and so have the dollars lost.
The FTC's new info graphic developed with the American Bankers Association Foundation, offers some tip-offs to rip-offs and what to do if you get a check from someone you don't know.
Please share this information with others. Victims may be embarrassed to talk about their experiences, but you can help. A simple phone call, email or text, saying "Look what I just found" and sharing this information may make a difference in someone else's life.
Avoiding Cryptocurrency Scams
How to Avoid Cryptocurrency Scams!
Scammers are always finding new ways to steal your money using cryptocurrency. To steer clear of a crypto con, here are some things to know.
- ONLY SCAMMERS DEMAND PAYMENT IN CRYPTOCURRENCY. No legitimate business is going to demand you send cryptocurrency in advance- not to buy something, and not to protect your money. That's always a scam.
- ONLY SCAMMERS WILL GUARANTEE PROFITS OR BIG RETURNS. Don't trust people who promise you can quickly and easily make money in the crypto markets.
- NEVER MIX ONLINE DATING AND INVESTMENT ADVICE. If you meet someone on a dating site or app, and they want to show you how to invest in crypto, or asks you to send them crypto, that's a scam.
Spot Crypto-Related Scams
Here are some common investment scams, and how to spot them.
- A so-called "investment manager" contacts you out of the blue. They promise to grow your money- but only if you buy cryptocurrency and transfer it into their online account. The investment website they steer you to looks real, but it's a fake, and so are their promises. If you log in to your "investment account", you won't be able to withdraw your money at all, or only if you pay high fees.
- An online "love interest" wants you to send money or cryptocurrency to help you invest. That's a scam. As soon as someone you meet on a dating app asks you for money, or offers you investment advice advice, know this: that's a scammer. The advice and offers to help you invest in cryptocurrency are nothing but scams. If you send them crypto, or money of any kind, it'll be gone, and you typically won't get it back.
- Scammers guarantee that you'll make money or promise big payouts with guaranteed returns. Nobody can make those guarantees. Much less in a short time. And there's nothing "low risk" about cryptocurrency investments. So: if a company or person promises you'll make a profit, that's a scam. Even if there's a celebrity endorsement or testimonials from happy investors. Those are easily faked.
- Scammers promise free money. They'll promise free cash or cryptocurrency, but free money promises are always fake.
- Scammers make big claims without details or explanations. No matter what the investment, find out how it works and ask questions about where your money is going. Honest investment managers or advisors want to share that information and will back it up with details.
- IF YOU SEE A TWEET ( OR A TEXT, OR OTHER MESSAGE ON SOCIAL MEDIA) THAT TELLS YOU TO PAY WITH CRYPTOCURRENCY, THAT'S A SCAM!
May 2025 Security Tip
The Biggest Scams of 2025 and How to Outsmart Them
AI-Generated Scams
The rise of artificial intelligence has made it easier for scammers to create realistic videos, images and voice clones. In 2024 alone, we've seen an alarming increase in devilishly clever scams, making it harder than ever to discern the real from the fake. Imagine getting a call from your son or daughter, with what sounds exactly like them and they claim to be in danger, what will you do? That's how terrifying AI related scams can get.
Here's how they work and what to watch out for:
- How it works: Scammers use AI to mimic a loved one''s voice. They may call you, pretending to be a family member in trouble and ask for money urgently.
- Red flags: The caller demands immediate payment, avoids video calls, or refuses to provide proof of identity.
- Protect yourself: Always verify the caller's identity through a secondary channel, such as calling them back on a known number.
Cryptocurrency Investment Frauds
Cryptocurrency scams are evolving with fraudsters using new tactics to deceive potential investors. One prominent trend involves leveraging influencers to promote fraudulent schemes, making these scams appear to be legitimate and trustworthy.
Cryptocurrency Investment Frauds
- Initial Coin Offer Scams: Scammers launch fake cryptocurrencies, using high-profile influencers to create hype.
- Pump-and-Dump Schemes: Fraudsters artificially inflate the value of cryptocurrency through false claims and influencer endorsements, only to sell off their holdings and leave investors with worthless assets.
How can your protect yourself from Cryptocurrency scams
- Red flags: Unverified projects, unrealistic promises of high returns, or reliance on influencer endorsements without transparency.
- Protect yourself: Conduct thorough research, avoid investments promoted solely by influencers, and stick to reputable exchanges and cryptocurrencies.
Online Shopping Scams will Persist Thanks to Social Media
Fake online stores have been around for years, but scammers increasingly turn to social media to market their schemes. These platforms provide scammers with vast audiences and tools to create convincing, fraudulent campaigns.
- How it happens: Scammers set up fake e-commerce pages advertising heavily discounted products. Once you make a purchase, either the product never arrives or it's a cheap counterfeit.
- Red flags: Unverified accounts, poor-quality product images, or lack of customer reviews.
- Protect yourself: Stick to trusted online retailers and use secure payment methods that offer buyer protection.
Phishing Scams Will Continue to Evolve
Phishing scams remain one of the most effective methods for scammers to steal your personal and financial information. In 2025, these scams are becoming more sophisticated, targeting individuals across various platforms and exploiting their trust.
- How it works: Phishing typically involves fake emails, text messages, or links designed to look like they come from legitimate organizations. Scammers trick you into sharing sensitive details, such as passwords, credit card information, or Social Security numbers.
- New Trends:
- Personalized phishing: Scammers now tailor their messages using information found on social media or public databases, making their attempts more convincing.
- Instant messaging apps:: Fraudsters increasingly use platforms like WhatsApp, Telegram, and Signal to send phishing links.
- QR code phishing (Quishing): Scammers share malicious QR codes that redirect users to fake websites designed to harvest personal data.
- Red Flags: Unexpected messages asking for personal details, urgent requests to act immediately, or suspicious links and attachments.
- Protect yourself:
a. Verify the sender's identity before clicking on any links.
b. Check for spelling errors or unusual email addresses.
c. Use antivirus software and enable two-factor authentication for extra security.
d. Avoid scanning QR codes from unknown sources.
Event Driven Scams
Scammers are quick to capitalize on current events, using disasters, high-profile news, and even popular entertainment events to their advantage. These event-driven scams exploit emotions, urgency, and the sheer scale of public interest to trick unsuspecting victims.
- How it happens:
i. Disaster Relief Scams: Following natural disasters or humanitarian crises, scammers pose as charity organizations, soliciting donations that never reach those in need.
ii. Concert and Festival Scams: Fraudsters create fake ticket selling websites or social media posts for popular events, like Taylor Swift's Eras ticket scams, offering deals that seem to good to be true.
iii. Sports Events Scams: Major sporting events are also a common target, with scammers selling counterfeit tickets or promoting fake contests.
- Red flags: Requests for donations to unverified charities, ticket prices significantly lower than market value, or suspicious-looking event websites.
- Protect yourself:
a. Verify charities through trusted platforms before donating.
b. Purchase event tickets only from authorized sellers or official websites.
c. Be cautious of social media ads offering exclusive deals or last-minute tickets.
Spot the Scammer in 2025: Warning Signs to Watch For
Scammers are like chameleons, constantly adapting to their surroundings. But beneath the surface, their tricks often share familiar patters. Here's your cheat sheet to recognize the telltale signs of a scam:
1. Out-of-the-Blue Buzz
A surprise call, text, DM, or email can be the opening act. Whether it's a "friendly" outreach on social media or a professional-sounding email. unsolicited contact is often the bait.
2. Ticking Time Bomb
Pressure is the scammer's favorite tool. They'll spin tales of dire consequences-leaked photos, missed deals, or vanishing opportunities- all to make you act without thinking.
3. "Safe" Account Shenanigans
If someone asks you to move money to a secure account, don't buy it. This is a classic move to steal your cash while making you feel like you're safeguarding it.
4. Do it, or Else!
Threats of fines, legal trouble, or even public humiliation are designed to scare you tinto compliance. Legit organizations don't use intimidation as their MO.
5. Too sweet to Be Real
Jaw-dropping deals, dream job offers, or "guaranteed" investment returns? If it sounds too good, it's probably fiction.
6. Tech Takeover Requests
Be wary of anyone asking to access your device or install apps remotely. It's the digital equivalent of handing over your keys to a stranger.
7. Shady Links
Ads or links from unknown sources urging you to "click here" can lead to trouble. Whether they're sponsored posts or suspicious results, tread carefully.
8. Signs of Sloppiness
Look out for poor grammar, awkward speech patterns, or mismatched mouth movements in video calls. Whether it's typos in URLs or accents that don't align, these quirks are often the mask slipping.
Stay Ahead of Scammers
Scammers can try all the tricks in the book, but you can always stay two steps ahead. Here's how to ensure you don't fall for their schemes:
- Enable two factor authentication on all your online accounts.
- Monitor your bank statements regularly for unauthorized transactions.
- Educate yourself and your family about common scam tactics.
- Report scams to your local authorities or fraud prevention organizations.
April 2025 Security Tip
How Do I Prevent Account Takeover Fraud?
Tips to protect your passwords, usernames and online accounts.
Account takeovers have become a growing concern for people of all ages during 2023. Whether you're managing your retirement funds, social media accounts, or online shopping accounts, the risk of having your personal information and finances compromised is real.
Understanding Account Takeovers
Account takeovers, also known as ATOs, occur when cybercriminals gain unauthorized access to your online accounts. These accounts can include financial institutions, social media profiles, email accounts and more. Once attackers gain access, they can steal your personal information, make unauthorized purchases, or even commit fraud in your name.
Why Account Takeovers Matter
Account takeovers can have severe consequences, particularly for older adults who may have accumulated significant savings and assets over their lifetime. Here's why account takeovers matter:
- Financial Loss: Cybercriminals can drain your bank accounts, make unauthorized purchases with your credit cards, or even liquidate your investments, leading to significant financial losses.
- Identity Theft: ATOs often involve the theft of personal information, which can be used to open new lines of credit or commit other fraudulent activities in your name.
- Emotional Distress: Dealing with the aftermath of an account takeover can be emotionally distressing, causing anxiety, frustration, and feelings of violation.
Protecting Yourself Against Account Takeovers
Fortunately, there are steps you can take to protect yourself from account takeovers and reduce the risk of falling victim to cybercriminals:
- Strong, Unique Passwords and Usernames- Create strong, unique passwords for each of of your online accounts. Use a combination of letters, mismatched words, numbers, and symbols, and avoid using easily guessable information like birthdays or names.
- Two-Factor Authentication (2FA): Enable 2FA wherever possible. This adds an extra layer of security by requiring a one-time code sent to your mobile device or email when logging in.
- Regularly Update Software: Keep your devices and software up to date to patch any vulnerabilities that cybercriminals might exploit.
- Monitor Your Accounts: Regularly review your financial and online accounts for any suspicious activity. Report any unauthorized transactions immediately to your bank or the respective platform.
- Beware of Phishing, Vishing, and Smishing: Be cautious of unsolicited emails, messages, or phone calls that ask for personal information. Verify the sender's identity before sharing any sensitive data.
- Phishing is when criminals send you a fake email to get your information, including your passwords.
- Vishing, or voice phishing, is when criminals make a fake phone call or an automated robocall.
- Smishing is when they send you a fake SMS text message.
- Secure Wi-Fi Networks: Use secure, password-protected Wi-Fi networks when accessing your accounts, especially in public places.
- Educate Yourself: Stay informed about the latest cybersecurity threats and best practices for online security.
- Use a Password Manager: Consider using a reputable password manager to generate, store, and autofill your complex passwords.
- Freeze Your Credit: Consider placing a credit freeze with the major credit bureaus to prevent new accounts from being opened in your name without your permission.
Account takeovers pose a real threat to individuals of all ages, but with vigilance and proactive measures, you can significantly reduce your risk. Protecting your financial well-being and personal information requires ongoing attention to online security practices.
March 2025 Security Tip
Financial Scams to Avoid
Wire Transfer Scams
Wire Transfers can be a convenient way to send and receive money. That's why scammers find them so attractive.
Never Wire Money to Someone You Don't Know
This is the main advice when it comes to wiring money. If you don't know the person you're sending the money to- or if you haven't known them very long- simply don't do it. If you've sent money to a scammer by mistake, there's a good chance the money will be gone for good.
Signs of a Wire Transfer Scam
You're Unexpectedly Asked to Wire Money
Be cautious before wiring money- even if you're asked by the government, a good friend, or relative.
Calls from the IRS, for example, are often scams. Fake IRS representatives will threaten you with arrest or other consequences if you don't pay up. If you think you might owe money to a government agency, contact them separately to confirm. Otherwise, just hang up!
Your relatives can even be used as part of a scam. Scammers are very skilled at fooling people into thinking their own relatives are asking for money. They might call you from a familiar phone number and disguise their voice, claiming to be crying or sick. They may email you from a familiar email address/name. They might seem credible because they know details about your family that they have learned from the internet.
If you have any doubt, make sure you contact a relative separately to confirm the story. Don't listen to pleas to "not tell anyone". Remember, they are asking for your hard earned money!
You're sent a Check in Exchange for a Return Payment
Scammers will sometimes send a fake check-cashier's check, personal check, money order, etc.- and ask you to cash it and then send them the money.
Sometimes, they will say you have won a prize or the lottery, have earned an inheritance, can work from home, or can become a "secret shopper." Other times, you will receive a check as payment to something you were selling online. Either way, the check will be for more than they're asking in return. They'll say this is for processing fees and your time/effort pr that the extra payment was a mistake that they need refunded immediately.
Beware! The check is a fake. Don't attempt to ash it. Immediately cut off communication.
This is fake. You never need a confirmation code or money transfer control number to pick up wired money. If someone requests this info, you're being scammed.
You're Asked to Wire Money to Another Country
Typing or grammar errors are a common sign of foreign scammers attempting to get you to send them money. They'll have a convincing reason for their request- e.g., a grandchild is on vacation, etc. But there's almost no good reason to wire money without confirming the story first.
February 2025 Security Tip
The Latest Scams You Need to be Aware of in 2025
- AI Scams
Generative AI tools generally get classified by the type of content they generate, such as text, images or videos. Scammers use them to enhance different types of popular scams.
- Phishing and smishing: Scammers can use AI to write more convincing and natural-sounding phishing emails and text messages.
- AI Images: Scammers can use AI generated images to quickly create eye-catching websites, social media ads, fake identification documents, explicit photos and fake headshots for social media profiles.
- Deepfake videos: AI-generated videos might be created to promote fake products, services or investments. Scammers also might use deepfake recordings or real-time face-and body-swapping tools to trick victims into thinking they're someone else.
- Fake and cloned voices: Scammers also use AI-generated or altered voices for their videos and for phone-based scams. Some AI tools can even mimic real accents.
2. Impostor Scams
Scammers almost always hide their identity, and imposter scams are one of the most common types of scams or fraud because the category is fairly broad. These happen when the scammer pretends to be a friend, relative, celebrity, politician, businessperson, government agent, delivery person or company representative.
Some types of imposter scams are so prevalent that they have their own name, such as the grandparent scam and romance scams. Now that scammers can use AI, it's more important than ever to be skeptical when someone contacts you, especially if they try to scare you or offer you a gift or investment opportunity.
4. Romance Scams
While romance scams aren't new, they remain a popular scam and are a prime example of how scammers can use generative AI to trick victims.
Scammers often steal someone's identity or create fake profiles on dating and social media apps to meet victims. There's no surefire method to detect a fake. Some will use AI to deepfake video calls, and some crime organizations even force people or hire models to conduct romance scams.
After gaining your trust, the scammer might ask you to buy them something, ask for m money or give you an investment "tip" that's part of the scam. Or, the person may "mistakenly" send you money and ask you to send it back or forward it to someone else. If your bank later determines that their payment was fraudulent, the sum of the payment will be subtracted from your account.
Many romance scams start with text messages, private messages on social media, or in dating apps. And they can target anyone-some scammers even seek to form platonic rather than romantic relationships.
"Accidental" Text Messages- Have you ever gotten a text message that seems genuine, but it also appears to be intended for someone else? It might say something like, "sorry I'm running late, I'll be there in 15 minutes". Not wanting to be rude, you respond to tell the sender they've got the wrong number.
These wrong number texts are often the first step in a romance or employment scam. Although there's sometimes a scammer on the other end from the start, scammers can also use AI messaging bots to target thousands of people at a time.
5. Phone-Related Scams
Scammers may contact you by phone, and some phone scams rely on smartphones' capabilities to access the internet and install malware. These phone-related scams include:
- Robocalls: Robocalls have people's phones ringing nonstop with increasingly natural-sounding recorded voices. They may offer everything from auto warranties to vacations, or issue a threat to try and get your attention. Some robocalls can even respond to your questions using prerecorded or AI-generated messages.
- Malicious apps: Scammers may try to get you to install a malicious app to steal your information. Or, they might create a nearly identical copy of an existing app and then make money from in-app purchases. Recently, there were reports of malware that could infect your phone and trick you into calling the scammer when you try to call your bank.
- QR Codes: These convenient codes have gained popularity as a touchless option to do things like read a restaurant menu or make a payment. However, scammers place their QR codes in inconspicuous spots, and scanning the code could prompt you to make a small purchase or enter your credentials on a lookalike website. Some scammers even go as far as printing QR codes on letters that appear to come from government agencies and then mailing them out.
- SIM swapping: This technique is used by a thief to reassign your number to a SIM card in a phone they control. They can then try to log in to your accounts using codes or links sent to your phone number. Contact your carrier to see if there are any security measures for stopping SIM swapping. Also, see if your accounts let you use a non-SMS multifactor authentication option, such as an authenticator app that scammers can't steal or access.
- One-time password (OTP) bots: Some scammers use so-called OTP bots to trick people into sharing the authentication codes. The scammer might try to log in, prompting the bank to send you a one-time code. At the same time, the bot imitates the company and calls, texts or emails you asking for the code. The timing might convince you that the bot's request is legitimate. However, if you respond, it sends the code to the scammer, who can now log in to your account.
6. Cryptocurrency and Investment Scams
Cryptocurrency prices rocked after the presidential election, and cryptocurrency scams are sure to follow. These have taken different forms over the years, including scams involving fake prizes, contests, giveaways or early investment opportunities.
The scammers may impersonate celebrities or popular websites to lure victims into sending them money, sharing login information or "investing" in a project. Crypto exchange accounts have also been the target of the OTP bot attach technique described above to prevent you from getting your crypto back while the scammer drains your account.
7. Online Purchase Scams
Online purchase scams continue to be one of the riskiest types of scams, according to the BBB. Some scammers set up fake e-commerce stores and buy ads for the website on social media. Alternatively, scammers might list items for sale on online marketplaces, including social media platforms' marketplaces.
The scammers might take your money and never send anything in return. Or, they might be committing triangulation fraud and purchasing the item you bought with some someone else's stolen credit card. You might not realize you were part of a scam unless you try to return the item or use a warranty.
Always look for red flags such as too-good-to-be-true prices, lack of details or high-pressure sales tactics. Paying with your credit card can also help you limit potential losses, as you can initiate a chargeback of you don't receive a product or service.
2025 SPOTLIGHT: REFUND PHISHING
Some scammers figured out a new way to profit from stolen credit card information. Rather than focusing on stealing money from the card, they make a fraudulent purchase from a fake merchant whose name is a phone number or email. Victims call or visit the site to dispute the transaction, but they're phished-tricked into sharing personal and account information with the scammer.
8. Employment Scams
Employment scams use enticing, and hard-to-detect, lures to target people who've been out of work. Some scammers take a slow approach with interviews and a legitimate-seeming operation. They then collect personal information from your employment forms, or tell you to buy equipment or training.
Other scams get right to the point and promise guaranteed or easy income- if you purchase their program. Sometimes, a fake employer sends a large paycheck and asks you to send the "extra" back- a play on the popular overpayment scam.
You may come across job opportunities that involve receiving money and sending funds to another account, or receiving and reshipping packages. These "money mule"" and "reshipping mule" jobs are often part of an illegal operation, and you could be personally liable.
9. Check Fraud
Criminals have been breaking into mailboxes and robbing mail carriers to steal mail and look for checks. If you mail a check and it's stolen, they might create a counterfeit check and use it to withdraw money from your account.
Your bank or credit union will often reimburse you, but it could take a long time and cause money problems while you wait. It might be best to avoid writing and mailing checks altogether. If you have to send a check, some pens, such as Uni-Ball pens with Super Ink, claim to stop check washing. That still won't protect against some other types of check fraud, though.
How to Avoid a Scam
While scammers' delivery methods and messaging can quickly change, a few basic security measures can help protect you from the lates and most common scams:
- Be skeptical when someone contacts you. Scammers can spoof calls and emails to make it look like they are coming from different sources, including government agencies, charities, banks and large companies. Don't share personal information, usernames, passwords or one-time codes that others can use to access your accounts or steal your identity.
- Don't click unknown links. Whether the link arrives in your email, a text or a direct message, never click on it unless you're certain the sender has good intentions. If the message says it's from a company or government agency, call the company using a number that you look up on your own to confirm its legitimacy.
- Be careful with your phone. Similarly, if you suspect a spam call, don't respond or press a button. The safest option is to hang up or ignore the call entirely. You can look up the organization and initiate a call if you're worried there may be an issue.
- Update your devices. Software updates may include important security measures that can help protect your phone, tablet or computer.
- Enable multifactor authentication. Add this to any accounts that offer it as an option, and try to use a non-SMS version to protect yourself from SIM swapping.
- Research companies before taking any actions. Before you make a purchase or donation, take a few minutes to review the company. Do a web search for its name plus "scam" or "reviews.
- Don't refund or forward overpayments. Be careful whenever a company or person asks you to refund or forward part of a payment. Often, the original payment will be fraudulent and take back later.
- Look for suspicious payment requirements. Scammers often ask for payments via cash, wire transfer, money order, cryptocurrency or gift cards. These payments can be harder to track and cancel than other forms of payment, which can leave you stuck without recourse.
- Create a family password. Create a family password that you can all use to verify that it's really one of you on the phone, and not someone who created a deep faked video or cloned voice.
January 2025 Security Tip
IRS Warning about Phishing and Smishing Scams
The Internal Revenue is warning taxpayers to be aware of evolving phishing and smishing scams designed to steal sensitive taxpayer information.
With taxpayers continuing to be bombarded by email and text scams, the IRS warned individuals and businesses to remain vigilant against these attacks. Fraudsters and identity thieves attempt to trick the recipient into clicking a suspicious link, filling out personal and financial information or downloading a malware file onto their computer.
Phish or smish: Don't take the bait
The IRS continues to see a barrage of email and text scams targeting taxpayers and others. These schemes frequently peak during tax season but they continue throughout the year. Taxpayers face a wide variety of these scams and schemes. And tax professionals, payroll providers and human resource departments remain favorite targets of email and text scams since they have sensitive personal and financial information.
That means taxpayers and tax professionals should be alert to fake communications posing as legitimate organizations in the tax and financial community, including the IRS and state tax agencies. These messages arrive in the form of unsolicited texts or emails to lure unsuspecting victims to provide valuable personal and financial information that can lead too identity theft. There are two main types:
- Phishing: An email sent by fraudsters claiming to come from the IRS. The email lures the victims into the scam with a variety of ruses such as enticing victims with a phony tax refund or threatening them with false legal or criminal charges for tax fraud.
- Smishing: A text or smartphone SMS message when scammers often use alarming language such as " Your account has now been put on hold:, or "Unusual Activity Report:, with a bogus "Solutions" link to restore the recipient's account. Unexpected tax refunds ar another potential lure for scam artists.
Never click on any unsolicited communication claiming to be the IRS as it may surreptitiously load malware. It may also be a way for malicious hackers to load ransomware that keeps the legitimate user from accessing their system and files.
In some cases, phishing emails may appear to come from a legitimate sender or organization hat has had their email account credentials stolen. Setting up two-factor or multi-factor authentication with their email provider can reduce the risk of individuals having their email account compromised.
Posing as a trusted organization, friend or family member remains a common way to target individuals and tax preparers for various scams. Individuals should verify the identity of the sender by using another communication method, for instance, calling a number they independently know to be accurate, not the number provided in the email or text.
The IRS initiates most contacts through regular mail and will never initiate contact with taxpayers by email, text, or social media regarding a bill or tax refund.
December 2024 Security Tip
Cryptocurrency Investment Fraud
Cryptocurrency investment fraud is one of the most prevalent and damaging fraud schemes today.
Scammers, through various means of manipulation, convince victims to deposit more and more money into financial "investments" using cryptocurrency. In truth, these investments are fake; all victim money is under the control of-and ultimately stolen by-criminal actors, usually overseas. As a result, victims typically lose all money they invested.
The Process
- The Selection of the Victim
Scammers use a variety of methods to initially lure and contact victims. Here are some of the most common methods.
- Social Media: Scammers use social media to reach out to victims directly-messaging them- or indirectly through deceitful job advertisements or investment opportunities that can be found on all main social media platforms.
- Texting: Scammers text victims pretending they mis-dialed a number, sending a photo of themselves, or saying they work for a company that is hiring for job opportunities.
- Red Flag: Once the victim agrees to continue communicating, it's common for the scammer to ask to move their messaging to another platform including WhatsApp or Telegram- e.g., "Hey, do you have WhatsApp, let's talk there." They may use a different phone number from the one the victim may have been contacted by initially.
2. The Building of Trust
Once initial communication has been established, scammers seek to deceive victims about who they are (their "persona") and what they want (their "desires") to forge trust with the victim. Tactics vary but below are common characteristics of cryptocurrency investment fraud scammer personas:
- Excessive flattery
- Empathizing with, often suffering from, similar life events as the victim (e.g., if a victim is going through a divorce then the scammer may be going through a divorce, too).
- Suffering from a hardship that requires help from the victim.
- Sharing pictures, often selfies, of themselves.
- Offering to meet in person but making those meetings contingent upon the victim accomplishing a task (e.g., we can meet once you raise enough money)
- Expressing a strong romantic interest in the victim.
- Agreeing to some video conference calls but preferring instead to speak over text.
3. The Pitch
Once trust is established with victims, criminals introduce the topic of investing. It's common for scammers to say they themselves- or people in their family or close network- are experts in such investments. They may promise they can bring the victim in on "the ground floor." Types of investments can vary, however common ones include binary trading, liquidity mining, and gold futures.
4. The Initial Investment
Once the scammer convinces the victim to participate in their scheme, the scammer will instruct the victim how to invest the money, as follows:
- Open a cryptocurrency account at a reputable exchange.
- Transfer money from a traditional bank account to the new cryptocurrency account.
- Convert the money-now hosted on the cryptocurrency exchange- to the cryptocurrency type the scammer specifies, e.g., Bitcoin, Ether, Tether.
- Open an account on the "investment platform" provided by the scammer or an individual group that the scammer directed the victim to.
- Deposit the cryptocurrency to the investment platform either directly or through a private wallet.
Investment Platforms: Note that these "platforms" exist in the form of what appear to be traditional websites, either accessible via the web or through a specific browser only accessible via cryptocurrency applications. Common factors include:
- Registration using an email address or a phone number.
- Two-factor authentication (e.g., a phone number + an email address) to log in.
- A website name that closely mimics- or "spoofs"- a legitimate site.
- A professional-looking site design that shows the portfolio in an appealing manner.
- A customer support portal used to communicate about investments and withdrawals.
DID YOU KNOW?
SCAMMERS MAY USE DEEPFAKE TECHNOLOGY AND/OR HIRE REAL PEOPLE TO ENGAGE WITH YOU ON THE PHONE. EVEN IF THEY'RE REAL PEOPLE YOU'RE SPEAKING TO, THEY COULD BE PART OF THE SCAM.
Cryptocurrency Job Scams
Cryptocurrency job scams begin when scammers, masquerading as employees of legitimate companies, recruit victims and require them to deposit their own money in order to complete the job.
5.The "Growing" Investment
Once the victim starts to "invest", returns shown on the investment platform will appear to be extremely lucrative, encouraging the victim to invest more and more. It is common in the early stages for the scammers to allow victims to withdraw not only the original deposit but the earnings as well. This meant to trick victims- a means to reassure them that the platform is legitimate. Scammers use various means to "sweeten the pot", or encourage further investing. Examples include:
- "Matching" - Providing their own funds to the victim's portfolio to help the victim reach an (arbitrary) investment goal.
- "Scarcity"- Stating that returns or investment opportunities are only available in a short time period.
6. Taxes. Fees. and the End of the Scheme
Once the victim is ready to withdrawal all their earnings, they will find their account frozen and an arbitrary requirement will arise, usually in the form of paying "taxes" or "fees" to unlock their funds.
This is a trap: it is simply another method used by the scammers to try and convince victims to invest even more money.
It can be a particularly devastating point in the scheme, as victims will often pay more money to unlock their funds than any amount they previously deposited. At this point, there is usually nothing the victim can do: the scammers will never unlock the funds and it's likely they have already withdrawn those funds into criminally controlled cryptocurrency wallets inaccessible to the victim. In the end, the victim loses all the money they deposited to the scheme.