Tactical Information Systems
Biometric Identification Software
SERVER.png

Tactical Information Systems Blog

Identity & Technology

How to Avoid Online Fraud

Everyone has heard stories of someone who was taken advantage of online. It's easy to think "that could never happen to me" but the truth is that the scammers are A/B testing constantly and they will eventually find a way. We are all human and in a hurry. It just takes a moment of inattention to click on something bad. In this post, I'm talking about the most common scams we see and how to avoid them.

1. Relationship scams

The is the main kind of online dating fraud. There are countless stories of someone (online dating scammers) sending more and more money to their online boy or girl friend - who they've never met - until the money is gone and the friend is too. They develop friendships over time and then tell an emotional or hard luck story. There are various types of identity verification that can help, but nothing will completely eliminate this risk.

I read some of the worst stories of online fraud and thought "Well, I'm not stupid, that could never happen to me." Except, I recently got a call for help from an old friend from college who lost her purse while travelling overseas. I was ready and willing to wire her some money to help her out. Happily, I thought to call her to find out more about what happened. She hadn't left town and I almost fell for a classic scam.

2. Phishing scams

Phishing is when someone sends you an email claiming to be from your bank or another trusted organisation, which directs you to a fake website where you will be asked to enter your account details. The website will often be cleverly designed to look like the real organisation’s website. These have gotten really good! A few years ago, the phishing emails were easy to detect, but these days they are very sophisticated. The easiest way to check is to look at the URL of any links they want you to click on. If the URL is http://www.yahoo.com/bankofamerica then you can be certain the email isn't really from Bank of America. Any credible organization will have a domain name of their own. Another way to prevent this scam is to go to the website directly instead of clicking on a link in an email. Also, the IRS doesn't initiate contact with taxpayers by email, text messages or social media channels to request personal or financial information. This includes requests for PIN numbers, passwords or similar access information for credit cards, banks or other financial accounts. 

The IRS is such a big target for phishing scams they created a webpage devoted to helping victims. 

The IRS is such a big target for phishing scams they created a webpage devoted to helping victims. 

Also, just being asked for sensitive information, like an account number or password, is a red flag. The real organization already has your data and even if they need it, they will never send you an email asking for it. Any email that seems threatening or has a sense of urgency should probably questioned - if the real organization needs to get your attention about something important, they probably won't be using email.

3. Computer Viruses

Phishing is a fraudulent email sent to you where they are "fishing" for information. Viruses or malware come from email attachments that they want you to open. These can be photographs, attachments or any kind of file you can open. They will often have click bait subject lines. One recent type of phishing attack looks like a receipt for services you didn't order, usually for a large amount. You will be tempted to click on the pdf to see what happened and that is when they have you.

Once you click, the virus is installed on your computer and you may never know about it. The virus can take over your computer and give control to criminals, or it can for example, scan for your private information, send out spam email or host illegal websites. One type of virus even encrypts all of your documents and demands ransom in bitcoin to decrypt them. I don't open attachments unless they are from someone I know personally. If I'm not sure, I'll send it back and ask "What is this attachment?" - if it's legitimate, they won't have any problems or issues with answering that question.

4. Work from Home Scams

Probably the most ingenious scam I have seen was a "work from home" scam. People thought they were hired for a company where they could work from home. They were given access to a website and instructions to buy things (with a "company credit card"), have them delivered to their house, and then print a new label and mail it to the company's "client". What they were really doing was using a stolen credit card to buy goods and deliver them to the thief. You can go to jail for doing this!

Trust your instincts. If something feels wrong, it probably is. As a general rule, don't do anything with a person online that you wouldn't do in person. And remember, if you have texted back and forth with a person, you will naturally develop a feeling that you know them, that you are in a relationship. But until you meet in person and verify what you have been told, you should be careful.