Guarding Your Digital Doorstep: A Beginner’s Guide to Outsmarting Online Scams
In an era where our digital footprints are as significant as our physical ones, protecting yourself from online scams is not just advisable; it’s imperative. This guide demystifies cybersecurity for the everyday tech user, offering straightforward, actionable advice to fortify your online presence against digital predators. Drawing from expert insights, we’ll navigate the murky waters of online scams with a conversational yet authoritative tone, empowering you to secure your digital doorstep with confidence.
Welcome to the 21st century, the time of the Jetsons! Not exactly what we envisioned, is it? Instead of Rosie, we have online scams, and that’s what I’m going to talk about today. In 2023, consumers reported losing more than ten billion dollars to fraud, the highest amount ever. That’s 14% more than the previous year. Of that, almost half — $4.6 billion – was due to investment fraud, and that alone is up 21% from 2022. Imposter scams are up, too, where the bad guys pose as trusted entities or representatives of a company. “Your social security number is about to expire.” That accounted for almost $2.7 billion. The most common way fraudsters reached their victims last year was by email, passing up the number scammed by text messages. In fact, text messages were number three, after phone calls! They’ll use the method that works best for them, and they’ll shift as required.
Now more than ever, it’s important that you, yes you, take defensive and protective measures to guard your digital life. Basic cybersecurity is essential for safeguarding your personal and business information. Cyberattacks can steal data, disrupt the flow of operations, and cause significant losses. Cybersecurity plays a critical role in preserving trust and confidence in technology. We all rely on technology for everyday tasks, communications, and other critical operations, and we’re all connected. It’s also not just about data. It also affects public safety and health. In several cities last year, hackers tried to meddle with municipal water supplies by gaining access to operations systems. While you may not have the level of responsibility that would allow or prevent that, your devices connect to a lot of other devices, and you do have some level of responsibility to see that you don’t infect another device.
I’ve made a transition to the person in the family that “knows a lot about computers” to a PC technician, then to a System Administrator, and I’ve gained expertise in cybersecurity through a bachelor’s degree from Purdue University, and several industry-recognized cybersecurity certifications. I eat, sleep, and breathe this stuff, so you don’t have to. We, the security professionals, can put in place all the defenses on the market, but if you, the users, aren’t careful, all our work can be swept aside. This is a quick guide to keep you safe. Later this year, I’m publishing a book that goes a lot deeper on the subject, but this is a good start.
Understanding the Threat Landscape
The most common online scams involve phishing, malware, and social engineering. There are a few that don’t fall under these three categories, but not many. Get a good handle on what these are and how they operate, and you’ll be ahead of the game.
Phishing: tricking you into revealing personal information. It could start with an email pretending to be a legitimate company, or it could be a website. It’s pronounced just like “fishing,” as in, “they’re fishing for victims.”
Malware: a mashup of “malicious” and “software.” Viruses and malware used to be considered two completely different entities, but now we consider viruses to be one type of malware. Malware is software that does something to you rather than for you. Just about everywhere you’re likely to go looking for software can be a source of malware, but malware also lives in other places.
Social engineering: a method of gaining information, access, or other valuables through manipulation, using human error. It’s often facilitated by gaining trust, and by the fact that it is in our nature most of the time to want to be helpful.
These aren’t the only ways bad people do bad things online, but they’re the ones you’re most likely to encounter in your personal life.
The First Line of Defense: Awareness and Education
Regardless of how many tools and programs you have in place on your computer, tablet, or phone, they have limited ability to protect you if the threat isn’t the kind of thing those tools are able to detect. It’s up to you to learn to recognize suspicious behavior and content online. This is one area where it’s critically important to be skeptical of the person on the other end of every transaction. To keep up on what’s going around, Facebook is of mixed usefulness. There’s a lot of useless information posted, among them the ones that say that holding your finger on a post will get rid of ads, and all of the similar ones. I don’t know of any accounts on Facebook that are posting cybersecurity information for “regular people.” If someone you know posts about a scam, unless you know that they know about digital security, please don’t just share it without checking it out. How do you do that? I’m so glad you asked.
Using Google Gemini or Bing Copilot to help you search is a great way to find out such information. Regular search engines without AI help limit you on how you can search. I typed this into Bing using Copilot: “I got a call from someone purporting to be from the sheriff’s department, but I think it’s a scam. How common is this?” Bing with Copilot gave me a great answer on how common it is, some of the tactics used in this type of scam, red flags, and even how to protect yourself. That was more than I asked for, but it was extremely helpful, especially the red flags. I will also go so far as to say that even what you hear on the nightly news can’t be completely relied on for accuracy. The anchor only has about a minute to tell you everything significant. By significant, I mean everything that will keep you watching, not everything you actually need to know. When you hear something that makes you wonder, use Gemini or Copilot to learn more. Unlike ChatGPT, whose currency is only as good as its most recent update, Gemini and Copilot are baked into the search functionality, so they’re able to get the newest stuff. I asked, “what kind of scams are most prevalent right now,” and Copilot gave me statistics for the most prevalent scams reported so far in 2024. We’re in March of 2024, so that’s pretty current, and I’m satisfied with the answer.
Practical Steps to Protect Yourself Online
So what can you do to stay safe? I’ll give you some brief pointers.
- Start by using strong passwords – more than 8 characters, a mix of upper and lower case letters, add some digits and special characters. Use a different password everywhere you go, and use a password manager to help you keep track of them.
- As much as possible, use two-factor authentication. That means using a combination of at least two of the following: something you know (a password OR a user ID; using both a user ID and a password is still only one factor), something you HAVE (an ATM card, a smart card, a phone, a computer, or a token of some kind) and something you ARE (finger print or retina scan). When a website has you log in and then sends you a code to your phone or email account to enter at the site, that’s an example of two-factor authentication. It’s not perfect, but it’s pretty dang good.
- Keep your stuff updated! Computer, phone, apps, keep it updated. You don’t have to jump on an update as soon as you see it, but within a day or so, get it done. As soon as an update is released, hackers are downloading it to see what it contains, what it fixes. They know some people don’t bother to update their devices very often, so whatever is fixed in an update is something that is going to be not-fixed for a large number of devices.
- If you’re using a Windows computer, Defender is built in and it’s great just on its own –unless you’re a business owner. Protecting customer, vendor, and employee information is more important because it’s more valuable to hackers. Your phone doesn’t really need additional antivirus, and if you use a mac or linux computer, there’s antivirus for them as well. Don’t do sensitive business over public wifi, wait till you’re on a secured network.
- Back up your data – check out this article on figuring out how to make that happen.
What to Do If You Fall Victim to a Scam
The first thing you should do if you think you might have been scammed is to take a deep breath, because you’re going to need a clear head to get everything done. Next you need to figure out what might have been affected – credit cards? Bank accounts? Social Security number? Contact whatever entities that you think might be affected, even if you’re not certain. Ask to speak to someone that handles fraud cases; every organization that handles money transactions is going to have one of those nowadays. Follow the exact steps they give you.
The next thing you need to do is find out where you can report the scam. This can be intimidating, because there are a lot of places that might need to know, and you might not know any of them. Once again, AI-powered search to the rescue. I asked Copilot, “If I think I’ve been a victim of a student loan scam, where might I go to report it?” Copilot came back with a few places that will need to know such information. Use an AI-powered search to find out where to report whatever type of scam you think you’ve encountered. If you’re not sure, give the search engine a few details to work from, key words or phrases you remember, and then let it figure out what kind of scam you encountered and what to do next. It’s important to make a report, because these statistics help agencies understand what resources people will need and where security is lacking.
One of the podcasters I used to listen to (I wish I could remember who it was) used to say, “When you lose, don’t lose the lesson.” There’s no shame when someone victimizes you, the shame belongs to them. Try to understand how it happened, what red flags you may have missed and where you can bolster your defenses. Don’t let it make you cynical, only skeptical.
Empowering Others: Spread the Knowledge
Once you’ve verified a scam, it’s fine to share the knowledge. Just make sure you know it’s a scam. When people are inundated with what sounds like cybersecurity advice that really isn’t, they get desensitized to the real information. Much of the “advice” you see on Facebook doesn’t do anything to make you safer, but it’s almost always really easy to follow, easier than the real advice. Being easier doesn’t in and of itself mean that it’s wrong, just that people want to follow advice that is easy to understand.
You don’t need to be a cybersecurity expert to help other people stay safe online. You can help others be aware of scams and what to do if they get bitten. Unfortunately, most of the blogs and articles on cybersecurity are written for people like me, who love this stuff. That’s why I write this blog – to distill some of that concentrated goodness into language that most people speak.
As a closing note, I’ll share a scam that had me chasing my tail for a couple of hours. I got a phone call from someone purporting to be with the Sheriff’s department in the next county. He said that there was a summons out for me for missing jury duty in that county. I probably wouldn’t have paid it much attention, except that I had been notified of jury duty earlier in the year, but I got a letter in the mail saying my jury duty had been cancelled and that I wouldn’t have to report to anyone. It was really difficult to understand him and he was talking very fast, and at some point, after I asked him to slow down and asked his name, he hung up. I called the Sheriff’s department in that county, who referred me to the court system in that county, who told me that they have a list of all outstanding warrants, and my name wasn’t on the list. As I looked at the caller ID record, it had a city name that is in my county, not the next one over. I never did find out what he was hoping I would do that would provide him a reason for calling, he never asked for money. I guess if he hadn’t gotten frustrated and hung up, I might have found out.
Have you had any scam calls? Have you been a scam victim? What did you learn from it? Drop a comment and share it with us.