Don’t Lose Money To Internet Scams You Might Know Better, But Do Your Parents?
During Covid-19 there has been a surge in shoppers getting their first taste of e-commerce, together with seniors who may have bought their first computers to stay in touch with family and friends at a safe distance. Both groups are vulnerable to internet scams.
“Covid-19 has presented cybercriminals and fraudsters with an effective lure to encourage victims to visit fake web sites, open e-mail attachments, and click on text message links,” said Evan Koronewski, a spokesman for the Communications Security Establishment (CSE), which provides the federal government with information technology security.
If you’re a veteran internet user you may easily recognize fake emails and web sites and know how to avoid being scammed. If you know someone who might not yet be so sophisticated, however, they should be warned.
Even before Covid struck and governments advised people to stay home, a 2019 report by the U.S. Better Business Bureau pointed out that isolated, lonely people are more likely to be taken in by scammers. The BBB said researchers found the likelihood of losing money to a scammer is higher for individuals who are single, divorced, or widowed, “as many felt they did not have anyone with whom to discuss their experiences and hesitations.”
Here are a few of the most common scams:
Advance-fee Scams
These are emails from people who offer to send you large amounts of cash or lottery winnings providing you make a small up-front payment, sometimes to “release the money” or to “pay withholding taxes.” Making the up-front payment generates requests for more cash, then the fraudster disappears. The scheme was around long before the internet. The earliest advance-fee con on record is the Spanish Prisoner Scam of the late 1700s, when fraudsters wrote letters, either from, or on behalf of, a “wealthy prisoner” in Spain offering a handsome reward to anyone who would mail him enough cash to bribe the guards so he could escape. Twentieth century versions of the scam involved letters sent from a Nigerian prince seeking help in transferring money out of the country, resulting in the scam being called the Nigerian Money Transfer, Nigerian Prince Scam or 419 Scam (referring to the section of the Nigerian Criminal Code dealing with fraud).
Thanks to the internet, today’s spammers can send out thousands of emails, knowing the scheme will be profitable if even one victim takes the bait. Statistics on its prevalence are difficult to come by since many victims don’t want to admit they were taken in.
If you see any email that offers payoffs in exchange for an upfront fee, delete the message and don’t reply, even to “unsubscribe” as unsubscribing indicates the message has been read by a potential victim, the Competition Bureau of Canada’s Little Black Book of Scams advises.
“Any email you receive that comes from a sender you do not know, is not specifically addressed to you, and promises you some benefit is likely to be spam.”
Scams Directly Related To Covid-19
Within two months of Covid-19 being declared a pandemic, more than 120,000 new web sites had been set up, most of which were frauds, says a bulletin from the Canadian Centre for Cyber Security (CCCS), part of the Canadian Security Establishment.
“Covid-19 lures are increasingly used by fraudsters to advertise counterfeit medical supplies, elicit fraudulent donations, and support other fraudulent schemes,” says the CCCS Cyber Threat Bulletin: Impact of Covid-19 on Cyber Threat Activity.
State-sponsored groups, cybercriminals and fraudsters have set up fake websites with Covid-19 content including statistics on local infection rates, news about cures or treatments or where to get personal protective equipment, all aimed at getting victims to click on links and attachments that expose their computers to information-stealing malware, the bulletin says.
These scammers craft convincing copies of government websites and health organizations associated with the pandemic, the CCCS said, citing four examples of lures found in March and April alone.
The fraudsters communicate through cell phones and smartphones as well, sending fake texts or SMS messages. Among these was a text aimed at people waiting for their Canadian Emergency Response Benefit (CERB). Victims were invited to click on a link to get their benefits that required them to divulge their banking information. In another instance, emails claiming to be an important update from the Public Health Agency of Canada’s (PHAC) Medical Officer of Health were actually used to download malicious software or malware on victims’ computers.
Investment Scams
Like advance-fee scams, victims of investment scams suffer from a deadly combination of greed and gullibility, making them vulnerable to web sites and emails offering fantastic returns. The Ontario Securities Commission (OSC) offers these descriptions of some common investment scams.
Boiler Room Scam: In this scam, a team of people will set up a fake company with a professional looking web site and a respectable but often temporary address. By the time you realize you’ve lost your money, the scammers will have closed up shop and moved on to another scam, the OSC’s site says.
Forex/Offshore Investing Scam: Foreign exchange trading services are often touted as get rich quick schemes. Most operate online from another country, usually to dodge tax or other regulatory restrictions, the OSC says. Your money may not be invested as claimed, and you may be asked to wire money into an offshore account before you begin trading, where the money will be inaccessible. Offshore investing scams could trigger huge tax penalties, and since your money will be in another country, you may not be able to sue to get it back, the OSC warns.
How To Protect Yourself (Or Others) From Cyber Scams
1. Don’t send gift cards or any form of money to friends who’ve requested “a favour” by email. Their accounts may have been hacked.
2. Learn how to recognize fake emails. Scammers engaged in phishing (the act of trying to get people’s personal information) often send out emails from fake sites that look like real government agencies or corporations. Giveaways may include the email’s URL, which often refers to a public domain such as @gmail, while messages sent to “dear user” or “dear friend” instead of your full name should be another red flag. The message in many fake emails contains spelling and grammar mistakes that would not have been made by staff at a real government department or corporation. Finally, many scam emails try to convey a sense of urgency, warning that your account may be suspended unless the “company” gets more information immediately.
3. Emails purporting to be from the Canadian government or the Canada Revenue Agency that ask for your information are almost always fake. Some fake emails may claim you are entitled to a tax refund or benefit payment or try to scare you into paying off a fictitious debt to the CRA. The CRA never requests personal information of any kind from a taxpayer by e-mail, the real CRA site says. “Delete phishing emails and do not click on any links; they can carry harmful viruses that can infect your computer.”
4. Messages from online retailers can also be imitated by criminals. With access to stores restricted during the pandemic, Canadians have made more use of online shopping sites such as Amazon.ca and eBay, getting packages delivered via Canada Post. Don’t fall for fake messages such as “We’re having problems processing your credit card payment...” or “Your account has been temporarily restricted. We have found suspicious activity on credit cards linked to your account. You must confirm your identity that you own the credit card. To maintain account security, please provide documents that confirm your identity...”
5. Fake Canada Post emails will often say the post office was unable to deliver a package, then ask you for personal information to claim it. The real Canada Post says it does not send unsolicited emails requesting personal information such as credit card numbers, account or invoice numbers, address and/or passwords. As with other suspicious messages, never click on any links.
In many cases, you can forward deceptive emails to the real company, such as reportphishing@Apple.com, Spoof@PayPal.com, or stop-spoofing@Amazon.com.
Privacy and Security Settings
Check your email and any social media accounts such as Facebook and make sure all available privacy and security settings are activated.
Passwords
Don’t use the same password for multiple sites. Use pass phrases or names and places that only you know. Some legitimate sites such as banks offer two-factor authentication where the intended recipient must key in a number that has been texted to their phone, a useful security measure.
Update Applications
Legitimate software updates or “patches” will often contain security improvements that should be used.
Anti-virus Software
Download anti-virus software from reputable companies. PCMagazine’s top picks for best antivirus protection for 2020 includes programs rated at least four stars out of a possible five: NortonLifeLock, McAfee, Kaspersky, Bitdefender, Webroot, Trendmicro, ESET, Malwarebytes and Sophos.
Conclusion
Covid-19 has shown how critical the internet is to commerce and communication. Imagine if business could not be conducted by employees working from home, if shoppers had to wait for stores to reopen and if the elderly had to sit alone with no contact with the outside world.
Thanks to the internet, the self-isolation necessitated by Covid-19 has been reduced to an inconvenience. For those who fall for Internet scams, however, that inconvenience could be a disaster.
Richard Morrison, CIM, is a former editor and investment columnist at the Financial Post. richarddmorrison@yahoo.ca.