If you made it through the weekend without having your computer hacked, consider yourself lucky. Internet users in 150 countries fell victim to a massive ransomware attack Friday. The malicious software — entitled WannaCry — took over users’ files, locking them out of their own computers unless they paid around $300 in bitcoin to restore access, according to BBC.
The attack targeted PC users specifically, and Microsoft pointed the finger at the National Security Agency for exposing the computer giant’s vulnerabilities. In a company blog post, Microsoft President Brad Smith said that the malware behind the WannaCry attack was stolen from the NSA, exposing Microsoft customers globally. NPR reported that the ransomware has affected hundreds of thousands of computers thus far, including hospital systems in the U.K., a telecom company in Spain, FedEx in the U.S., and universities in Asia, among others.
By Monday morning, BBC estimated that $38,000 had been paid to thwart the ransomware, with payments likely to continue. To make matters worse, copycat viruses began to crop up over the weekend, with thieves unrelated to the initial attack riding the wave of hysteria to make a quick buck.
If you were unharmed by the Friday attack, now is the time to double down on security. Arm yourself with knowledge about ransomware and other common money scams so you don’t lose money to thieves.
The Faux Virus
“Ransomware” has become a big buzzword in the cybersecurity world, and for good reason. In 2015, 1,000 ransomware attacks happened every day. By 2016, that figure increased by 300 percent to a staggering 4,000 attacks per day.
Here’s what happens. You’re browsing on your computer or phone, and suddenly a very official looking window pops up. In some guise, it might be a faux “FBI” message telling you that you’re under investigation, or that your files have been encrypted.
If you follow the window’s instructions to proceed, you could get locked out of your operating system, or be unable to access any of your hard drive’s data. In order to access your computer, phone or data again, you’ll be forced by the cyber criminals to pay hundreds or thousands of dollars for a decryption key — a price that often goes up the longer you wait to pay. Hence the “ransom” part.
Use an ad blocker and reputable malware protection software to safeguard your device from ransomware, and keep a healthy combo of both physical and cloud-based data backup to be prepared for worst-case scenarios. If a dreaded ransom window appears, shut down your device and put the scammer’s URL on your virus software’s blacklist immediately.
Fake IRS Threats
Despite a massive police raid targeting tax scammers in Mumbai last year, the Better Business Bureau reported that tax scams were still the most common type of money scam in 2016, with 7,530 cases reported.
According to the IRS, “thousands of people have lost millions of dollars and their personal information to tax scams and fake IRS communication.” Prevent yourself from falling victim by keeping an eye out for the signs of a scammer. On the phone, scammers call taxpayers claiming to be IRS employees — going so far as to drum up fake IRS ID numbers. They tell the victim that they owe money, which must be paid promptly via a pre-loaded debit card or wire transfer.
Alternatively, they might promise a big tax return in exchange for private information, which they could then use to commit identity theft. Also, they might send an unsolicited email from the “IRS,” which could infect a taxpayer’s computer with malware to gain sensitive info via tracking keystrokes or accessing digital files. In 2016, the IRS saw this type of fraud spike about 400 percent in frequency.
Knowing a few things about IRS policies will help you avoid this type of identity theft. The real IRS will never demand immediate payment via a specific method — they’ll mail the bill first. Likewise, the IRS will never ask for your credit or debit card number over the phone, they’ll always let you question or appeal the amount you owe and they’ll never immediately threaten you with legal action for not paying.
Tricking you into handing over personal info as a means of accessing your finances isn’t a practice exclusive to tax scammers — it’s a widespread form of financial fraud known as phishing. Think of it as criminals “fishing” for your personal info by posing as a legit figure, like a banking firm or law enforcement agency.
You can get phished in numerous ways. You might just click on a link in an email from a fake credit card company, handing over your personal data via a phony login form. Or sometimes, that link immediately infects your computer with malicious software that tracks your online activity, revealing info such as passwords or bank account numbers.
When this is done by phone, it’s called vishing; by text, it’s smishing. Those names might sound funny, but the results are not. Be wary if a court claims you’ve missed jury duty via text and demands a fee, or if a charity you’ve never heard of texts you asking for money out of the blue.
Keep clear of these schemes by sticking to secure WiFi networks or using a Virtual Private Network (VPN) whenever possible.
The Advance Fee
When someone calls, emails or even comes knocking asking you for money before they provide any services or products, it’s time to raise an eyebrow.
Red flag number one: You’ve never heard of the organization, individual or company that’s asking you for money. Typically, the con artist will ask for a comparatively small fee for a promised good or service. The thing is, the fee has to be paid immediately while the “reward” comes later.
This broad money scam manifests in tons of ways. Door-to-door or phone scams might offer home maintenance services — especially those that seem urgent, like safety-related repairs — and demand an upfront “administration fee” or deposit. Similarly, a text message might request payment for an “application fee” for a loan. Meanwhile, online scams include asking you to pay upfront fees for internet training courses or to claim a huge prize.
Watch out for businesses that operate out of P.O. boxes — the lack of a street address makes scammers harder to track. And be wary of those that require you to sign non-circumvention or nondisclosure agreements that threaten you with legal action if you report losses to law enforcement.
Take some sound advice on advance fee schemes straight from the FBI: If it sounds too good to be true, it probably is.
Online Dating Fraud
Speaking of “too good to be true,” let’s imagine you’re using Tinder and stumble across someone whose profile photos look like professional magazine spreads. Miraculously, you match immediately and that person messages at a superhuman speed, wanting to meet up that instant.
Bad news: This is not likely the start of a whirlwind romance, unless you consider being robbed romantic. The most obvious giveaway here is when a potential date asks for a money transfer. This can happen on a dating app, or even from a faux profile that contacts you out of the blue on social media.
Never send money to an individual you haven’t met in person. On apps, you might match with “bots” who send grammatically dubious messages that seem oddly out of context. These bots often try to get you to sign up for an external paid service in order to contact them, or phish you for private info. If someone wants you to click an external link a couple lines into a conversation, there’s a good chance you’re chatting with a scammer.
Look for suspicious signs and flag scammers using in-app options. If the scam escalates, turn to the FBI’s Internet Crime Complaint Center at www.ic3.gov.
More Money Threats: 20 Tourist Scams to Watch Out for When Abroad