Identifying IT Fraud & Scams

 According to the Federal Bureau of Investigation (FBI), the top fifteen common scams and crimes are:

1. Adoption Fraud
2. Business and Investment Fraud
3. Business Email Compromise
4. Charity and Disaster Fraud
5. Consumer Fraud Schemes
6. Elder Fraud
7. Election Crimes and Security
8. Health Care Fraud
9. Holiday Scams
10. Money Mules
11. Ransomware
12. Romance Scams
13. Sextortion
14. Skimming
15. Spoofing and Phishing

Of these 15 scams and crimes, at least five of them directly relate to the criminals using IT to deceive their victims.  For example, business email compromise, also known as BEC, is when a scammer targets a business and attempts to get money from them typically by wire or through fake invoices.

Another scam related directly to IT is ransomware.  This is one of the most costly scams, and here's how it works.  Criminals attempt to get potential victims to install ransomware on their PC using common social engineering techniques like emails that appear to come from legitimate sources, or leaving an infected USB thumb drive in an open area, hoping someone will plug it into their PC.  Once the ransomware is installed, it begins to encrypt the hard drive, and then depending on the ransomware variant it may or may not send the files back to the criminal.  The victims are met with a screen of instructions on how to decrypt the hard drive, but only after they've provided payment to the criminal, typically in the form of Bitcoin or some other untraceable digital currency.  Even if the victim pays the ransom, there's no guarantee that the information will not be leaked to public.

Although consumer fraud schemes are very broad, one common technique used by scammers is to call people and pretend to be from Amazon and Microsoft.  When calling as Microsoft, the caller is told that they purchased Windows support, and because support for their product is going to be ending, they are due a refund of the remaining balance.  Once the caller provides their bank information, the fraudster can debit their account.  This promise of unexpected money lures the victim into a false sense of legitimacy.  They want to believe it's real and that they're due a refund.  But once someone has their bank information, the only choice is to immediately close that account.  But don't worry, all hope is not loss.  There are ways to protect yourself.

Verify, Verify, Verify
Even if you know the person that sent you the email, if it was unexpected, reach out to them (not by email) and find out if the message is legitimate.

Don't Click Links
Even if you receive an email from a trusted source, don't click any links inside of it.  Instead go directly to the website to ensure that you're taken to the right place.

Never Give Out Your Credentials
This one should be a no-brainer, but I'm going to say it anyways.  Never give out your credentials to anyone, even if they claim to be from the company or service you are attempting to login to.  Your bank will never ask you for your credentials.