May 31, 2022

Identifying IT Fraud & Scams

 According to the Federal Bureau of Investigation (FBI), the top fifteen common scams and crimes are:

  1. Adoption Fraud
  2. Business and Investment Fraud
  3. Business Email Compromise
  4. Charity and Disaster Fraud
  5. Consumer Fraud Schemes
  6. Elder Fraud
  7. Election Crimes and Security
  8. Health Care Fraud
  9. Holiday Scams
  10. Money Mules
  11. Ransomware
  12. Romance Scams
  13. Sextortion
  14. Skimming
  15. Spoofing and Phishing

Of these 15 scams and crimes, at least five of them directly relate to the criminals using IT to deceive their victims.  For example, business email compromise, also known as BEC, is when a scammer targets a business and attempts to get money from them typically by wire or through fake invoices.

Another scam related directly to IT is ransomware.  This is one of the most costly scams, and here's how it works.  Criminals attempt to get potential victims to install ransomware on their PC using common social engineering techniques like emails that appear to come from legitimate sources, or leaving an infected USB thumb drive in an open area, hoping someone will plug it into their PC.  Once the ransomware is installed, it begins to encrypt the hard drive, and then depending on the ransomware variant it may or may not send the files back to the criminal.  The victims are met with a screen of instructions on how to decrypt the hard drive, but only after they've provided payment to the criminal, typically in the form of Bitcoin or some other untraceable digital currency.  Even if the victim pays the ransom, there's no guarantee that the information will not be leaked to public.

Although consumer fraud schemes are very broad, one common technique used by scammers is to call people and pretend to be from Amazon and Microsoft.  When calling as Microsoft, the caller is told that they purchased Windows support, and because support for their product is going to be ending, they are due a refund of the remaining balance.  Once the caller provides their bank information, the fraudster can debit their account.  This promise of unexpected money lures the victim into a false sense of legitimacy.  They want to believe it's real and that they're due a refund.  But once someone has their bank information, the only choice is to immediately close that account.  But don't worry, all hope is not loss.  There are ways to protect yourself.

Verify, Verify, Verify
Even if you know the person that sent you the email, if it was unexpected, reach out to them (not by email) and find out if the message is legitimate.

Don't Click Links
Even if you receive an email from a trusted source, don't click any links inside of it.  Instead go directly to the website to ensure that you're taken to the right place.

Never Give Out Your Credentials
This one should be a no-brainer, but I'm going to say it anyways.  Never give out your credentials to anyone, even if they claim to be from the company or service you are attempting to login to.  Your bank will never ask you for your credentials.

No comments:

Diversifying Beyond IT Knowledge

The best thing about being in IT is that you can work basically anywhere.  There will always be a need for IT professionals.  And of course understanding the fundamentals of IT is important in an IT career; however, the value of gaining knowledge in other areas of general business practices makes you more rounded and can be the difference between an IT professional and a specialist.

One common trait in CEOs are they typically have a financial background.  Some of the largest companies in the United States such as Berkshire Hathaway, UnitedHealth Group, McKesson, CVS Health, and AT&T, all have college degrees relating to finance.  And although the focus of this post is related to IT professionals, understanding what makes a successful career and CEO will help any profession.


"I work on computers, why do I need to know anything other than computers?".  Well, the answer is simple, growth.  If you want to grow within your career, it's important to be able to discuss intelligently with your superiors and peers on all aspects of the business you're in.  For example, if you work at a bank in the IT department, it's vital to understand banking rules and regulations in order to be successful and provide the most useful contributions to your company.  The banking industry uses technology such as ACH (automated clearing house) to process electronic transactions.  Understanding how ACH works, even though it's not what one may consider IT, is vital to ensure that you're providing the highest level of support available.  You don't need to know every single aspect of your employer, but enough to provide meaningful contributions.

I recommend people in the IT industry take as many soft skill courses/seminars as possible.  Soft skills are interpersonal or people skills such as time management, public speaking, leadership, teamwork, flexibility, and communication.  They're different from hard skills, which are acquired through formal education or training, basically the knowledge on how to perform your job.  These soft skills will allow you to speak with confidence to your superiors.  Being able to communicate effectively could make the difference in being able to obtain a $10k piece of IT equipment, and having to settle for what you already have.

An IT professional will sometimes need to get large purchases approved by the company's CEO or board of directors.  Having the skills to present information in a method that will be understood by your audience is key to a successful request.  Because let's face it, explaining to another IT professional that understands what you're talking about is easy, but tailoring your discussion to non-IT people takes practice.

But don't get caught up too much in the non-IT related side of the business, so much so that you lose touch with the technology aspect, because this is an easy thing to get trapped in.  Pigeonholing yourself into one particular non-IT industry can be dangerous and make you less valuable in the job market place.  In summary, here are some things to diversify and continue to grow your worth:

  • Obtain Soft Skills
  • Learn About Your Business
  • Use Your Newly Found Business Knowledge to Find Technological Efficiencies
These tips will allow you to easily switch employers if needed, and will show your perspective employer that you are willing and able to learn things beyond IT.

No comments:
Subscribe to: Posts (Atom)