Online scammers continue to dupe a majority of American adults as they infiltrate virtual calendars and security systems meant to defend you against the poaching of personal information.
A recent survey of more than 9,000 U.S. adults by the Pew Research Center found that approximately 73% experienced at least one or more online scams or attacks.
The most common virtual cons were credit card fraud, online shopping scams, and ransomware attacks — a type of malicious software that prevents you from accessing your computer files or system until a ransom is paid.
About 24% of those surveyed said they had received a scam email, text message or call that tricked them into giving away personal information.
An estimated 32% of respondents said they were victims of a scam within the past year.
It’s often said that older adults are more vulnerable to online fraudsters. However, in 2021 the Federal Trade Commission reported that Gen X-ers, millennials and Gen Z adults, collectively between the ages of 18 to 59, were 34% more likely than adults who are 60 and older to report losing money to fraud.
These generational groups are getting tricked by online schemes that originate from a social media ad, an investment scam or fake job opportunities.
The latest phishing, or attempt to acquire sensitive data, attacks are happening through your online calendar, (Google or Outlook calendar), multi-factor authentication app and HTML attachments.
Evading online scams is proving to be a challenge, but cybersecurity experts say there are steps you can take to protect yourself.
Unsolicited Calendar invites
Scammers are constantly finding new ways to lure you into unknowingly giving up your personal information and the calendar connected to your email account is one of them, said Iskander Sanchez-Rola, director of artificial intelligence and innovation for Norton.
Unlike traditional phishing scams such as an unwanted text or call that requires your engagement, this invitation automatically appears on your calendar without you approving or denying it.
Anyone can easily be fooled by this because it can confuse you into thinking you accepted the invitation at some point, Sanchez-Rola said.
The scam happens when you click on the invite to get more information.
A link in the invitation can lead you to a phishing webpage that is masquerading as a Zoom link, or it can prompt you to download malware that is disguised as a software update.
This con often targets work-related email accounts and corresponding calendar apps.
The warning signs of this scam include:
- The calendar invite is unsolicited.
- Misspellings in the link or sender address associated with the calendar appointment
- The invite is associated with work, but you’re the only person to receive it.
What you can do: Change the settings in your online calendar to prohibit automatic updates. Microsoft Outlook users can follow these online instructions to change their calendar settings; Google users can limit which invitations appear on their schedule by following these online instructions.
If you have any suspicions, don’t reply directly to the invite, said Derek Manky, Chief Security Strategist and Global Vice President of Threat Intelligence at Fortinet.
“Instead, send an email to your trusted contact from that organization asking if they have confirmed the meeting and request further details,” Manky said.
Multi-factor authentication scam
A multi-factor authentication app, also known as a “Two Step Verification,” is an application on your phone that provides you with a code or a “yes or no” prompt to verify that you’re accessing an account that’s linked to the authenticator.
“Multi factor authentication (MFA) attacks have been happening for well over a decade, they just frequently take on new forms, or target new platforms such as the authenticator app,” Manky said.
A scam occurs when you’re receiving multiple notifications from the authentication app even though you didn’t request verification.
“This scam is all about wearing you down to the point of clicking an unknown notification and accidentally providing your personal information,” Sanchez-Rola said.
The warning signs of this scam include:
- The authentication app is requesting verification or providing you with a verification code you did not request.
- The authentication app is sending you several notifications in a row even though you did not prompt the app.
What can you do: If you’re getting a string of authentication app notifications, pause before you click.
“Because approving a login you didn’t request is like handing your keys to a stranger, you just don’t do it,” Sanchez-Rola said.
A safer way to use an authentication app — such as 2FAS, Aegis Authenticator, Microsoft Authenticator, Stratum, or Google Authenticator — is to use one that provides you with a verification code. Don’t use an app that sends a notification because that’s how a scammer can pressure you into providing your login information.
Another step in protecting yourself is changing your passwords frequently, as it reduces the shelf-life for the ones that are stolen and sold, Manky said.
Emails with unknown HTML attachments
An email with an unknown HTML attachment can redirect you to a phishing webpage or prompt you to download malware.
It’s the oldest technique in the book but it’s still commonly used today, Manky said.
“HTM/HTML files contain code that can be used in a variety of ways, including executing malicious scripts, for example Javascript, that could drop an information stealer on the system,” he said. “Likewise, they could be used to launch a phishing page to harvest credentials.
Fraudsters will try to use trusted names or services that are of daily use to you.
“If an email is unsolicited, the end user should always question the identity of the emails being sent,” Manky said.
The warning signs of this scam include:
- The sender of the email is an unknown contact.
- The attachment within the email is unsolicited and looks suspicious.
What can you do: Always exercise caution before opening any attachments in an email, Manky said.
Look for typosquatting in the URL of the attachment. Typosquatting is when domain names on the URL have a small variation from the legitimate one, Manky said.
The post At least 73% of U.S. adults have fallen for online scams. How you can avoid the latest con appeared first on Los Angeles Times.
