No Phishing Allowed! How to Protect Yourself and Your Loved Ones from the Rise in Online Scams

Aren’t you just fed up with people who use the technology that you and I pay for to lure us into their maliciously devised schemes that cause us to part with our hard-earned money?

Well, I know your answer is yes. And so is mine. Lately, my email—despite some pretty hefty firewalls—has been peppered with these “phishing” attempts. I just received another notice of a bogus charge to my PayPal account (which has been canceled) for $380.88 to purchase Bitcoin. If it’s not PayPal, it’s Norton. Honestly!

Phishing is just another word for scammers who send unsolicited messages via email and text, attempting to steal our passwords, account numbers, or Social Security numbers, to find a way into our email accounts and/or dip into our bank and investment accounts (or sell the information) for their own enrichment.

The statistics are alarming. Each day, more than 3.4 billion spam emails are sent, and while not all spam emails are attempted phishing attacks, enough of them are to make phishing the most common cybercrime. Of those 3.4 billion spam emails, Google blocks just 100 million of them. That’s minuscule! Here are more sobering statistics, courtesy of cybersecurity firm Cofense:

• Over 48% of emails sent in 2022 were spam
• 93% of modern breaches involve a phishing attack
• Over a fifth of phishing emails originate from Russia
• Millennials and Gen-Z internet users are most likely to fall victim to phishing attacks
• The average cost of a data breach against an organization is more than $4 million
• One whaling attack costs a business $47 million

The use of stolen credentials is the most common cause of data breaches.

Last year, phishing attacks hit an all-time high, according to APWG’s Phishing Activity Trends Report for Q3 2022. It was the worst quarter ever, with 1,270,000 phishing attacks reported. What’s even scarier is that these attacks are three times higher than in 2020—just two years ago.

It may not seem like much, but the average phishing attack results in $136 lost, adding up to some $44.2 million stolen by cyber criminals through phishing attacks in 2021.

Sad to say, the hackers just keep getting smarter. According to Cofense’s Q3 2022 Intelligence Trends Review, at the beginning of 2019, 74% of phishing attacks involved credential phishing (stealing usernames and passwords). Today, the strategy has evolved, and now loaders (which infect your devices with malware) are the most common tools.

These usually arrive in the form of emails that don’t look dangerous. You might find the email or text tells a story to trick you into clicking on a link or opening an attachment. You could receive an unexpected email or text message that looks like it’s from a company you know or trust, like a bank or a credit card or utility company. They often come from hijacked business email accounts, using a business email compromise or BEC, strategy. They are frequently accompanied by fake login pages (phishing sites) on Microsoft Azure custom domains. They might end in “windows.net,” while the legitimate site is “windows.com.”

Or maybe it’s from an online payment website (such as in the ones I received, supposedly from PayPal) or an app. The message might say or include:

• We’ve noticed some suspicious activity or log-in attempts
• There’s a problem with your account or your payment information
• You need to confirm some personal or financial information
• An invoice (fake) you don’t recognize
• Click on a link to make a payment (one which usually contains malware)
• You’re eligible to register for a government refund
• Here’s an offer a coupon for free stuff

In the past few weeks, I’ve received the above-mentioned PayPal phish, two from Norton, saying “my order was placed successfully”; two re: the Geek Squad— Invoice Billing Successful# GEEKSQ5897398K; and Order Pending via modernacompartilha.***.br, re: who knows what?

My firewall and Google caught one of them.

Attackers are now using the Zombie Phish. According to the Cofense report, in this scheme, attackers assume control of your email account and respond to an old email conversation with a phishing link. Since you’re familiar with both the sender and subject, the email looks legitimate.

Another strategy is the use of shortened URLs provided by link-shortening services such as Bitly. URL content filters don’t usually block them as they don’t reveal the true destination of the link. Plus, users who are vigilant about suspect domain names might be less likely to identify a shortened link as malicious.

However, Cofense’s 2022 report confirmed that .com domains are still the leaders in phishing attacks, accounting for 53% of credential phishing attacks.

Here are the most common types of phishing,

1. Email phishing

These are the majority of phishing attacks, often using a fake domain that mimics a genuine business. Note that the fake domain often involves character substitution, like using “r” and “n” next to each other to create “rn” instead of “m.”

Or they may create a unique domain that includes the legitimate organization’s name in the URL. The example below is sent from “olivia@amazonsupport.com,” such as the one below.

When you see “Amazon” in the sender’s address, it’s normal to assume that it is a legitimate email. But … don’t be so hasty!

2. Spear phishing

These include malicious emails sent to a specific person. These fraudsters will already have some or all of the following information about the victim, including:

• Your name
• Place of employment
• Job title
• Email address
• Specific information about your job role

Here’s a scary example:

3. Whaling

Whaling attacks are targeted toward senior executives, subtle, and usually ask an employee for a favor, such as this one:

4. Smishing and vishing

Instead of a computer, these are accomplished via telephone, by voice or text.

The ones supposedly from your financial institution warning of suspicious activity are the most common, as you can see here:

If you read this message, you are naturally alarmed, thinking you are a victim of fraud. And to seem genuine, the message provides a “helpful” link, which actually goes to a fake website where your banking information is captured.

5. Angler phishing

Angler phishing is related to social media and includes fake URLs; cloned websites, posts, and tweets; and instant messaging (which is essentially the same as smishing) to con people. Social media also makes it easy for these criminals to specifically target folks who like to “over-share,” or complain about companies, such as in the following situation:

Be Aware that So-Called “Safe” Sites May Also Be Compromised

Many of us use a Secure Email Gateway (SEG)—a firewall between the internet and a corporate server—erroneously believing that it provides protection from phishing attacks. In reality, Cofense reports that last year, 90% of the phishing attacks reported to the company included an environment that uses an SEG.

It turns out that .pdf or .html extensions are the most common filename extensions on attachments that reach users in SEG-protected environments—accounting for around 35% and 30% of threats respectively.

Additionally, it’s been commonplace for many years that we were told to look for an SSL certificate, in which a website uses “HTTPS” in the URL (versus “HTTP”). That is supposed to mean it is protected by the HTTPS encryption protocol.

No more. APWG reports that 84% of phishing sites examined in Q4 of 2020 used SSL, an increase of some 3% per quarter.

Phishing Attacks Hosted On HTTPS

As you can see from the graph below, HTTPS doesn’t look like it protects us anymore.

We all know this is happening regularly to our families and friends, too. But did you know there have been some major phishing schemes that have cost big corporations tons of money?

According to Checkpoint.com, the following are the Top 5:

Facebook and Google. Between 2013 and 2015, Facebook and Google were tricked out of $100 million due to an extended phishing campaign. The phisher took advantage of the fact that both companies used Quanta, a Taiwan-based company, as a vendor. The attacker sent a series of fake invoices to the company that impersonated Quanta, which both Facebook and Google paid.

Eventually, the scam was discovered, and Facebook and Google sued the phisher. The attacker was arrested and extradited from Lithuania, and, as a result of the legal proceedings, Facebook and Google were able to recover $49.7 million of the $100 million stolen from them.

Crelan Bank. Crelan Bank, in Belgium, was the victim of a business email compromise (BEC) scam that cost the company approximately $75.8 million. This type of attack involves the phisher compromising the account of a high-level executive within a company and instructing their employees to transfer money to an account controlled by the attacker. The Crelan Bank phishing attack was discovered during an internal audit, and fortunately, the bank was able to absorb the loss without compromising its customers’ account safety.

FACC. FACC, an Austrian manufacturer of aerospace parts, lost a significant amount of money to a BEC scam. In 2016, the organization announced the attack and revealed that a phisher posing as the company’s CEO instructed an employee in the accounting department to send $61 million to an attacker-controlled bank account.

This case was unusual in that the organization chose to fire and take legal action against its CEO and CFO. The company sought $11 million in damages from the two executives due to their failure to properly implement security controls and internal supervision that could have prevented the attack. This lawsuit demonstrated the personal risk to an organization’s executives of not performing “due diligence” with regard to cybersecurity.

Upsher-Smith Laboratories. In 2014, a BEC attack against a Minnesotan drug company resulted in the loss of over $39 million to the attackers. The phisher impersonated the CEO of Upsher-Smith Laboratories and sent emails to the organization’s accounts payable coordinator with instructions to send certain wire transfers and to follow the instructions of a “lawyer” working with the attackers.

The attack was discovered midway through, enabling the company to recall one of the nine wire transfers sent. This decreased the cost to the company from $50 million to $39 million. The company decided to sue its bank for making the transfers despite numerous missed “red flags.”

Ubiquiti Networks. In 2015, Ubiquiti Networks, a computer networking company based in the U.S., was the victim of a BEC attack that cost the company $46.7 million (of which they expected to recover at least $15 million). The attacker impersonated the company’s CEO and lawyer and instructed the company’s Chief Accounting Officer to make a series of transfers to close a secret acquisition. Over the course of 17 days, the company made 14 wire transfers to accounts in Russia, Hungary, China, and Poland.

The incident only came to Ubiquiti’s attention when it was notified by the FBI that the company’s Hong Kong bank account may have been the victim of fraud. This enabled the company to stop any future transfers and attempt to recover as much of the $46.7 million stolen as possible (which represented roughly 10% of the company’s cash position).

According to Symantec, smaller companies are hit more often than their larger peers. The company cites the following statistics: for an organization with 1–250 employees, roughly one in 323 emails will be malicious. For an organization of 1,001–1,500 employees, the rate is far lower with one in 823 emails being malicious.

Last year, trusted platforms like SharePoint, Amazon AWS, Google, Adobe, DigitalOceanSpaces, Weebly, Backblaze B2, and WeTransfer all reported rising phishing scams. AtlasVPN reported a surge in retail websites impersonating Amazon on Prime Day. Three months prior to July 12, 2022, 1,633 fake sites were detected, with 897 spoof Amazon sites active on Prime Day.

The following chart shows the most targeted industries by phishers. As you can see, Social Media, Financial Institutions, and Webmail lead the way.

How to Recognize and Avoid Phishing Scams

The statistics are frightening. But there are some protective methods you can take to determine if an email or text you receive is a phishing attempt. Here’s how to recognize a phishing scam, even if it looks legitimate, from someone or a company you know:

• The subject line is blank. According to AtlasVPN, 67% of phishing attempts have blank subject lines
• The email has a generic greeting
• The sender’s name doesn’t match their email address
• The email asks you for personally identifying information, such as a username and password
• The email says your account is on hold because of a billing problem
• The email invites you to click on a link to update your payment details
• Poor spelling and grammar are used in the body text.

Be aware that you may receive perfectly legitimate texts or emails from companies with whom you do business, but they will never send a link to update your payment, account, or Social Security information.

How to Protect Yourself from Phishing Scams

Here are some tips from the FTC (the Federal Trade Commission) on preventing phishing attacks:

1. Protect your computer by using security software. Set the software to update automatically so it will deal with any new security threats.
2. Protect your cell phone by setting software to update automatically. These updates could give you critical protection against security threats.
3. Protect your accounts by using multi-factor authentication. Some accounts offer extra security by requiring two or more credentials to log in to your account. This is called multi-factor authentication. The extra credentials you need to log in to your account fall into three categories:
   
   1. Something you know—like a passcode, a PIN, or the answer to a security question.
   2. Something you have—like a one-time verification passcode you get by text, email, or from an authenticator app; or a security key
   3. Something you are—like a scan of your fingerprint, your retina, or your face

   Multi-factor authentication makes it harder for scammers to log in to your accounts if they do get your username and password.
   

4. Protect your data by backing up your computer to an external hard drive or in the cloud. Back up the data on your phone, too.

What to Do if You Suspect a Phishing Attack

The FTC suggests that if you get an email or a text message that asks you to click on a link or open an attachment, answer this question:

“Do I have an account with the company or know the person who contacted me?”

If the answer is “No,” it could be a phishing scam. If the answer is “Yes,” contact the company using a phone number or website you know is real—not the information in the email. Attachments and links might install harmful malware.

Additionally, if your email does include a link, instead of clicking on it, copy and paste it into Google’s URL checker.

What to Do if You Responded to a Phishing Email

If you think you may have inadvertently given a scammer access to your information, such as your Social Security, credit card, or bank account number, go to IdentityTheft.gov. There you’ll see the specific steps to take based on the information that you lost.

Write down as many details of the attack as you can recall. Note any information you may have shared, such as usernames, account numbers, or passwords.

Immediately change the passwords on your affected accounts and anywhere else you might use the same password.

Contact your bank, investment firm, or credit card company as soon as possible.

If it’s your social media account or email that has been phished, know that the attacker may have sent messages to your contacts, so you might want to spread the word.

If you think you clicked on a link or opened an attachment that downloaded harmful software, it’s the right time to make sure your security software is updated. Then run a scan and delete identified problems.

How To Report Phishing

If you received a phishing email, forward it to the Anti-Phishing Working Group at reportphishing@apwg.org. For phishing text messages, forward them to SPAM (7726).

Also, report the phishing attempt to the FTC at ReportFraud.ftc.gov. You can also report them to the Anti-Phishing Working Group (APWG) at www.antiphishing.org.

Unfortunately, phishing is just getting worse.

According to cybersecurity firm Kaspersky, we can look forward to increasing attacks, including:

• International stealing of COVID-19 vaccine information.
• Educational establishments to be targeted more frequently, due to remote learning.
• A greater focus on targeted ransomware, targeting a big payout from large companies, instead of reaping small payouts from many firms.
• Diversification into hacking IoT devices like smartwatches, cars, and TVs.
• An increase in TrickBot activity, using delivery methods for TrickBot with companies likely to be increasingly targeted by campaigns using LNK (a Windows shortcut) and CHM (Microsoft Compiled HTML Help) downloaders, to insert malware according to Cofense.

TrickBot malware is a banking Trojan released in 2016, that has rapidly evolved to include the capacity to steal credentials, data, and personal information; elevate account privileges to expand access to compromised networks; and install back doors within the network to enable remote access.

It’s also gained the capacity to download and install other malware or ransomware to carry out additional attacks (most commonly involving Ryuk or Conti ransomware); disable antivirus tools or other cybersecurity; and modify itself to avoid detection.

What’s more, Cofense says new commodity downloaders are coming soon. These will be much cheaper than those currently on the market, so expect phishing to significantly increase.

Bottom line, you are the first defense against a phishing attack. Stay alert and watchful over your devices.

Phishing Isn’t the Only Scam That Keeps Me up at Night

I’ve written before about financial scams (see my May 2022 issue). And I hope I’ve scared you into action regarding phishing.

But there’s one more set of scams that’s very disturbing because they target our senior citizens, many of whom don’t have a concerned family member or friend to intervene. Before I moved to the Smoky Mountains, I lived in a resort-retirement community, where most of my neighbors were much older than I was. I heard of so many potential scams from them, as well as my banker friends, that I was constantly warning my older friends and relatives.

It’s a growing contagion. Elder fraud comes to about $3 billion annually, according to a report from the AARP Public Policy Institute. Each incident costs about $120,000 on average—a serious financial dent to folks who have been saving and investing their entire lives, and may now have to exist on a fixed income.

In 2021, there were 92,371 victims of elder fraud, who lost $1.685 billion, a 391.9% increase from 2017.

It’s fairly easy to prey on a group of folks who didn’t grow up with the internet. Fast- and smooth-talking can be impressive to people who aren’t well-versed in technology. Plus, older folks are often more trusting. My mother always believed whatever someone she perceived to have authority told her—even when there were plenty of signs of dishonesty or incompetence.

Scammers love to target those who seem to have deep pockets—401(k) plans, pensions, and big investment accounts, or even large homes.

And many older folks—who may not have the kindest of relatives or heirs—often don’t report a scam, as they don’t want to be seen as incompetent, or chance losing their independence.

Lastly, it saddens me to report that not all scammers are unknown, online con artists. Instead, most cases of elder abuse are committed by friends, family, or those in routine close proximity to the victims (like caretakers).

Let’s look at the 12 most common senior citizen scams, from Aura.com:

The grandparent scam. Imposters pretending to be the police call and say that their grandchild has been in an accident or is involved in a crime. They use the grandchild’s name and request that the grandparent wire money to save their grandchild.

This just happened to a friend of a friend; he lost more than $500 in such a scam.

Here are some warning signs:

• You receive an unsolicited call claiming that a grandchild or loved one is in danger.
• The caller asks for money as cash, gift cards, or wire transfers.
• The caller won’t let you get off the phone or threatens you if you try to verify the information.
• The caller uses deception, intimidation, and coercion to force you to act quickly.

Government imposter scams. Fraudsters contact older people claiming to be representatives from a well-known government agency such as Medicare, the Internal Revenue Service (IRS), or the Social Security Administration (SSA).

Many fraudsters will use caller ID spoofing or even confirm your Social Security number (SSN) to make it look like an official call. My mom had a good friend who commented to her one day about some stranger who called from Social Security and needed her bank account information. He was to meet her at her home later that evening. Fortunately, my mother was alarmed and insisted that her friend contact her daughter. She did, and the local Sheriff was happy to meet and detain the fraudster.

Here are some examples of these types of scams:

Medicare scams: So-called Medicare representatives call to “verify” your Medicare number. If you give it to them, they’ll use it to steal your health benefits or try to charge you a fee to receive a new card or special treatments so they can get your credit card number.

IRS scams: A fake IRS agent will call, saying there’s an issue with your return. They’ll ask you for identifying information that they can then use to file phony tax refunds and commit identity theft.

Social Security scams: The fraudster claims your SSN has been suspended due to an alleged crime. They can help reinstate it if you send them a payment using gift cards.

FBI or law enforcement scams: Imposters will claim that there is a warrant out for your arrest. If you don’t pay a fee or give up your financial information, you could go to jail.

Covid scams: Using the fears about the pandemic, criminals induce seniors into supplying them with personal data — such as bank accounts or health insurance information.

Know that these are government agencies who rarely phone; if it’s a genuine inquiry, they usually send a letter. If you are really concerned, hang up the phone, look up the agency’s official phone number, and call them back.

Warning signs:

• You get an unsolicited call from someone claiming to be from a government agency.
• The caller uses threatening language and wants you to pay them using gift cards or wire transfers.
• The caller asks for your sensitive information, like your SSN, Medicare number, or credit card.

Elder financial abuse. This is the most common kind of senior scam, perpetrated by someone the victim knows and trusts—like a family member, close friend, or caregiver. They attempt to gain access to the senior’s savings, credit, or assets, by being granted power of attorney, or threatening to withhold care if they are denied access.

Warning signs:

• Unfamiliar charges, new accounts and loans, or credit inquiries that you or your elderly loved one didn’t make.
• Calls from companies or credit providers about debt you didn’t take out.
• An elderly parent or grandparent has unexpected financial struggles.

You might consider enrolling your elderly friend or relative in an identity theft protection service to monitor their finances and alert you and them to fraud. The website, Top10.com ranks these identity theft protection companies as follows:

False investment scams. Imposters pretend to be legitimate financial advisors. They usually call unannounced with a “can’t miss” investment opportunity.

These are the most common types of investment scams:

Ponzi schemes, which use the money from new investors to pay existing ones (rather than generating any actual returns). Ponzi schemes target seniors by promising high returns with little to no risk. Remember Bernie Madoff? He used a Ponzi scheme to defraud 37,000 individuals over 40 years, from whom he stole $65 billion.

Illegitimate bonds and certificates of deposits (CDs)—low-risk investments—are often used to lure wary seniors in. Many don’t live up to the hyped returns, and plenty of them don’t even exist.

Charitable gift annuities, in which a donor gives a large sum of money as a gift in return for a fixed income stream. The charities often aren’t real at all.

Prime bank scams in which fraudsters claim to have access to “secret overseas markets.” It’s a scam.

Warning signs:

• Promise of high returns with little or no risk involved. Doesn’t exist. The higher the return; the higher the risk. There are no guarantees in investing.
• The “advisor” uses high-pressure sales tactics to get you to act quickly and without doing your due diligence.
• You’re unable to withdraw your principal investment.

Tech support scams. Con artists say they are from a company you know, such as Apple or Microsoft. They’ll claim that your computer or device is at risk of being infected by viruses and then trick you into granting them remote access or paying for software that you don’t need.

And often, the intent is to download malware on your device.

According to the FBI, in 2021, tech support scams affected 23,903 people who lost more than $347 million—an increase of 137% from the previous year. Some 60% of the victims were over 60 years old, and experienced 68% of the losses.

Warning signs:

• Unsolicited phone calls about tech support. Companies like Apple will never proactively call you about these issues.
• A pop-up ad on a website claims that your device has viruses or promises to “speed up” your computer.
• The caller uses fear tactics to trick you into downloading software or clicking on links in emails.

Robocalls and phishing messages—see above.

Sweepstakes and elder lottery scams announce that you’ve won a contest, lottery, or sweepstakes that you never entered. But if you want to get your winnings, you’ll have to pay upfront fees and taxes and supply your banking information for the transfer.

Warning signs:

• You or a loved one receives a notification that you have won a large sum of money from a contest you never entered.
• The person you speak with asks for upfront payment through non-traceable methods (gift cards, wire transfers, etc.).
• They ask for your banking information to complete the deposit.

Romance scams—to me—are some of the worst frauds visited on seniors. They come about mostly through dating sites and social media. They start out innocently enough, with a total stranger being extremely complimentary, reeling you in like a fish, and then asking for money, then more money, until they bleed you dry.

Listen; I know these scams work. I had a work associate a few years ago—a widow—who was asked to befriend a stranger on Facebook. She did, and over a period of about four years, he expertly lured her into a “relationship” that ultimately cost her friends, family, her home, and her job. No matter how much her friends tried to tell her it was a scam, she wouldn’t hear of it. Despite four years of giving this con artist everything she had (and never actually meeting him!), she died penniless.

Warning signs:

• The “relationship” moves at a frantic pace, with the other person claiming to be irrevocably invested.
• They promise to meet up in person or on video chat but always come up with an excuse at the last minute.
• They ask for money or financial help for family or healthcare issues.

Funeral scams were new to me. Apparently, criminals read the obituaries of recently deceased people, then show up at the funeral, requesting repayment of a debt the deceased supposedly owes them. Revolting—approaching people who are grieving for their loved one, and then robbing them!

Warning signs:

• Someone you don’t know demands payment at a funeral.
• You’re approached by an individual who claims to know the deceased but has no tangible evidence of their relationship.

Reverse mortgage scams are a legitimate method for a person older than 62 to live off the equity they have built up in their homes. But the industry is rife with con artists, who use billboards, ads, and fliers to target seniors. They end up stealing your equity.

They promise folks in danger of foreclosure that they can use a reverse mortgage to save their home, and can deliver a fast closing.

And it’s not just the fake lenders; it’s also fake contractors who will offer “free” consultations, to “help” you get a reverse mortgage and pay for pricey and unnecessary repairs or home “updates.”

Warning signs:

• High-pressure sales tactics that try to get you to consent to a reverse mortgage without doing your due diligence.
• Someone claims that they need power of attorney in order to finalize a reverse mortgage.
• Contractors or vendors suggest that you take out a reverse mortgage to pay for costly repairs.

Online shopping scams include products that don’t exist or never get delivered. In 2021, the FBI received over 13,000 complaints of fraudulent products and non-delivery, making it the second most reported fraud among the elderly.

Warning signs:

• Poor design or spelling errors on the website.
• The website you’re shopping from is unsecure.

Charity scams are really the lowest of the low. They target seniors who want to help others. The con artists pretend to be a real charity, then steal donations and your personal information. These are especially prevalent after a fire, earthquake, hurricane, or other natural disaster.

Warning signs:

• The charity doesn’t appear on official sites like Charity Navigator or the BBB Wise Giving Alliance.
• You find evidence of fraud when you Google the charity’s “name + fraud/scam/complaint.”
• The charity’s name is very similar to a larger organization you’re familiar with.

How to Prevent Senior Citizen Scams

Here are a few tips to help protect your elderly relatives and friends:

Set up credit monitoring and identity theft protection (see above).

Keep an eye on unsolicited phone calls or even packages in the mail.

Leave notes next to computers, phones, and doors, reminding your friend or relative about the scams. Aura.com suggests these notes:

STOP: Take a moment and think about the situation. Does anything feel suspicious?
LEAVE: Hang up, close the door, or close the email. If someone is pressing you to act now, they could be a con artist.
ASK: Call a family member for advice, search online for more details, and find out if the organizations you’re speaking to are real. You can also ask a visitor for identification.
WAIT: Take the time to absorb what you’ve learned and make a plan of action. Don’t rush any decisions.
ACT: Only visit legitimate websites and call verified, safe phone numbers. You can use independent review websites and email address lookup services to check someone’s identity.

Encourage open communication, without judgment.

Share your stories about near-encounters with fraud. Ask your more tech-savvy family members to share examples of scam emails or messages they’ve received. Be sure to point out how you knew the emails were fake so that your elderly family members can identify it in the future.

Have a plan and a password to your friend or relative’s accounts. Also, consider creating a secret family password. You can use this in phone calls, texts, or emails to let the recipient know that a transaction is genuine. This is a great idea to ward off the grandparent scams.

Be suspicious of any unsolicited call or message.

Use antivirus software to warn you of malware and dangerous websites and be wary of situations that appear too good to be true.

Report frauds and scams to the Federal Trade Commission (FTC) at ReportFraud.ftc.gov. Then, follow the steps of the fraud victim’s checklist to recover your funds and secure your accounts. You should also report them to your local FBI office.

The FBI’s Internet Crime Complaint Center will want as many of these details as the victim can provide:

1. Name(s) of scammers and/or organization
2. Date(s) of contact
3. Method(s) of communication
4. Perpetrators’ phone numbers, emails, websites, etc.
5. Victim’s method of payment
6. Where and how funds were sent
7. Instructions victim was given, as well as descriptions of interactions with scammers
8. Other Tips
9. Discontinue all contact with anyone you believe to be a scammer.
10. Place a fraud alert with your credit agencies and close all bank and credit card accounts opened during the scam period.

The following chart is an eye-opener. Don’t let it happen to those you love.