Online crooks continue to dive the majority of American adults because they infiltrate virtual calendars and security systems intended to defend users against poaching of personal information.
A recent survey of more than 9,000 American adults by the Pew Research Center revealed that around 73% have experienced at least one or more online scams or attacks.
The most common virtual drawbacks were credit card fraud, online purchase scams and ransomware attacks – a type of malware that prevents you from accessing your IT files or your system until a ransom is paid.
About 24% of those questioned said they received a scam, SMS or a call that led them to give personal information.
It is estimated that 32% of respondents said they had a scam in the past year.
It is often said that the elderly are more vulnerable to online fraudsters. However, in 2021, the Federal Trade Commission reported that adults in generation Z, millennials and genetics, collectively between 18 and 59 years old, were 34% more likely than adults who are 60 and over to declare the loss of money because of fraud.
These generational groups are deceived by online programs that come from an announcement on social networks, an investment scam or false job opportunities.
The latest phishing attacks, or attempts to acquire sensitive data, occur via your online calendar (Google or Outlook calendar), the Multi-Factor Authentication Application and HTML attachments.
Avoiding online scams proves to be a challenge, but cybersecurity experts say you can take measures to protect yourself.
Invitations to unlined calendar
Scammers are constantly finding new ways to attract you to abandon your personal information without knowing it and the calendar connected to your messaging account is one of them, said Iskander Sanchez-Rola, director of artificial intelligence and innovation for Norton.
Unlike traditional phishing scams such as a unwanted text or call that requires your commitment, this invitation automatically appears on your calendar without you approving it or rebuilding it.
Anyone can easily be fooled by that, because it can confuse you to think that you have accepted the invitation at some point, said Sanchez-Rola.
The scam occurs when you click on the invitation to get more information.
A link in the invitation can lead you to a phishing web page that emerges as a zoom link, or it can invite you to download disguised malware in software update.
This Con often targets messaging accounts related to work and corresponding calendar applications.
The warning signs of this scam include:
- The invitation of the calendar is not requested.
- There are spelling mistakes in the address of the link or sender associated with the appointment of the calendar.
- The invitation is associated with work, but you are the only person to receive it.
What you can do: Change the settings of your online calendar to prohibit automatic updates. Microsoft Outlook users can follow these online instructions to modify their calendar settings; Google users can limit invitations appear on their calendar by following these online instructions.
If you have suspicions, do not respond directly to the invitation, said Derek Manky, chief security strategist and global vice-president of threats to Fortinet.
“Instead, send an e-mail to your contact with confidence of this organization to ask it if they have confirmed the meeting and ask for more details,” said Manky.
Multi-Factory authentication scam
A multi-factory authentication application, also known as “two-step verification”, is an application on your phone which provides you with a code or prompt “yes or no” to verify that you access an account linked to the authenticator.
“Multi-factor authentication attacks have occurred for more than a decade,” said Manky. “They frequently take new forms or target new platforms such as the Authenticator application.”
A scam occurs when you receive several notifications from the authentication application, even if you have not requested verification.
“This scam consists in bringing you to the point of clicking on an unknown notification and accidentally providing your personal information,” said Sanchez-Rola.
The warning signs of this scam include:
- The authentication application requests a verification or provides you with a verification code that you have not requested.
- The authentication application sends you several consecutive notifications, even if you have not invited the application.
What You can TO DO: If you get a chain of authentication apps notification, take a break before clicking.
“Approving a connection that you did not ask for, it’s like putting your keys to a stranger,” said Sanchez-Rola. “You don’t do it.”
A safer way to use an authentication application – such as 2fas, AEGIS AUTHENTICATOR, Microsoft Authenticator, Stratum or Google Authenticator – consists in using one that provides you with a verification code. Do not use an application that sends a notification because that is how a crook can put you pressure to provide your connection information.
Another step to protect you is to change your passwords frequently, because it reduces the shelf life of those stolen and sold, said Manky.
E-mails with unknown html attachments
An e-mail with an unknown HTML attachment can redirect you to a phishing web page or invite you to download malware.
It is the oldest technique in the book, but it is still commonly used today, said Manky.
“HTM / HTML files contain code that can be used in various ways, including the execution of malicious scripts, for example JavaScript, which could delete an information thief on the system,” he said. “Likewise, they could be used to launch a phishing page to collect identification information.”
Frauders will try to use trusted names or services that are daily.
“If an email is not requested, the end user must always question the identity of the emails sent,” said Manky.
The warning signs of this scam include:
- The sender of the email is an unknown contact.
- The attachment in the email is not requested and seems suspicious.
What can you do: Always be cautious before opening the attachments in an email, said Manky.
Look for typosquat in the attachment url. Typosquat is when domain names on the URL have a small variation in relation to that legitimate, said Manky.
