Keeping up with the latest scams is hard. As soon as one is rumbled, another emerges to take its place. From social media to online shopping, there are security risks to dodge and it can feel like protecting your private information is a full-time job. So, what are the current scams doing the rounds and how should you deal with them?
The WhatsApp scam
While most people are on guard when they receive a message through Facebook or Twitter, we are more likely to trust messages that come through instant messaging apps. That is precisely what fraudsters are hoping for with this particularly effective scam.
Perhaps it is an appeal for help from a new number because your friend or relative has been suddenly locked out of their phone or it has been stolen. Or, it might be a message to tell you that they have a new number from now on, before the inevitable request for financial help comes. We are, however, wired to want to help our loved ones and this scam taps straight into that instinct.
They aren’t always new numbers either. People have found their WhatsApp accounts hijacked by a stranger after a request from a seemingly trusted contact asking for a security code that they have sent to their phone by accident. That circumvents one security protection on WhatsApp and gives scammers access to your account.
If you get a plea for help from an unfamiliar number, it is worth contacting the person outside of WhatsApp on a familiar number. If anyone asks for a security code they have “mistakenly” sent to your phone, don’t hand it over.
QR code scams
A hangover from Covid times, QR codes are still everywhere. The humble QR code found its stride when the pandemic raged through public health information, ordering from menus and more. While they are convenient – no physical documents to handle, no mistyping of web addresses – they also present a potential security risk.
Scammers can swap the genuine codes for fake ones, luring unsuspecting users to fake sites where they hand over private information and financial details.
To try to minimise your risk of becoming a victim of this scam, make sure the QR code is from a reputable source. Double check the web address you have been sent to and if it looks like it doesn’t match, don’t hand over any information. You can also skip the QR codes altogether and type in the web address yourself.
Online shopping
Just when you think you’ve seen everything, they invent a new scam. There are plenty of ways that people have been cheated out of money when shopping online, such as goods never arriving or card details being stolen, but there is always a new one to be aware of.
Take one website we came across recently. Claiming to sell toys, the site offered payment through PayPal, which is one way to safeguard your money. With multiple types of payments available on the platform, however, you have to be careful.
When going through the checkout process and redirected to PayPal to approve the payment, shoppers were seeing a screen that flagged the payment as a donation to a named account, rather than a goods and services payment to a business.
That should set the alarm bells ringing; if you are buying goods online from what claims to be a registered business, only pay through goods and services. Anything else will make it very difficult, if not impossible, to get your money back when the goods inevitably fail to materialise.
The website in question subsequently disappeared and redirected to an overseas site, before the domain become unavailable – taking any “donations” with it.
Twitter ‘verification’
Remember when Elon Musk vowed to verify every user and get rid of the bots that were pushing scams on Twitter? So do we. If your direct message inbox is anything like ours, though, the crypto scam spam would show that one up as a lie.
Twitter’s plan to “verify everyone” appears to be a plan to charge everyone $8/€11 to pay for a blue badge on their profile, with precious little actual identity verification beyond the ability to pay up each month. It has been a boon for scammers, who now can give themselves the thin veneer of credibility that the verified badge once held while pushing the latest financial grift.
It was easy to figure out who was verified under the old system and who was paying for the badge, by going to the profile page and tapping on the badge. Twitter is now, however, hiding the paid-for blue badges among the legacy verified accounts by changing the message to say it is verified “because it’s subscribed to Twitter Blue or is a legacy verified account”, making it harder to distinguish between the two.
The confusion over verified accounts has made it easier for bad actors to take advantage, as is their wont. Nothing galvanises fraudsters more than a bit of distraction, giving them a bit of cover to try to fool people that they are genuine accounts.
People have been targeted by fake emails claiming to be from Twitter to help you keep your verified status. The phishing emails just trick you into handing over your account details on a fake website instead.
[ Eight scams Irish consumers should be wary ofOpens in new window ]
Add in to that the recent change to how Twitter allows you to authorise log ins. While most people use text message, the new regime under Elon Musk has decided that SMS authorisation should only be available for paying members of the site.
It doesn’t mean that you will be left unprotected. There are other options for free users, including using an authenticator app such as Google Authenticator, Authy or 1Password – but SMS was a common and convenient option, even though it was considered less secure.
With social media takeovers increasing last year, it is worth making sure you have two-factor authorisation in place, to protect not only your own private information but also that of anyone linked to your account.
The Revolut scam
Online access to your money makes your life easier but it also comes with some risks, as one scam recently covered by Pricewatch in this paper showed. One user found that an attempted payment to a UK retailer – which he rejected – triggered a fraud attempt that drained thousands from his account while he was in contact with Revolut’s customer service trying to stop it.
The key factor here was the security code that appeared in the app. While the victim was in touch with customer service via in-app chat, he received a phone call claiming to be from Revolut’s team to deal with the fraud and was tricked into handing over an authorisation code that gave the scammers access to his account.
If you suspect your account has been compromised, you can freeze your cards in the app to stop further transactions being attempted. And, once again, never share authorisation codes with a third party, even if they seem genuine.
Streaming scams
Subscriptions to streaming services aren’t cheap, especially if you have more than one service to pay out for each month. A cut-price deal may end up costing you more in the long run, however. That is not because of any action taken by the streaming service; it is likely to be a scam that will result in the loss of your personal data.
Take the email doing the rounds offering people a cheap Disney+ subscription. It has all the Disney+ branding and even throws in a mention of the Avengers to tempt you further. It comes with a whopping price discount, costing a few euro rather than the full €90 for the year that Disney usually charges. Sadly, the email is a fake, as closer examination reveals.
Although it contains official Disney branding, the email address is not an official Disney one and neither is the URL to which it redirects users.
If it seems like it is too good to be true, it usually is.
Banking opportunists
It’s not just consumers who get hit by online scams. Irish businesses were conned out of €8 million in 2022 according to figures from FraudSmart. There is probably more at stake in terms of monetary losses for businesses than there is for the average customer.
The collapse of Silicon Valley Bank has provided a new opportunity for scammers to try their hand at tricking unsuspecting companies. In the immediate aftermath, security experts saw an increase in attacks linked to the bank’s collapse as potential SVB customers or those linked to other companies affected by the collapse were targeted. Once more, chaos is the fraudster’s best friend.
[ Consumers warned of rise in ‘highly convincing’ investment scamsOpens in new window ]
It’s not just SVB that has been the focal point for banking scams. Last month, the Central Bank issued a warning about “fraudulent entities” selling fake investments under the guise of Citibank Europe. Potential customers were targeted through email by the entity, which had no connection with Citibank, offering fake government treasury bonds and other financial products.
Plenty of people have had the fake emails from banks they may or may not do business with urging them to take action to prevent their accounts from being locked. Be sceptical and if in doubt, contact the bank or fintech directly.