Phil Muncaster, guest writer at ESET explains here’s how to know you have fallen victim to a scam – and what to do in order to undo or mitigate the damage
Online fraud can be thought of as a price we pay for the ubiquity of digital services. These services make our lives easier, healthier, safer and more entertaining. But there are countless scammers out there waiting to steal our identities and money. Their ingenuity, our credulity and poor corporate security combine to make fraud a multibillion-dollar challenge. In 2021, US consumers reported losing nearly US$6bn to fraud, up 70% on the previous year, according to the FTC.
Prevention is always the best approach. But we’re only human. And our adversaries are increasingly resourceful and determined. That means we must also be primed and ready to react quickly if we have been scammed – to minimize the impact on our lives and ensure the bad guys can’t profit.
Two side of the same coin
Sometimes it’s immediately obvious when something’s gone wrong. You might just have clicked on a phishing link and a split-second later realize what happened. Or perhaps you’ve just put the phone down on a tech support scammer who had access to your PC.
But other times, it’s less obvious. For example, if hackers get hold of your card details or personal information like social security numbers via a third-party breach. Typically they’ll sell these on a cybercrime marketplace, where fraudsters congregate.
This personal data will be bought in large quantities and then used in automated attacks including follow-on phishing, payment fraud, account takeover or new account fraud (NAF). Account logins might be resold separately to provide unscrupulous buyers with access to your streaming service, ride hailing account etc.
The bad news is that there continues to be a steady supply of stolen data onto the cybercrime underground. In the US alone there were over 1,800 reported breaches in 2022, affecting 422 million consumers – up 40% year-on-year.
5 signs you’ve become a victim of fraud
With that in mind, here are five signs you might have been scammed.
- Unusual transactions and/or new lines of credit. If fraudsters have your data and/or financial details they may use it in payment fraud – where stolen card details and/or cards stored in hijacked accounts are used without your knowledge. Alternatively, they may use your identity info to apply for new credit cards. The first you’re likely to hear about the former is through strange activity on your bank account. If it’s a problem with NAF, it might be harder to spot until you get a letter or email notifying about late payments. Sometimes, the first users hear about NAF is when they check their credit score and/or get turned down by a lender.
- Purchased item didn’t arrive. E-commerce fraud is another growing problem. Scammers will often try to flog expensive gear online, usually at heavily marked down prices to attract buyers. Except there is no stock and they simply take the buyer’s money, requesting payment via instant cash apps like Zelle, Venmo and Cash App, which offer no buyer protection.
- A romantic acquaintance disappears. Romance fraud made scammers over $956m in 2021, according to the FBI. Even this is likely to be the tip of the iceberg, as many incidents go unreported because victims are too embarrassed to admit they were taken for a ride. A romance fraudster will typically build a rapport online with their victim before asking for money for various spurious requests such as medical bills, or transport costs. Once they feel their victim has nothing more to give, they’ll disappear, never to be heard from again.
- Locked out of account(s). If a scammer has your logins then they will typically access your account and change the password. It could be anything from your social media to your Uber or Netflix account. These can be harvested for personal information, including stored credit card details. But they’re also a valuable commodity in their own right. Instagram accounts are worth $45 each, as opposed to $2 for a social security number, according to one report. This is because such accounts can be used to spam other users following your profile.
- Unable to withdraw money from a crypto investment. Investment fraud is another high earner. It made nearly $1.5bn in 2021, more than any other category of cybercrime except business email compromise. Investors are typically encouraged to put money in, perhaps even being shown fake returns on their investment. However, when you want to actually withdraw any of that money they’ll likely cut and run.
What to do next
So you’ve been scammed. What next? If it’s a serious amount of money, you may want to contact the local authorities. They can also help by sharing a recovery plan. Think agencies like Action Fraud in the UK and the Federal Trade Commission (FTC) at IdentityTheft.gov in the US.
The next port of call, if financial data was taken, should be your bank. Call the bank’s fraud line or use your banking apps to freeze any cards potentially used by the fraudsters. Have them send replacement cards.
Other remediation steps to recover from an attack and build cyber-resilience for the future include:
- Password change. Use strong, unique passwords, ideally stored and recalled by a password manager..
- Two-factor authentication (2FA), which adds a second layer of security on top of passwords to mitigate the threat of phishing and account takeover.
- Keep devices patched and up to date.
- Don’t save your personal and financial details in an online account. Although it’s more hassle entering details each time, it’s more secure if you check out as a guest.
- Ensure all devices and PCs are secured with anti-malware protection from a reputable vendor.
- Use a reputable security solution on all your devices
Fraud isn’t inevitable. But if it does strike, stay calm and work through these steps to minimize its impact.