Keeping your Mac free of malware and using strong passwords for your online accounts are two important things you need to do to stay safe and secure. But even if you succeed at these, you can still be vulnerable to common scams that use social engineering to trick you out of your money, privacy and security. Even the most intelligent person can fall victim to a scam if they don’t recognize it when it happens to them. The key to keeping yourself safe is to know the common scams so you recognize them when someone tries to trick you.
Phishing Scams
How It Works: Phishing scams typically start as email messages pretending to be from a company you know. For instance, you may get one that appears to come from a major bank, shopping site, or social network. The email scares you by telling you there is a reason you need to log into the site, and provides a link for you to do so. You click the link and go to a site that looks right, but is actually a fake. You enter your password and now the scammer has your password.
Variations: Just because an email messages claims to be from an address, doesn’t mean that it really is. The source of the message can be easily faked. The message may ask you to login, reply to the message with information, or even call on the phone. It could be an offer of money, a prize, a security warning, or even a threat. Just remember that scammers can make up anything and make the email look like anything. There is no easy way to verify the authenticity of an email message. Phishing scams can also come via text messages or phone calls, so use the same precautions there.
How To Protect Yourself: If you get a request from a site you use to log in, simply ignore the links in the message and go to the site manually by typing in the address you already know, or using a bookmark you have already set. If you get a phone call from your credit card company, call them back using the number on your card, not the number provided in an email or text message. You can also use a password manager like 1Password, LastPass, or the built-in Safari password manager. They will match a password to the actual site you are visiting, so they won’t be fooled by sites requesting a password claiming to be something else.
Fake Malware Alerts
How It Works: You suddenly get a pop-up or alert warning you that your computer or device is infected with a virus or malware of some sort. Often these will claim to be from an official entity like Apple, Microsoft, your Internet provider or a security company. If you click on the link, you will be told to download software that could be malware, adware, or just an unnecessary expense.
Variations: Sometimes you will be asked to call a number and then give credit card information, or access to your computer, to a scammer claiming to try to help you. Sometimes the scammers will just call your phone randomly to try this.
How To Protect Yourself: No one has access to your computer to know whether you have a problem. A web page cannot scan your computer for viruses. The fake alert could just be a plain advertisement on a web site, try to frighten you into buy-in their software. You can just ignore it. But never click on their links, or call those phone numbers. Apple, Microsoft, nor your Internet company will ever just call you. If you get a call like this, hang up.
Work-From-Home Jobs
How It Works: You see an ad online, or in the real world, for a work-from-home job. Common jobs include reshipping packages that are sent to you, buying products at stores and shipping them, placing ads on sites, cashing checks, mystery shopping, processing insurance claims, and even just data entry. The job offered can really be almost anything. Most often you are sent money, in the form of checks, and asked to either send some of that money elsewhere or buy products and ship them. The scam is that most people don’t realize that banks will deposit the check immediately, and only find out it is a fake check after two weeks or more. By then you have already purchased and shipped items, or sent some of the money elsewhere.
Variations: Sometimes you are asked to pay money to get started as a processing fee or to acquire equipment, then you never hear back. Often these involve gift cards, such as iTunes gift cards. You are asked to purchase them and send them along, and then find out the check the scammer sent you to cover the expenses was fake. You could also get caught up in a reshipping scam where stolen credit cards are used to purchase goods, then shipped to you, and then you pass them along until the police catch you instead of the crook.
How To Protect Yourself: If it sounds too good to be true, then it almost certainly is. But the greatest protection here is realizing that checks can be easily faked. Banks have to put the money into your account when you deposit the check, but when it bounces two weeks later, you will lose that money and get a bad check fee on top of it. So never trust a check unless you trust the person writing it. Just calling a check a money order, cashier’s check, or any other fancy term doesn’t make it any more legitimate.
Fake Online Buyer
How It Works: You have an item up for sale on Craigslist, Facebook, eBay or wherever. An interested buyer contacts you and really wants your item. However, they can’t get it themselves but want to pay you in advance so you ship it to them, drop it off somewhere, or they will send someone to pick it up. They often are willing to pay you extra for the trouble. They send a check and you deposit it. You send the item along and the check bounces two weeks later. Often the check is for more money than the price, and they will ask you to send back the extra or give it to the person picking up the item to pay for their services. So then you are out some cash in addition to the item once the check bounces.
Variations: Often this isn’t even about the item. They don’t care what it is and don’t want it. It is all about the extra money they will send you, and you give back to them or the fake delivery service. Sometimes you will be told the money is coming from PayPal or some other service and then get an email from that service saying the money is being held by the service until the transaction is complete. But the email is just a complete fake and no money was actually sent.
How To Protect Yourself: When selling items directly, only sell locally and get cash. State that in your ad. If you get inquiries from out of your area, just ignore them. When selling on eBay, only use their built-in payment system and ignore requests to handle it differently. Never accept a check or check-like piece of paper for payment for anything, unless you know the person and trust them. If someone offers to overpay you, they are trying to scam you.
Long-Distance Online Dating Scams
How It Works: You meet someone in a chat room, social network or dating site. Usually they are overseas. Over a long period of time, they gain your trust and affection. Sometimes fake pictures are used, and other times the scammer will actually talk with you for real. Eventually some small expense will come up that is troubling the scammer, but seems very tiny to you. You help the scammer by paying it. But then more expenses follow and it adds up. Sometimes the scammer will claim to use the money to travel to see you, which they never do.
Variations: Sometimes the scammer will trick you into sending suggestive messages or photos. Then the scammer switches personas to become the parent of the original persona or a law enforcement officer and demand payment as blackmail. This could involve the original persona suddenly being revealed as married or underage.
How To Protect Yourself: Remember that anyone can be anyone online. Avoid getting involved with anyone online that you have not met in person. Use only reputable dating services for online dating. If someone you have never met in person asks for money, it is almost always a scam. If you are threatened with blackmail online, cut off contact, report to the police, and never pay.
Facebook Profile Hijacking
How It Works: You get a Facebook friend request from someone you know, with their name, picture and other details correct. You accept their friend request. However, this is not your friend. In fact, you are probably already connected to your real friend on Facebook. What the scammer has done is to grab their public Facebook profile and simply open a new free Facebook account with the same information and picture, and then made friend requests from their publicly-available friends list. If this account isn’t reported, you will eventually get spam from this fake account, or could possibly be hit with a request for money from the scammer, perhaps to help who you think is your friend out of a situation.
Variations: Scammers can pose as celebrities and set up fake profiles on social media. People will follow them and then receive spam or propaganda from this fake persona. A more serious scam involves receiving a phone call from someone claiming to be your friend or relative and needing money to get out of a jam. That sounds ridiculous, but people are often caught so off-guard when a call like this comes out of the blue that they don’t realize it is a scam until they have sent some money.
How To Protect Yourself: One mistake people make when they see this is to claim that their friend’s Facebook account “has been hacked.” It hasn’t. Their real account is just fine. This is just a fake account using the same information. Report this account to Facebook and move on. But to protect yourself so that this doesn’t happen to you, go into Facebook’s settings, under Privacy, and set it so only your Friends can see your friends list. This doesn’t prevent a scammer from impersonating you, but it does prevent them from then trying to send friend requests to people you actually know.
Great idea, Gary. It amazes me how gullible folks can be, especially the elderly (of which I number myself a member). A new scam a day.
Chaz
“There is no easy way to verify the authenticity of an email message. “
iPhone Mail: tap & hold (& do not release) & you will see the actual url of the embedded link.
Mac Mail: roll over the URL (do not click on it) w mouse cursor & a little “tip” window will appear showing the true URL.
Agreed that even if the link appears legit, safest to go to HTTPS home page of the biz in question & log in from there. View, copy & paste all headers into a forward of phishing emails to abuse@___.com
JF: That reveals the true URLs of links, but where the email came from is still unverifiable. Going to https doesn't mean anything -- a scammer can set up an https site just as easily as you or me. https just means your data gets to the site securely, it doesn't mean you can trust the person running the site. Not at all.
I've been using Mail Detective -app with Mac and it's been very helpful!
KY: I don't recommend this approach. From what I can tell, this app you recommend just reads the headers of the email and gives a location. But that is easily faked by spammers. A lot of spam is sent by virus-infected PCs and servers. So, for instance, a European spam company can send you a scam email via a PC in Ohio. So location doesn't help, even if this app gets it right. Plus, knowing the location is just one small bit of data. I wouldn't use that to determine whether I trust the links or content in an email.
I knew that also MD has the weakest points. One can't trust on anywhere in the computer world.
Thanks for your comment!
Recently I allowed an "official intuit" party into my computer and stopped them after about 10 minutes since I saw no immediate charge on my credit card. The number was reported to the police and it was a "paint store in New Jersey"! An obvious imposter! My concern is that they may have embedded something in my computer that I cannot see. If that is a possibility (given no symptoms and I changed all my passwords, bank accounts and credit cards), what would I do next? Get an IT person?
Avery: Yes, you should be VERY concerned. You should meet with a computer security expert and have them work on your machine. You should carefully inspect all of your online accounts and change all of your passwords. Probably best to set up credit alerts and the like as well.
The simplest way to protect your computer is to delete any email offers period. Even legit offers will cost you money. Delete emails and empty your trash. Purchase only through vendors you know and trust.
How do you block someone sending text messages on an iPhone. Keep getting scams continually. I can delete but can’t find a way to block like a phone call.
Sharyn: You can block a number easily, but that won't help you prevent scams as those come from faked numbers that are different every time. Look at what your carrier has to offer. See https://macmost.com/how-to-deal-with-robocalls-on-your-iphone.html