All You Need to Know About Cybersecurity

Cybercrimes are increasing exponentially by the year. Unfortunately, developments like the pandemic, the growth of cryptocurrency and the increase in online working and shopping have created a target-rich environment for cybercriminals. In fact, according to Cybercrime Magazine, cybercrime will cost the world $10.5 trillion annually by the year 2025. 

The best way to protect yourself from cybercrimes of any kind is by being aware of common warning signs as well as keeping your systems and devices secure. High levels of cybersecurity are employed at all times on the internet to keep websites–as well as power grids, water systems and more–running and free of malicious activity. As a private consumer, you can also utilize cybersecurity on your own devices, albeit on a smaller scale. In honor of Cybersecurity Month, let’s take a closer look at this essential toolset and how to best harness it for your protection. 

What is cybersecurity?

Cybersecurity refers to the protection of all online devices, networks, data and electronic systems from attacks by hackers, scammers and cybercriminals. 

There are several major categories of cybersecurity:

  • Network security is the practice of securing a computer network from intruders who commit crimes via targeted attack and/or malware. 
  • Application security focuses on protecting software and devices from threats. 
  • Information security protects the integrity and privacy of data.
  • Operational security includes handling and protecting data assets. 
  • Disaster recovery and business continuity include the ways an organization responds to an actual or potential security breach.
  • Cloud security refers to creating secure cloud applications for companies that use cloud service providers, like Google, Amazon Web Services, etc. 
  • Identity management and data security protects processes that enable authorization and authentication of legitimate individuals to an organization’s systems. 
  • Mobile security protects data that is stored on mobile devices from threats like unauthorized access, device loss or theft, malware and viruses. 

Types of cybercrimes

Cybercrimes can be divided into several categories:

  1. Cybercrime includes criminals acting alone or in groups who target systems for financial gain or to cause disturbances.
  2. Cyber-attack will often involve groups of criminals gathering information for political reasons.
  3. Cyberterrorism is the act of hacking electronic systems with the intent of causing panic or fear.

Methods of cybercrimes

All forms of cybercrimes threaten cybersecurity in some way. Here are some of the methods cybercriminals use to wage attacks: 

  • Malware. This threat includes ransomware, spyware, viruses and worms. These can install harmful software, block access to computer systems or provide scammers with access to data.
  • Trojans. This attack tricks users into thinking they’re opening a harmless file when, in reality, they’re installing a backdoor that provides cybercriminals with unauthorized access. 
  • Botnets. This attack is conducted via remotely controlled malware-infected devices and is usually deployed as a large-scale attack. Compromised computers are integrated as part of the botnet system to further spread the attack.
  • Adware. This threat involves a potentially unwanted program that is installed without the user’s permission and automatically generates unwanted online advertisements.
  • Phishing. This attack is employed via email, text or social media message to trick the target into sharing sensitive information. Often, the tactic will also lead to the installation of malware.
  • Man-in-the-middle attack. In these attacks, a hacker will insert themselves into a two-person online transaction. The hacker will then steal data and/or login credentials.

How can I protect myself against cyberattacks?

Fortunately, there are lots of preventative measures you can take to protect your information and your money from cyberattacks: 

  1. Update your software and operating systems. Accept every update you are offered because these will provide the strongest and most current protection.
  2. Use anti-virus software. This software will detect and remove threats in real-time. 
  3. Use strong, unique passwords across all your online accounts. Be sure to vary your use of capitalization, symbols, letters and numbers. For optimal security, switch up your password every six months.  
  4. Never open email attachments or click on links from unknown senders. These can automatically download malware onto your device.
  5. Avoid using unsecured public WiFi. Using unsecure networks leaves you vulnerable to attacks.

Cybersecurity is a crucial component of modern day digital safety. This guide can help you learn how to utilize this essential toolset for your personal security. 

Your Turn: How do you utilize cybersecurity to protect your information and your money from cybercrimes? Share your best tips in the comments.

Beware of Digital Kidnapping

Most parents warn their kids against taking candy or accepting a ride from a stranger, but there’s a digital equivalent to conventional kidnapping that is unknown to many people. Digital kidnapping happens when a crook takes control of a target’s social media profiles and holds them until a ransom is paid. It can also involve “kidnapping” photos that are posted on social media pages. Here’s what you need to know about digital kidnapping and how to protect yourself from falling victim. 

How the scams play out

In a digital kidnapping scam, a hacker or ring of scammers will take control of one or more of a target’s social media profiles. The target will be effectively locked out of their own social media accounts and will be unable to access or update them. Once the scammer has control of the profile, they’ll contact the target, demanding a hefty ransom in return for access to the account. They may even threaten to post damaging or humiliating content on the social media profile unless the ransom is paid.

In another version of this scam, hackers will “kidnap” a photo of a child or baby off an unsecured social media account. They will post these photos in their own accounts, using the picture-perfect moments to create a fantasy world of their own. In a creepy twist of reality, they’ll pretend these are snapshots of their own family. They may use this fake world to help them create an imaginary escape, or to draw traffic to their own public accounts. Sometimes, they’ll utilize these photos to help build a bogus story, such as a baby being put up for adoption, or a charitable fund to benefit a child whose parents are struggling financially. Unfortunately for the actual parents, it can be months or years before they find out that their child’s picture is splashed across a public account with thousands of followers. 

If you’ve been targeted

If you believe you’ve been targeted by a digital kidnapping scam, there are steps you can take to mitigate the damage. First, alert the company that owns the social media platform to let them know your account has been compromised. They’ll likely have specific instructions for you to follow to ensure your account remains safe. They may even advise you to close the compromised account and open a new one. Next, tip off the Federal Trade Commission (FTC) and local law enforcement agencies which can help you determine whether it makes sense to pay the requested ransom. Finally, clean up your accounts and make sure there is no identifying or potentially dangerous information being posted on a public forum.

Protect yourself

The best way to protect yourself from digital kidnapping is by keeping your accounts private and secure. Always choose the strongest security settings on your devices and opt for private social media accounts across every platform. This will limit your audience to by-invitation-only viewers while helping to keep hackers and creeps away. 

It’s also a good idea to be mindful of what you post, and how often you post it. Even when using the strongest security settings, sharing a picture online essentially means sharing it with the public. You never know who may be trolling your accounts or looking for pictures to “adopt” as their own. Think three times before posting a picture of your kids. Extra caution is advised for those with super-cute kids.

Finally, be sure to follow basic online safety rules to avoid giving a scammer access to your accounts. Use strong, unique passwords for each of your online accounts and change up your passwords every six months or so. Avoid using public WiFi unless absolutely necessary. Accept every security and software update offered for your device to keep them operating at optimal security. Finally, avoid sharing sensitive information with an unverified contact and never download an attachment or click on a link within an email from an unknown sender. 

Stay alert and stay safe!

Your Turn: Do you have a digital kidnapping experience to share? Tell us about it in the comments.

What is the Dark Web?

Q: I’ve heard of the dark web, but I never understood what this term means. What is the dark web? How is it accessed? Is there any way to keep my information out of its depths?

A: The dark web is the deepest layer of the internet that isn’t visible to the average browser. Unfortunately, its name is a perfect description of its function, as the dark web is full of illegal activities and crimes. Let’s take a closer look at the dark web and how you can protect your information from being caught in its trap.

What is the dark web?

The internet has been likened to an iceberg. There is very little of it that is truly visible above the surface, but it is enormous, dark and deep underneath. 

There are three basic components of the internet: 

  • The surface web–this involves all websites and landing pages that can easily be accessed through popular search engines and by inputting a URL/address directly into a web browser address bar. 
  • The deep web–this includes private, but not invisible accounts, such as social media pages, retail accounts, membership websites, confidential corporate webpages, medical records and more. All content on the deep web is safeguarded by a paywall or sign-in credentials. Experts have estimated that up to 99% of the internet is comprised of the deep web. 
  • The dark web–the final layer of the internet can only be accessed by downloading special browsing software called Tor. Tor masks IP addresses and instantly renders all visitors anonymous. This is where scammers can buy and sell personal information including credit card numbers, checking account details, Social Security numbers, health records and more. 

Despite its name, not all of the activity that takes place on the dark web is illegal. The deepest part of the internet also provides a platform for communication and commerce among people living in countries that have heavy censorship over online activity. In addition, the dark web was originally used by the United States Department of Defense to communicate anonymously. 

Unfortunately, though, the dark web remains a hotbed of criminal activity. Loads of illegal trade takes place through the dark web, including drugs, firearms, counterfeit money, subscription credentials and personal information of thousands of targets. The inherent anonymity of the dark web allows hackers and scammers to roam free without fear of being caught.

How does the dark web work?

The dark web, and by extension the Tor browser, uses a technology known as “onion routing.” This technology uses multiple layers of encryption and redirection to assure anonymity for every browser. When a browser tries to access a site on the dark web, its information will be routed through thousands of relay points, making it impossible to identify and trace. 

How can I protect myself from the dark web?

It’s important to take preventative measures to protect your information from the dark web. Here’s how:

  • Enable two-step authentication on all online accounts. This includes accounts with access to sensitive information, as well as accounts that can be used to collect innocuous but potentially identifying information, like social media accounts. 
  • Consistently monitor your credit for fraudulent activity. Review your accounts at the end of each billing period and request an annual free credit report. Report any suspicious activity to your credit card company immediately. You can also ask the company to send you automatic alerts if there are any large purchases made or new accounts opened in your name.
  • Use strong, unique passwords for all your accounts. Vary your capitalization use, numbers, words and symbols. For optimal protection, switch up your passwords every few months. 
  • Never share your personal information with an unverified source. This includes an email from a contact you’ve never engaged with before, phone calls from an unknown caller and a downloaded link from a banner ad.
  • Run a dark web scan on your devices. This will tell you if your information is already on the dark web. If the scan is positive, reach out to your credit card issuers to discuss placing a fraud alert on your accounts and a credit freeze in your name. 

The dark web is fraught with danger and impossible to trace but there are ways to protect your information. Use the tips outlined here to stay safe.

Your Turn: Have you encountered the dark web? Share your experience in the comments. 

8 Ways to Spot a Survey Scam

Survey scams are almost as old as the internet. They’re so prevalent, you can hardly spend an hour online without running into an ad for a “super quick” survey promising a reward for just a few minutes of your time. 

What actually happens, though, is that the scammer walks away with a free survey, or worse, your information and/or your money. The alert consumer can spot a survey scam easily, but fraudsters are unfortunately becoming more sophisticated at luring innocent victims into their schemes. 

Don’t get caught! Here are eight ways to spot a survey scam:

  1. You’re asked to pay to participate in a survey

Authentic survey companies need you – you don’t need them. There’s absolutely no reason to pay to take a survey of any kind. If you’re targeted by an ad asking you to take a survey and to pay for the privilege of doing so, don’t respond. 

  1. You’re asked to share sensitive information before you can take the survey

They’d really appreciate it if you could take this quick survey for them. They just need some information from you first, like your Social Security number, date of birth and maybe even your checking account number. If a survey company asks for anything more than basic information from you, sign out as quickly as you can. 

  1. They advertise on Craigslist and similar sites asking for your email address

“Survey companies” that advertise on sites like Craigslist asking you to share your email address are usually fronts for scam rings. They use the bogus surveys as bait so you will share your email address. Once they have this information, they’ll use it to spam you with scam emails, phishing schemes, malware or worse. Alternatively, they’ll sell your email address to another scam ring to be used for similar purposes. 

  1. They offer too much money

If a survey is offering you $100 for a 20-question survey that shouldn’t take you more than five minutes to complete, you can be sure you’re looking at a scam. No legitimate survey company is that desperate. The pay for authentic survey-taking is generally on a much more modest scale. 

  1. You’re directed to download attachments 

Any time an unknown contact asks you to download attachments to your device, be super-suspicious. More often than not, these are scams and the attachments are loaded with malware. Don’t respond to the offer, and if it was made via email, be sure to report the email address as spam. 

  1. They advertise aggressively

If the same solicitation for survey participation keeps popping up across your screen, you may be looking at a scam. Scammers tend to flood their targets with ads in the hopes that one of them will actually work. Similarly, if the survey offer is full of unbelievable testimonials of past

participants, you’re likely looking at a scam. Legitimate survey companies don’t need to try so desperately hard to get people to take their surveys. 

  1. They give you an hour to pre-qualify for the survey

Often, a survey company will want you to answer a few pre-qualifying questions to see if you fit their desired demographic. Scammers exploit the prequalification by having the target answer dozens of questions and then informing them they’ve run out of time and cannot participate in the actual survey. This is false, of course, and the questions the scammer just answered actually were the survey questions, only now they won’t be getting paid for it. Check to see if a survey has a time limit on the prequalification before you start answering questions. 

  1. They require an outrageous minimum before payment

Most legitimate survey companies require the survey taker to complete a minimum number of surveys before the first payment. However, scammers require their targets to take an unrealistic number of surveys before they receive their first paycheck. Often, the victim will just quit before they qualify for a payment and the scammers now have these completed surveys without paying anything for them. 

Survey-taking can be a great way to earn some pocket money, but survey scams are rampant. Follow these tips to stay safe!

Your Turn: Have you been targeted by a survey scam? Share your experience in the comments. 

Don’t Get Caught in a Vacation Rental Scam

With prices rising on everything, including hotel stays, record numbers of vacationers are choosing to rent private homes or apartments on sites like Airbnb and Vacation Rentals by Owner (VRBO). Unfortunately, though, vacation rental scams are on the rise as well. Here’s all you need to know about these scams and how to avoid them.

How these scams play out

There are several variations of vacation rental scams. 

In one version, the vacation rental advertised on Airbnb, or on a similar site, does not exist or is in very poor condition. The scammer uses online images or doctored photos to create the bogus listing, and rounds out the ruse setup by creating several phony reviews. If a target falls for the scam and rents the “vacation rental,” they’ll be disappointed to arrive at the posted address on the listing and find that the rental does not exist or is quite run down. 

In another version, an individual rents a listing and receives a message from the renter just before their arrival about a last-minute plumbing emergency at the rental site. They’ll be directed to go to another rental instead. This substitute rental will be in far worse condition than the one the vacationer has actually rented. 

In yet another variation, a vacationer unknowingly books a rental on an Airbnb look-alike site. Scammers lure their targets toward these sites by utilizing “URL squatting,” or creating a site that has a similar URL as a well-known site, which in this case, is Airbnb. The fake website enables scammers to capture the payment information of their victims and use it to empty their accounts, or worse. 

In a more recent version of the vacation rental scam, criminals are exploiting people’s kindness and the war in Ukraine to con victims out of their money. Here’s how it works: Generous donors are booking vacation rentals in Ukraine without intending to actually use them as a means to get money to Ukrainians. Airbnb has been supporting this initiative by waiving all host fees for rentals in Ukraine. Unfortunately, though, scammers have been creating fake listings in Ukraine and simply using the money to line their pockets. 

Red flags

Avoid a vacation rental scam by looking out for these warning signs: 

  • The listing is relatively new, yet seems to have multiple reviews from alleged past guests. This is especially true if the listing is in Ukraine.
  • The listing is riddled with typos and spelling mistakes. 
  • The images of the listing look too professional and perfect. 
  • The pictures and description of the rental don’t match up to its price.
  • The URL of the listing site is not secure.
  • The owner asks you to finalize the reservation on a platform that is not the hosting platform.
  • The owner insists on being paid via prepaid gift card or wire transfer. 
  • The owner demands you share more information than they should need for you to reserve a rental. 

Protect yourself

Take these steps to protect yourself from a vacation rental scam:

  1. Check, double-check and triple-check the URL before booking a listing. Look for signs of a secure site, like the lock icon and the “s” after the “http”, and make sure you are still on the authentic host site, such as Airbnb.com, and that you haven’t been lured into a bogus look-alike site. 
  2. Verify that the street address of a rental does indeed exist. You can also Google the address to see if there are any images associated with the address outside the vacation rental site. 
  3. Do a reverse image search to confirm if the photos are doctored up or copied stock images.
  4. Never share sensitive information online with an unverified contact. 
  5. Use a credit card for all online purchases. 
  6. Do an online search of the owner and look for anything suspicious. 

Don’t let your dream vacation turn into a nightmare. Follow the tips outlined here and stay safe! 

Your Turn: Have you been targeted by a vacation rental scam? Tell us about it in the comments. 

Don’t Get Caught in a Shopping Scam!

Shopping in 2022 is worlds away from what it was at the turn of the century, or even just a few years ago. According to retail research firm, Digital Commerce 360, ecommerce sales surpassed $870 billion in 2021, a 50% jump over 2019. Online shopping is quick, easy and convenient. 

Unfortunately, though, when a lot of shopping moved online, it also ushered in a wave of scams that are often successful. Some of these scams can be difficult for the untrained eye to spot, and many offer no way for the victim to reclaim their lost funds. Here’s what you need to know to recognize an online shopping scam and avoid being the next victim. 

How these scams play out

There are several variations to the online shopping scam. 

In one version, a shopper will scour the internet for a specific item in their desired price range. They’ll find the item retailing on a site at an attractive price and then proceed to make the purchase. They’ll share payment information, input their delivery address and complete the transaction. Unfortunately, though, the item never arrives on their doorstep. Alternatively, a cheap knockoff of the product will arrive instead of the item they’ve purchased. When the buyer tries to demand a refund, they are unable to reach the seller. 

In another variation, a shopper finds an item online and tries to make a purchase. They’ll be asked to input sensitive information, such as a credit card or checking account number. At this point, the shopper will be unable to complete the transaction and will continuously run into errors on the site. However, the scammers now have their information and can proceed to empty the victim’s accounts, or worse.

In a third version of the online shopping scam, a seller clicks on an ad, or on a site that came up in a Google search for one of their favorite stores. They’ll proceed to make an order, not knowing they’ve actually clicked into a bogus look-a-like site run by scammers. The rest of the scam will follow one of the scenarios described above. 

Red flags

Watch for these warning signs that you may have stumbled upon a shopping scam:

  • Prices are too good to be true. If you find an online offer for a new iPhone retailing at just $450, you’re likely looking at a scam. 
  • The offer urges you to act now. If an offer warns that the bargain prices it’s offering won’t last until sundown, it’s likely a scam. 
  • The seller demands specific means of payment. If an e-tailer insists that you pay via prepaid gift card or wire transfer, opt out. 
  • The website is full of typos and grammar errors. If the site is badly in need of editing, it may be run by scammers. 

Stay safe

Follow these tips to keep yourself safe from online shopping scams:

  • Only shop on safe, secure sites. Check the URL for the lock icon and for the “s” after the “http”.
  • Check the URL for proper spelling of reputable sites. Make sure the URL of the site you’re on matches the authentic URL for that retailer and that you haven’t landed on a spoof site. You may want to save the genuine URLs on your computer for future use. 
  • Avoid clicking on high-pressure pop-ups and banner ads. These are often scams.
  • Pay with a credit card when shopping online. A credit card offers the most protection for your purchases. 
  • Never share personal information with an unverified contact. Don’t input your credit card number or account details unless you’re absolutely sure you’re dealing with a reputable website. 

If you’re targeted

If you’ve fallen victim to an online shopping scam, there are steps you can take to mitigate the damage. 

If you’ve paid via credit card, call the company to dispute the charge. At this point, you may want to consider closing the card and placing a credit alert and/or a credit freeze on your name. Next, alert the FTC about the scam. If the alleged retailer is on the BBB website, you can let them know, too. Finally, let your friends know about the scam so they know to be aware.

Stay safe!

Your Turn: Have you been targeted by a shopping scam? Tell us about it in the comments. 

Don’t Get Caught in a Grandparent Scam

Scammers will capitalize on anything to pull off another ruse, even the special bond between a grandparent and grandchild. Grandparent scams are not new, but they have gotten a lot more sophisticated in recent years, so they can be difficult to spot. Here’s what you need to know about grandparent scams and how to avoid them. 

How the scams play out

There are several variations of the grandparent scam. In each one, the caller will claim to be a grandchild of the target. The scammer will often spoof the grandchild’s number so it shows up on the grandparent’s phone. 

  • The legal trouble scam. In this ruse, a scammer who claims to be the grandchild of the target will call and claim to have been arrested. The “grandchild” will ask their grandparent to send money to post bail. They may also ask for funds to pay for legal representation. They’ll pass the phone to an alleged representative to accept the funds via wire transfer or gift cards. Of course, this is just another scammer who is in on the crime.
  • The medical trouble scam. This version of the grandparent scam involves a “grandchild” calling up Grandma or Grandpa and claiming to be seriously injured. They’ll ask for money to help pay the medical bills. 
  • The international trouble scam. Most common during times when teens and/or young adults are likely to be traveling, such as during spring break or summer vacation, in this scam, a “grandchild” will call and claim they’re in deep trouble while in a foreign country. Of course, they’ll ask for a large sum of money via wire transfer or prepaid debit card to help them get out safely. 

If you’re targeted

If you believe you’ve been targeted by any of these grandparent scams or a similar ruse, follow these steps to keep yourself safe:

  1. Don’t take immediate action. The grandparent scam, like most scams, relies on creating a false sense of urgency so the target has very little time to stop and think about what’s taking place. Beat them at their game by taking a step back and thinking rationally about the call you’re receiving.
  2. Ask a personal question. Your grandchild’s name is on the Caller ID and the caller sounds just like them – but are they really on the phone? Ask the caller to answer a personal question only your grandchild would know, such as a family memory, an important date or a private joke you share with your grandchild.
  3. Check your grandchild’s whereabouts. If you’re still unsure if your grandchild is really calling you, use another phone, or hang up on the call, and call your grandchild on your own. Chances are, your grandchild is perfectly safe and fine.
  4. Hang up and report the crime. Once you’ve verified that you’ve been targeted by a scammer, hang up and report the scam to the police. Share as much information as you can. It’s also a good idea to alert the FTC about the scam. If you’ve lost money through the scam, the FTC can help you determine your best next steps.

Safety rules to know

It’s a good idea to follow these rules for protection from grandparent scams and other ruses:

  • Never share personal information online or on the phone with an unverified contact. 
  • If you’re asked to pay for something via money transfer or prepaid gift card, you’re likely dealing with a scammer. 
  • Put your number on the no call list to limit the number of scammers who target your phone. 
  • Keep your social media privacy settings at their strongest and limit what you share on public forums. 

Grandparent scams are especially nefarious as they exploit the special bond between grandparents and their grandchildren. Use the tips outlined here to stay safe. 

Your Turn: Have you experienced being targeted by a grandparent scam or something similar? Tell us about it in the comments. 

Beware of Job Scams

It’s an amazing employment opportunity – or is it? Scammers often hijack the job market and ensnare hopeful job seekers into their schemes. If you’re job-hunting, it’s a good idea to review the way these scams play out and how you can avoid them. To help you out, we’ve put together a short primer on what you need to know to stay safe from job scams. 

How the scams play out

There are several variations of job scams. Here are the most common ones: 

  • Bogus job listing. There’s a Help Wanted ad for a dream job, and the job-seeker applies with great optimism. They’ll share their information and even pay a small fee to submit their resume, or to cover alleged job supplies. Sadly for them, the job doesn’t actually exist and they’ll never hear from the “employer” again.
  • Imposter hiring. An alleged rep from a well-known agency, government institution or hiring firm reaches out to a target asking them to send the funds to cover a screening fee to be considered for a job. While the job does exist, the representative is a scammer, and the money the victim has shared will go directly into the scammer’s pocket. 
  • Phishing emails. Like any phishing scam, a victim is targeted directly via email. The email will offer the victim a fantastic job, but first ask that they share confidential information. If the victim complies, they’ll be giving their personal information to a scammer.  
  • Inflated payment scam. In this ruse, a target will be hired for a remote position. When payday arrives, the victim will receive a check written for an amount that is for more than the “new employee” should have received. The employer will ask them to cash the check and mail back the extra funds. Unfortunately, a few days later, when the check doesn’t clear, the victim realizes they’ve been scammed. 

How to spot a job scam

Learning to identify the signs of a job scam can help you avoid them and find gainful employment. Here are some red flags to watch out for while job-hunting: 

  • Unprofessional emails. If the emails you receive from a would-be employer or HR rep are riddled with spelling mistakes and typos, or are formatted in an unprofessional manner, you may be dealing with a scammer. 
  • No physical company mailing address. Even a business that mostly hires remote employees needs a street address. If you can’t seem to find one on the company’s site, and your “employer” refuses to share this information with you, the company may be a cover for a scam ring. 
  • Upfront fee. Most legitimate employers will not ask a new hire or hopeful employee to pay a fee for supplies or to submit a resume. If you’re asked to do so, you may be looking at a scam. 
  • Inflated checks. If you receive a check from a new employer that is made out for more than your wages or salary, and you are asked to send back the surplus, you’re being scammed. Don’t cash the check and terminate all contact with the “employer”.
  • Premature request for information. While it’s perfectly okay for an employer to ask a new employee to share their Social Security number, date of birth and even their checking account information, these details should not be shared until an official contract is signed and the employee is sure the job and the employer are legit. In fact, it may be a good idea to hold off on signing up for direct deposit of your paycheck until you’ve been employed for a while and you know the job is a keeper. 
  • You’ll be underworked and overpaid. If a job is promising a high salary for very little and/or very easy and unskilled work, it’s likely a scam. 

Before applying to or accepting a job offer, do thorough research. Ask for references of past or current employees and check out the company website to see if it’s secure and has real information about the firm, including a street address. Check out the company’s social media pages, like LinkedIn, as well. Finally, don’t be afraid to ask the employer, or the person doing the hiring, any questions you may have about the company or the job.

Job-hunting can be stressful, but getting caught in a job scam can bring that stress to a whole new level. Stay alert and stay safe by following the tips outlined here. 

Your Turn: Have you been targeted by a job scam? Tell us about it in the comments. 

Don’t Get Caught in a QR Code Scam

Scammers never take a break from dreaming up new ways to con people out of their money. Recently, they’ve even been hijacking QR codes to pull scams on innocent victims. Here’s all you need to know about QR code scams and how to avoid them. 

What’s a QR code? 

Before we can explore the details of these scams, let’s understand what a QR code is and how one works. A QR code, which is an acronym for “Quick Response code,” is a square barcode that can be scanned using a smartphone. It leads directly to a website or app. Businesses use QR codes for any number of reasons, from posting online menus, to scanning coupons, to processing payments and more. In the no-touch era following the coronavirus lockdowns, QR codes are more ubiquitous than ever.  

Ironically, QR codes should help prevent fraud, since they take the user directly to the desired site, leaving no room for misspellings or for scammers to lure victims to a bogus website that has a URL that is similar to the legitimate website. Unfortunately, though, scammers have found a way to weaponize QR codes, too. The technology necessary to create a QR code is not accessible for anyone, making QR code scams easy to pull off and difficult to identify. 

How the scam plays out

In a QR code scam, a scammer will replace a legitimate QR code with their own code. A target will then scan the code and make a payment for a transaction. Unfortunately, the target has sent their money directly to the scammer and has not made a payment for the transaction as they believe they have.

In a recent QR code scam, fraudsters replaced dozens of QR codes on public parking meters in San Antonio, Texas with their own codes. Drivers seeking to pay the meter costs scanned these codes and sent their payments to scammers. To make matters worse, many victims also unknowingly shared access to their phones with the scammers, setting themselves up for future scams as the criminals use the information on the phone to pull off additional schemes. 

How to avoid a QR code scam

QR code scams can be challenging to recognize. For this reason, the FBI has advised against downloading an app from a QR code and/or downloading a QR code scanner app. However, there are ways to keep yourself safe from these scams. 

When scanning a QR code, it’s a good idea to treat the link like any other email or text message. Proceed with caution and practice online safety measures as you would with any other online transaction. Check the source of the QR code and the URL that the code directs you to for common signs of a secure site, including a lock icon, an “s” after the “http,” and whether the URL matches with the URL of the intended site destination. 

If the webpage or app the code sends you to seems suspicious in any way, leave it. You can access the payment portal you need by visiting the app or website on your own. 

When using a QR code, look for these red flags that can indicate a possible scam:

  • The URL is different from the home site.The QR code is posted on a public sign or notice that seems to be tampered with.The site or app the code directs you to is full of typos. 

Knowing how to recognize a QR code scam can help prevent you from falling victim to this emerging and quickly growing scheme. 

If you were scammed

If you’ve used a QR code to pay for a transaction and subsequently received an email from the company claiming you’ve never completed the payment, or that the payment failed, you may be the victim of a QR code scam. Let the company know that its QR code has been tampered with and alert the FTC as well. 

Stay alert when using a QR code and stay safe!

Your Turn: Have you been targeted by a QR code scam? Share your experience in the comments. 

Beware of Sport Ticket Scams

There’s nothing quite like watching sports live. The energy, the cheers, the game! But tickets to live sporting events can be pricey, and scammers know this well. They’ve come up with all sorts of scams involving the sale of sport tickets, and often, they succeed at conning innocent victims out of their money. Here’s what you need to know about sport ticket scams and how to avoid them. 

How the scams play out

In a sport ticket scam, a target searches online for tickets to a live sporting event. An ad appears on screen, offering tickets to this event. When the target clicks on it, they find their way onto the alleged seller’s webpage. They enter their information, choose seats, and then notice that the tickets are ridiculously overpriced. At this point, they’ll either opt-out or decide they really want to go to this event, so a ticket is worth any price to them. They’ll input their credit card info, complete the payment and expect to receive confirmation of the sale. They’ll wait for it to come… and wait… and wait. Unfortunately, the virtual tickets aren’t coming and the victim will  never hear from the seller again. To make matters worse, the scammer now has their personal information and credit card details so they can scam them even more. 

In another version of the sport ticket scam, the victim receives an e-ticket after completing the transaction. However, this ticket is useless because it is either counterfeit with forged barcodes and logos or a duplicate of an actual ticket that has already been sold to other buyers.

The do’s and don’ts of purchasing sport tickets:

Ticket scams can be challenging to spot because scammers use sophisticated methods to create look-alike sites, bogus tickets and more.  Don’t get scammed! Follow these tips to avoid getting caught in a sport ticket scam:

Do:

  • Use payment methods that come with a level of protection, such as credit cards.
  • Shop local. If you’re trying to purchase a ticket at a bargain price from sites like Craigslist, eBay Classifieds or OfferUp, ask to meet the seller in person at a well-populated area or near a local police station. 
  • Buy tickets at the venue box office.
  • Buy tickets from authorized brokers and third-party sellers once you have verified contact information. For optimal security, contact the original promoter of the ticket directly to verify the ticket’s authenticity. 
  • Research the seller carefully by looking for a safe website and a legitimate physical address and phone number. 
  • Complete a quick online search for negative reviews about the seller. Just input the seller’s name, email address and phone number, along with the words “fraud,” “scams” and/or “fake tickets” to see what the internet has to say.
  • Check to verify that the tickets have the correct date and time printed on them before confirming your purchase. It’s also a good idea to check that the section and seat number actually exist at the venue.

Don’t:

  • Don’t wire money or use uncommon payment methods (such as gift cards) to pay for tickets.
  • Don’t pay for a ticket before seeing it.
  • Don’t meet a private ticket seller alone or in a low-traffic area.
  • Don’t trust online search results for ticket sellers without researching each one carefully.  

If you’ve been scammed

If you believe you’ve been targeted for or become a victim of a sport ticket scam, there are several steps to take to mitigate the damage and help stop the scammers. First, if you’ve paid with a credit card, be sure to dispute the charge, cancel the card and ask for a new one. Next, report the incident to the Federal Trade Commission (FTC). You can also file a complaint against the bogus ticket company through the Better Business Bureau (BBB) Scam Tracker. Finally, let your family and friends know about the circulating scam. 

Don’t let a live sporting event go foul! Stay alert and stay safe. 

Your Turn: Have you been targeted by a sports ticket scam? Tell us about it in the comments.