TECH4GOOD
Despite numerous campaigns and warnings about safely using digital tools and platforms, many still fall for online scams, mostly perpetuated on social media and email platforms. Cybercriminals seem to be getting more sophisticated and can now design and carry out their scam baits in a highly convincing manner.
Speaking about online scams to a crowd of about 200 people recently, I was taken aback by the extent of the problem. Almost 90 percent had fallen victim to online scams or had their social media accounts hacked in the past 12 months. This clearly indicates the severity of the issue among the general population.
One common way social media accounts are infected is when a connection’s account gets hacked. The perpetrators then gain access to all the account’s connections. They typically send simple messages to each connection using the hacked account. The infection spreads rapidly when one of the connections unknowingly replies. The scam usually culminates in a request for a money transfer.
On the other hand, smishing scams involve SMS messages pretending to be from legitimate enterprises such as banks, telcos, or even the post office. One of the most common would be a telco company reminding recipients to take care of expiring rewards. Fake messages from the post office would usually come as advice, saying that parcels are being held because of documentary issues. The links provided can be easily determined as fictitious because they do not necessarily reflect any similarity to the legitimate site names.
Experts also see that recent phishing attacks have evolved significantly, utilizing advanced tactics and even artificial intelligence to deceive individuals. For example, attackers now use fake websites that appear secure using HTTPS protocols, making it difficult for ordinary users to distinguish them from legitimate sites. This method can exploit the trust we usually associate with secure connections.
Phishing methods come in many forms today. Angler phishing creates fake customer service profiles and can respond to complaints or inquiries with malicious links, luring victims into providing personal information. With clone phishing, legitimate emails previously sent by trusted sources are replicated, replacing links with malicious ones. Because they appear as resends, the likelihood that recipients will bite is increased.
Other forms of phishing involve manipulating Wi-Fi networks. One technique involves setting up fake Wi-Fi networks that impersonate legitimate ones so attackers can capture sensitive information when users connect. Another form is when attackers compromise websites frequently visited by target individuals or organizations. This method is usually used to access users' networks when they visit.
QR codes usually symbolize a trusted way to connect to institutions. However, there is now a new form of phishing called quishing, in which QR codes direct users to malicious websites that may divert payments to fake accounts. These tactics can happen in restaurant settings. These fake websites may also collect personal information such as bank details and prompt unknowing users to download infected apps.
We all need to adopt proactive strategies to effectively defend against online scams and fraud. Online shopping should only be done through platforms that offer robust buyer protection policies and secure payment methods to reduce the risk associated with cash transactions or direct bank transfers, which are common on peer-to-peer social media marketplaces.
Let us familiarize ourselves with common scam tactics such as phishing and smishing and their different variations. These tactics usually create a sense of urgency when asking for sensitive information. We must stay informed by regularly updating ourselves on the latest scams and fraud techniques. AI-enabled scamming methods are beginning to emerge, including cloned voices that will make it appear that we are talking to an actual acquaintance.
We should always verify requests for information by confirming the requesting party's identity, whether the request is made via messaging platforms or emails. Typically, authentic establishments do not ask for sensitive information in this manner. If we receive unexpected emails or messages containing links or attachments, it is better to navigate directly to the websites using their public URLs.
We must continue with tested measures such as using strong passwords and regular changes. Protecting our devices with up-to-date anti-virus software can help us detect and block malware. Another emerging scam-preventing method is the use of a safe phrase. It is a previously agreed phrase that we and our inner circle can use to verify if we are really talking to them. It can be anything as long as it is simple yet random, easy to remember, and shared with friends and family in person. Just be sure that it is regularly changed. If it is no longer private, change it immediately.
Finally, we must monitor our financial accounts regularly by checking our bank statements or apps for unauthorized transactions. Let us all be suspicious of unsolicited messages. If something does not feel right, make an effort to investigate before acting.
The author is an executive member of the National Innovation Council, lead convener of the Alliance for Technology Innovators for the Nation (ATIN), vice president of the Analytics and AI Association of the Philippines, and vice president of UP System Information Technology Foundation. ([email protected])