Scammers continue to prove there’s no rest for the wicked. While their goals – to get your personal information and money – remain the same year in and year out, their strategies constantly change with the times. Fraudsters know people are most vulnerable when they’re desperate or scared, and they may use pressure tactics to prey on their victims.
As in previous years, many of the latest scams in 2023 are twists on existing scams, and the measures that have protected you for years can still apply. However, watch out for a few new types of attacks.
Student loan forgiveness scams
When student loan forgiveness applications opened in 2022, the FBI warned borrowers to watch out for scams targeting applicants. Student loan forgiveness scammers may contact you via phone or create phony application sites aimed at stealing your Social Security number or your bank account information. They may put pressure on their victims with fake urgent messages that encourage you to apply for debt relief before it’s too late. Then they’ll charge you a hefty application fee. In reality, it’s a scam.
It costs nothing to apply for student loan forgiveness, so anyone who asks you to pay a fee is committing fraud. In addition, the U.S. Department of Education won’t contact you by phone. You can stay safe and avoid student loan forgiveness scams by going directly to the Department of Education website for information about applying for forgiveness.
Scammers may try to get in touch with you by phone, and some phone scams rely on smartphones’ capabilities to access the internet and install malware.
Robocalls have people’s phones ringing nonstop with increasingly natural-sounding recorded voices. They may offer everything from auto warranties to vacations or issue a threat to try and get your attention. Some robocalls can even respond to your questions.
You may receive a text message from an unknown number or email address. Often, these smishing attempts include a link to a scammer’s website or app.
Scammers impersonate IRS personnel, police, survey takers, relatives, delivery people and well-known companies to threaten you or gain your trust. They use scare tactics related to your Social Security number, criminal record or account before asking for your personal, account or credit card information.
Scammers may try to get you to install a malicious app to steal your information. Or, they might create a nearly identical copy of an existing app and then make money from in-app purchases.
QR codes have gained popularity as a touchless option to do things like read a restaurant menu or make a payment. However, scammers place their QR codes in inconspicuous spots, and scanning the code could prompt you to make a small purchase or enter your credentials on a look-alike website.
Also beware of two relatively new types of tools and tactics that scammers are using in 2023:
SIM swapping happens when a thief steals your number and assigns it to a new SIM card in a phone they control. It’s the same process you go through when you get a new phone and the mobile carrier gives you a new SIM card. The scammer uses your SIM card to steal your information to log in to your accounts and either enter a verification code or reset the account password using the code or link sent to the phone.
You might be able to contact your mobile phone operator and add extra security or temporarily freeze number porting to help protect yourself from SIM swapping. Also, see if your accounts let you use a non-SMS multifactor authentication option, in which you provide two pieces of proof to verify your identity.
|One-Time Password (OTP) Bots|
An alternative to SIM swapping, some scammers are using so-called OTP bots to trick people into sharing the authentication codes that are sent to them via text or email, or that they have to look up in an authentication app or device. The bots may initiate a robocall or send you a text imitating a legitimate company. For example, the robocall may look and sound like it’s coming from a bank. The voice asks you to authorize a charge and tells you to input the code you’re texted if it’s not one you made. In reality, the bot is attempting to log in to your account, which triggers the system to send you the code. If you share the code, the scammer can then log in to your account.
Scammers are turning to Zelle, the peer-to-peer payment app, as a means to steal people’s money. The scammer will email, text or call you pretending to work for your bank or credit union’s fraud department. They’ll claim that a thief was trying to steal your money through Zelle, and they must walk you through “fixing” the issue. Then, they may instruct you to send the money to yourself, but the money will actually go to their account.
As cryptocurrencies continue to buzz, people may fear missing out on investment opportunities. The scams can take different forms, but often involve fake prizes, contests, giveaways or early investment opportunities. The scammers may impersonate celebrities or popular cryptocurrency websites to lure victims into sending them money, sharing login information or “investing” in a project. Crypto exchange accounts have also been the target of OTP bots because you might not be able to get your crypto back if the scammer drains your account.
While romance scams aren’t new, their popularity continues to rise. According to the Federal Trade Commission (FTC), people lost $547 million to romance scams in 2021, up 80% compared to 2020 and six times higher than in 2017.
Scammers often steal someone’s identity or create fake profiles on dating and social media apps to meet victims. There’s no surefire method to detect a fake, although scammers may use stock photos and make excuses for why they can’t meet in person.
After gaining your trust, they may ask you to buy them something or send them money. Recently, some scammers have posed as investors and shared false investment tips with their victims, which could lead you to invest in a fake opportunity. Or the person may “mistakenly” send you money and ask you to send it back or forward it to someone else. If your bank later determines their payment was fraudulent, the sum of the payment will be subtracted from your account.
Romance scams can target anyone, and some scammers seek to form platonic rather than romantic relationships.
Online purchase scams
Online purchase scams continued to be the riskiest type of scam in 2022, according to the Better Business Bureau (BBB) 2022 Online Scams Report. The basic premise of this type of scam is that you purchase a product or service that’s never delivered. The BBB found that people most commonly reported being victims after trying to buy a puppy online.
Scammers often sell goods on marketplace websites or social media, although some set up fake e-commerce stores. Always look for red flags such as too-good-to-be-true prices, lack of details or high-pressure sales tactics. Scammers may also use triangulation fraud to take money from you when you buy something online, only to purchase the item you want with someone else’s stolen credit card. They’ll send you the item, and you may never know they’d used a stolen credit card and pocketed your money.
Paying with your credit card can help you limit potential losses, as you can initiate a chargeback if you don’t receive a product or service.
Employment scams use enticing, and hard-to-detect, lures to target people who’ve been out of work. Some scammers take a slow approach with interviews and a legitimate-seeming operation. They then collect personal information from your employment forms or tell you to buy equipment or training.
Other scams get right to the point and promise guaranteed or easy income – if you purchase their program. Sometimes, a fake employer sends a large paycheck and asks you to send the “extra” back—a play on the popular overpayment scam.
You may also see job opportunities that involve receiving money and sending funds to another account or receiving and reshipping packages. These “money mule” and “reshipping mule” jobs are often part of an illegal operation, and you could be personally liable.
How to avoid a scam
While scammers’ delivery methods and messaging can quickly change, a few basic security measures can help protect you from the latest and most common scams:
- Be skeptical when someone contacts you. Scammers can spoof calls and emails to make it look like they’re coming from different sources, including government agencies, charities, banks and large companies. Don’t share personal information, usernames, passwords or one-time codes that others can use to access your accounts or steal your identity.
- Enable multifactor authentication. Add this feature to any accounts that offers it as an option and try to use a non-SMS version to protect yourself from SIM swapping.
- Research companies. Before you make a purchase or donation, take a few minutes to review the company. Do a web search for its name plus “scam” or “reviews” and research charities on Charity Navigator and Charity Watch.
- Be careful with your phone. If you suspect a spam call, don’t respond or press a button. The safest option is to hang up or ignore the call entirely. You can always look up the organization and initiate a call yourself if you’re worried there may actually be an issue.
- Don’t refund or forward overpayments. Be careful whenever a company or person asks you to refund or forward part of a payment. Often, the original payment will be fraudulent and taken back later.
- Look for suspicious payment requirements. Scammers often ask for payments via wire transfer, money order, cryptocurrency or gift cards. These payments can be harder to track and cancel than other forms of payment, which can leave you stuck without recourse.
If you’re the victim of a scam, you can file a report with the FTC and your local law enforcement. The report may help others avoid similar scams.
Continue monitoring your identity
Following basic safety strategies and reviewing the latest scam alerts can help you stay safe. But mistakes can happen, particularly when you’re stressed or overwhelmed. Even if you’re doing everything right, your information could be compromised in a data breach.