Checklist 334: Summertime, and the Scamming’s Easy

Summer of scams

Scams are seasonal—and the summer season has officially begun. CNET is warning of a rise in summer vacation scams, based on research by the cybersecurity firm Check Point. According to the CNET piece:

Check Point say they’re seeing a rise in summer vacation-related phishing emails, fake websites and other online scams designed to dupe people out of their money, corporate credentials or personal information.

Of course, phishing scams have been around for a long time. But the bad guys’ tools keep getting better—from the wealth of OSINT made available by social media sites like Facebook and LinkedIn to AI technology like ChatGPT. The result is scams that seem less one-size-fits-all and much more personal.

For example, one prevalent scam involves receiving an email supposedly from your HR department, containing corporate calendar information and instructions to request time off. However, clicking on the link leads to a fake Microsoft login page where scammers steal victims’ credentials.

The Cybercrime Support Network offers a few more examples of summer-themed online scams:

• Fake travel websites set up to steal personal or payment information—using the lure of great deals on travel, hotels, and vacation packages.
• Travel verification scams that involve scammers impersonating folks in the travel industry. They claim there’s a problem with your holiday plans…a problem that can only be resolved with your payment information and personal information!
• Prize scams are exactly what they sound like: Scammers claim you’ve won a free vacation and tell you that all you have to do to claim it is offer up some payment info to handle the fees and taxes.

How to avoid summer vacation scams

Scams come in all shapes and sizes. But there are some reliable ways to spot them—and keep yourself and your loved ones from falling victim to the bad guys:

1. Ignore unsolicited messages, be they emails, texts, social media posts, or phone calls. Don’t click on links or download attachments. If you think a message might be genuine, research the organization and get in touch on your own—using a contact method that you find, never one given to you by potential scammers!
2. Check website URLs to make sure you’re not dealing with a lookalike domain (e.g. “expeedia.com” instead of “expedia.com”).
3. Use secure payment methods that allow you to claim a refund in case of fraud. This means PayPal, credit cards, or digital wallet services like Apple Pay.
4. Be wary of deals that seem too good to be true. They usually are!

SMS scams and how to avoid them

SMS scams are increasing in prevalence and severity, with the FTC reporting that scams spread by text “accounted for $330 million in reported consumer losses in 2022.”

SMS scams run the gamut from bogus nutrition supplements to forex trading schemes—but especially prevalent are fraudulent texts that impersonate actual organizations. Per a CNET piece on the issue:

…the most common type of scam text were those made to look like fraud alerts from well-known banks. The texts create a sense of urgency, telling the recipient they need to verify a large transaction by tapping on an included tiny link. Those who do respond are connected to fake bank workers.

Clearly, it’s a serious problem. But as with vacation scams, there are some clear ways to avoid falling victim to an SMS scam:

1. Keep an eye out for suspicious messages and report them by forwarding to 7726 (SPAM).
2. Don’t engage with spammers. Report, then delete. 
3. Don’t give out your phone number if you can help it. Businesses often ask for your number, but you don’t have to say yes. The fewer databases your phone number lives on, the lower the chance it will be leaked in a breach.
4. Never provide sensitive information (personal or financial) over text. Legitimate organizations will never ask for it this way due to security concerns.