Our final Speaker Series webinar, How to Stay Cyber-Safe This Holiday Season (and Always), was filled with conversation about what kind of scams are happening right now and how you can keep yourself and your loved ones safe in an increasingly online world.
The free event featured Jeremy Nicholls, GM, Card Services and Fraud Solutions at Everlink Payment Services and Joel Grannum, CPP, Risk Management Security Specialist at CUMIS.
Missed the event? Get advice and tips on what to do – and not to do – to stay safe when shopping online and getting ready for the holidays by reviewing the video or recap below!
Q: In our digital world, cybercrime and threats are real. This is especially true as we are in the holiday season. What exactly is cybercrime and how common is it?
Jeremy: In my mind, cybercrime is part of a larger family of fraud called mass marketing fraud. And what mass marketing fraud is done through the internet, telephone, cold calls to your door, letters or anything that marketers would use to gain your attention and make you do things or buy things you perhaps don’t realize you want to do or shouldn’t do. Criminals are incredibly active in this space right now because it carries very little risk of being caught, it’s pretty anonymous, there’s no face to face interaction. Also you can target thousands and thousands of people pretty quickly. How many times do you get a scam call to your phone? There are marketing channels out there that let you initiate 40,000 phone calls in less than one minute. It costs you around $300 to do that, and if you get a 0.1% response rate, that’s going to net you around $40,000. And that’s why we see a lot of this sort of fraud out there.
Joel: Cybercrime, simply put, is criminal activity that takes place on the internet. Stealing victim’s money, taking over online accounts, tricking victims into sending money, providing fraudulent opportunities for jobs or to purchase counterfeit or misrepresented merchandise. It’s very common because it’s working. As we put more of ourselves online and we conduct more activities online we all have a responsibility to get interested in learning more and understanding what the risks are and how to protect ourselves.
Q: Can you briefly address the types of cybercrime that exist?
Jeremy: You can think of a million ways to take money out of someone’s pocket. Right now probably 20% of the share of all cyberfraud is romance scams. They are scams done to people who are looking for a partner and using online resources to do that. There are bad guys out there looking to take advantage. Other ones out there right now are job board scams, rental market scams, malware on your computer to try to steal banking information, phishing (email), smishing (SMS), vishing (video). The interception of e-Transfers is quite a problem at the moment – I could go on for a week.
Joel: I put it into three buckets: phishing as an umbrella term – fraudsters contact you via email, text, voice call, even QR codes as we’re seeing this year and they do all this to harvest credentials which basically means trying to steal your username and password or instal malware on your devices. The second bucket is identity theft where a criminal steals your personal information then they try to commit fraud in your name. The third bucket is those social engineering or pressure scams. Social engineering is a fancy way to describe tricking you. In these scams, they are trying to play on your emotions, to blur your better judgment like romance scams or emergency scams where they try to make you believe someone you love is in trouble and you need to help them out. Or those authoritative scams that make you think they are some law enforcement or government official and threaten punishment if you don’t follow their instructions. Or investment scams where you have to act now, maybe it’s a product you don’t know too well like cryptocurrency and that fear of missing out pressure kicks in.
Q: What can people do to be aware and stay safe?
Jeremy: Slow down. Think about what’s taking place. Does it make sense? Does it make sense that I can get an iPhone for $200 that usually costs $1,000? Educate yourself because the more you know, the more you’ll see it. Remember the phrase if it’s too good to be true, it probably isn’t.
Joel: If it’s unsolicited, you didn’t ask for it, does it make sense? Whenever there’s pressure involved, that’s a huge red flag. If someone’s contacting you and saying hey you need to pay me with a gift card, think of how many legitimate businesses would transact that way?
Q: I’ve read that Gen Z and Millenials are falling prey to online scams faster than some other generational counterparts. Are there targeted attacks that might vary from Gen Z to Baby Boomers?
Jeremy: Elderly people are much more vulnerable to threat attacks such as the CRA threatening that you’ll go to jail. They were brought up in a different era where law is law and you do as you’re told. Romance scams are often targeted to older people, maybe people coming out of divorces or relationships but we are seeing them morph into targeting younger people. Younger people have a bravado that nothing will happen to them, but there’s a lot of pressure to have more followers and they’re lining themselves up to be more vulnerable to having their private information stolen because they’re more visible.
Joel: Many young people grew up with the internet and it’s very normal to share your personal life with all your followers. It’s also normal to believe what you see on the internet and to download an app without a second thought. There are some scams that target younger people specifically like fake sites that target younger people with expensive items at unreal prices. Or social media scams with fake pages and fake contests where you have to provide your information first to claim your prize, things like that. A twist on romance scams that targets younger people are called sugar mama or sugar daddy scams. Someone you’re not connected to on social media will DM you and say they have a lot of money and no one to spend it on. If you agree to meet with me, communicate with me, a few times a week I’ll give you a boatload of money. Again, does it make sense that someone wants to give you money for nothing? But what they’ll do is say that you have to give me a bit of money, maybe $50, just to put some skin in the game and prove you’re loyal.
Q: So what measures would you suggest people employ to better protect themselves online? Should the every day consumer be using a VPN when making purchases online, or is that overkill?
Jeremy: VPNs are great but there’s a caveat – you have to make sure the VPN you’re using is trustworthy. And they problem for lots of young people is that they’re not that cheap. So they look for free ones, which is an advertisement for having your data taken. I don’t think you need one in your home for surfing the web, but I think they’re useful for connecting to public wifi or hotspots. And I’ll say never, never, never log in to your banking platform or anything with a payment connected to it on public wifi.
Joel: There are a few other measures you can take besides VPN – things like protecting your accounts with strong unique passwords, don’t recycle passwords, use passphrases, enable multi-factor authentication on your email, banking and social accounts and setting up an inactivity lock with a short timeframe like one minute on your devices.
Resources
Haveibeenpowned.com (will tell you if your data has been compromised)
Canadian Anti-Fraud Centre
Competition Bureau – Little Black Book of Scams
UK National Cyber Security
Hacking Humans (podcast)