By Greg Snyder
What was the top scam in 2023? Per the Federal Trade Commission, imposter scams are at the top with reported losses of $2.7 Billion. “One in four people reported losing money to scams, with a median loss of $500 per person. And email was the #1 contact method for scammers this year.”
Usually, these emails arrive telling us that some account of ours is in need of a password change, a verification request, an update, or something in that vein. How can we tell if they are real, and what should we do if we get one? First…Stop. Don’t do anything in a hurry! Your bank or credit card company will never ask you for personal or log-in information in an email or by phone! For the most part, these institutions will instruct you to log-in to your bonafide account through URLs you’ve already bookmarked and to conduct business through their secure account software or secure messaging from within your account.
Look carefully at the sending email address. “Acmebank@mybank.com” can look a lot like “Acmebank@mybbank.com” when you are in a hurry. These scammers can be very tricky!

Beware of any provided links. These emails almost always provide us with a “helpful” link or attachment for us click on, which takes us to a familiar looking website to help us fix the alleged problem. Clicking on these links is a very bad idea. Only use links and phone numbers provided directly by your bank or institution when contacting them.
Here’s a true story of why we need to be extremely careful. If we “willingly” provide our account information to someone, even though we’ve been tricked, we may very well be on the hook for our losses. “Being tricked into giving up our account information is not the same as having it stolen” I personally know someone who went through this experience. They lost tens of thousands of dollars. The agonizing process of getting their money back took most of the summer. This person was lucky – no law guarantees that we will get our money back when we fall for a phishing scheme and provide our personal data to a scammer online or over the phone.
What are the two types of “links” that we commonly see in these scams? Hyperlinks, which offer a URL (Universal Resource Locator, or web address) and Hypertext, which is text with a URL embedded within it. These links are usually just convenient ways to navigate the web, avoiding the need to type a long URL into our web browser.
How do they trick us? Look at following links, one hypertext, and one hyperlink. If you are reading this on your computer, and click either of these links Library of Congress or https://www.loc.gov/ the website for the Library of Congress will pop up in your browser.
The danger comes when some bad actor posts a link, then embeds a different URL that redirects our device to someplace else. As an example, here are the very same links as above, Library of Congress, and https://www.loc.gov/, or at least they LOOK the same. However, if you click on either of these links, you will be taken to an image on our website. Both links, even the “secure” https link, have been redirected. In this case, we were redirected to a warning image rather the Library of Congress, so no harm done…this time. But that is not usually the case.

The redirects are usually designed to phish for private passwords or other data that can be used to hack into your accounts. They can also be used to install keylogger spyware that records and reports all your keystrokes, or ransomware that can take over your computer or phone. Be aware that images and OCR codes can also contain misdirecting links, and simply clicking on such an image or scanning an OCR code can cause the same harm.
Is there any way we can tell what the real URL of a link is before clicking on it? Yes…maybe. Depending on the application, if we hover our cursor over either of the second set of the links, above, the true link URL will be revealed. It will appear as a small pop-up near your cursor, or at the bottom of your application, or both. Compare what the link claims to be, to what you see when you hover over the link. Not the same at all, is it?- Verifying a link before you click on it is always a good idea.
Even if the link looks good to you, you might want to check it out without actually clicking on it. Right-click on one of same the suspect links, above, and select “Copy Link, or Copy Link Location, or Copy Hyperlink”. Now use a URL checker. (web search “URL checker”) Click on https://radar.cloudflare.com/scan. (Did you hover and check out the link before clicking?) Once the Cloudflare website opens up, paste in that same link you just copied from above. You should see some detailed information regarding the actual URL and the hosting website.
We’ve checked out the link and we think we know it’s legitimate. Should we go ahead and follow it? Your bank or other institutions say no! Only use links and phone numbers provided directly by your bank or institution. The risk is yours to take, choose wisely.

Another thing to watch for is a switch in domain extensions, and there are a lot of possibilities: .com, .net, .org, .edu, etc. If you are expecting to go to a government sponsored website like the Library of Congress, https://www.loc.gov/ , and by mistake or misdirection you click on https://www.loc.org/, you might need to be speaking Canadian English, and be ready for some real fishing! Eh?
Scammers can also spoof the phone numbers they are calling from, making your caller ID report a call from a local number or an institution you are familiar with. You answer the call rather than screening it and get an unknown entity reporting some urgent problem that you need to act on immediately. The only thing you need to do really fast is hang up! Again, your bank and other institutions are not going contact you by phone and the IRS never contacts citizens by phone or email, they only send letters. If the bank or institution you do business with does contact you by phone, tell them you will call them back, hang up, and call them using an already verified phone numbers for those institutions, not any phone number left by message or by caller ID.
One of the scams currently going around is someone from Facebook calling you to “help” you change your password. Many apps like Facebook don’t even have contact phone numbers. Hang up, and if you want to make sure, contact the organization directly using phone numbers or web-links you have on file.
For more on how the phone number scam works please read this article written by Sam Cook at comparitech.com. https://www.comparitech.com/blog/information-security/number-spoofing-scams/
Categories: Retiree News








