Top Three Major Financial Scams of 2019 So Far

The title of the underlying article is more appropriate for a year-end analysis rather than a quarterly one. Nevertheless, there has been a massive surge in financial scams recently as compared to previous years, which is why we need to give unsuspecting potential victims the lowdown on what they should watch out for when browsing the Web. Every day we read and hear news about the following:

1. Financial scams spreading over popular social media platforms
2. Social security number thefts, identity thefts, and tax scams
3. Email (Nigerian), phone (lottery won), and ATM scams

While different scams have adopted different infection vectors to spread among as many targeted users as possible, they all stem from a notorious malicious technique known as 'phishing.' Currently enjoying great popularity among malware actors, phishing is a collective term used to describe any attempt to gather personal data regardless of the infection method at play.

Social Media Scams – Instagram, Facebook, Twitter

The rising popularity of social media platforms is showing no signs of slowing down as new accounts come to life every day. As of June 2018, there were 2.2 billion Facebook accounts, 1 billion Instagram users, and more than 260 million Twitter enthusiasts. Therefore, it is hardly surprising that those vast numbers lay fertile ground for endless scam opportunities, and cybercriminals have taken every possible advantage thereof. Acting as events promoters and fake goods merchants, they prey on hundreds of Instagram users a day. Since two-thirds of all Instagram users nowadays are teenagers, they are naturally the prime targets. In the UK alone, hackers have stolen at least $4.2 million from unsuspecting Instagram users since October 2018, according to police reporting center Action Fraud. That represents a 700% rise in Instagram scams in comparison to the preceding six-month period.

While fraudsters apply different social engineering tricks to gullible targets, they all convey the same message which sounds too good to be true. So, if you come across a merchant offering you a half-priced iPhone while checking out what's new on Instagram, make sure not to jump at the chance. If it sounds too good to be true, it probably is.

Instagram is by far not the only place you could lose money. Facebook and Twitter are also abundant with fake users pretending to have earned a fortune from trading stocks or binary options, always promising stratospheric weekly profits with zero chance of failure. Other scammers churn out fake super deals for products advertised at unrealistically deflated prices. Still, others sell tickets for seemingly actual events that end up canceled without notice. Regardless of the subject, however, each scam follows the same pattern – the crooks hijack legitimate accounts belonging to unaware Facebook users, then act on behalf of those users by exploiting their accounts to distribute the scam.

Social Security and Tax Scams

The period between January 1 and April 15, or the so-called tax season, is quite a busy one for the SSA and the IRS. That is the time when millions of American citizens and businesses alike file their taxes every year. The sheer magnitude of the tax campaign usually causes a significant surge in scams ranging from stolen social security numbers and tax refunds, as well as identity thefts. So far, 2019 has made no exception as ongoing Social Security and tax scams continue to strike hard across the States and the state of Kentucky in particular. How does this type of scam work, though?

When it comes to tax returns, the scammers usually call potential victims over the phone to verify their data. The former claim to be working for the IRS to gain credibility. After gathering the required personal information, they could secretly divert funds belonging to the victim to a different destination. A Kentuckian citizen recently reported having lost almost $10,000 worth of Google Play cards following a call initiated by a fake IRS agent who threatened to place them under arrest.
In the event of a Social Security scam, the criminals hijack an official phone line belonging to the Social Security Administration, then trick the victim into revealing their Social Security number for verification. The total amount of losses incurred as a result of a Social Security scam campaign in 2018 exceeded USD 10,000,000 while the total number for 2019 will probably come to light shortly.

To avoid disappointment, potential victims should never disclose any financial and personal data whenever anyone asks for such data over the phone. Mind you, that no U.S. agency requires such data by telephone. So, if anyone pretends to be an IRS agent or an SSA employee and requests your personal information, hang up with no questions asked.

Email Scams – Invoice, Lottery, ATM

The practice of sending spam emails to targeted victims remains relatively popular among con artists. Victims receive a fake message containing a fraudulent invoice they supposedly have to pay. The email itself may look as if it was sent by a legitimate vendor such as Paypal, Visa, or Amazon, to name a few. However, unless the email contains your full name, it is most certainly a fake one. Therefore, you should treat with suspicion any message that starts with, say, "Dear Sir/Madam/Customer" rather than your actual name(s).

The same applies to the so-called lottery scam – an email informing its recipient about a large prize they have won by lottery. To retrieve the prize, victims are required to provide personal and financial data. Also known as 'the Nigeria scam,' this technique shows no signs of slowing down and will prevail in 2019, as well.

Last but not least, ATM malware attacks have also become increasingly common lately. The greatest threat to ATMS is the so-called jackpotting, or cashout malware used to auto-drain the funds available on the machine at the time of the attack. The outdated software running on the majority of ATMs today acts as a catalyst for the widespread of such ATM-targeted threats as WinPot and Cutlet Maker. While they are both available on the dark web, they do require a direct physical connection to one of the serial ports of the targeted ATM. Adequate protection and up-to-date software could go a long way towards minimizing the risk of malware infections to a minimum.

The threats mentioned above are but a taste of the entire arsenal of scams cybercriminals rely on to steal your money when browsing the web. Knowing how to react whenever you come across suspicious prompts is crucial to keeping your money in your wallet.