Avoiding scams

Scams are a method where cybercriminals utilize deceptive tactics in order to trick potential victims into engaging in financial fraud. As the digital world continues to grow, scams become more and more prevalent and accumulate billions in losses each year. Based on a report from the Federal Trade Commission (FTC), data shows that scams accounted for nearly $10 billion in losses in 2023. Therefore, it is crucial to understand what potential scams can entail, and how to identify them.

Scams are more common than ever as cybercriminals continue to evolve and use new tactics to commit financial fraud. It is imperative to understand these scams and follow certain precautions to avoid being a victim of one.

Different types of scams

Smishing

Smishing is a cyberattack that involves sending false text messages to people with the aim of fooling them into disclosing sensitive information, clicking on malicious links, or installing malware onto their mobile devices. The goal of a smishing attack is to entice users to provide online account credentials, sensitive information, and financial data that can be used by a hacker to commit financial fraud. Smishing attacks generally imitate, but aren’t limited to, trustworthy organizations or services such as banks, government institutions, and social media.

Ways to avoid this scam:

  • Exercise caution when you receive an unsolicited text message (Companies typically contact their customers with a 5-digit number via text messages)
  • Do not respond to numbers you don’t recognize
  • Verify the identity of a sender through another source
  • Check for typos and poor grammar
  • Only use official websites and apps by navigating to an actual web browser

MFA Fatigue

MFA (Multi-Factor Authentication) fatigue occurs when a cybercriminal uses a code or script that attempts to log into an account with stolen credentials repeatedly. This causes an endless stream of MFA notifications that is sent to the account’s original owner, which can induce stress and “fatigue” as it interrupts day to day activities. The ultimate goal of an MFA fatigue attack is to overwhelm the victim to the point where they want the notifications to halt, which can result in the account owner accidentally approving the login request. However, approving the request will lead to further compromise as the cybercriminal will now have full access to the account. In many cases, cybercriminals who commit an MFA fatigue attack will contact the victim via email, text, or phone impersonating IT personnel to convince the victim to approve the MFA login request.

Ways to avoid this scam:

  • Limit the amount of authentication requests your account can receive
  • Use an authenticator app that can analyze suspect activity
  • Be suspicious of unauthorized MFA notifications, and immediately change your password if it occurs

SIM Swapping

Cell phones are frequently used by a majority of people for everyday tasks such as checking email, viewing financial account information, social media, and making purchases. With the importance of cellular devices, it is crucial to understand how SIM swapping can affect you. SIM swapping is a cyberattack in which a victim’s phone number and SIM card is transferred to another device owned by a bad actor. This typically occurs through social engineering tactics by exploiting vulnerabilities in a phone service provider’s procedures or tricking phone service employees into making a swap. When a cybercriminal gains control of a phone numbers, they will have access to the victim’s text history, phone calls, and even access to accounts requiring MFA through text.

Ways to avoid this scam:

  • Enable PIN or password protection with your phone service carrier
  • Be cautious when sharing your phone number on public websites or social media
  • Consider having a secondary number
  • Implement a SIM lock, which means your SIM card cannot be used by another device without first contacting your phone service provider

This material is for general information only and is not intended to provide specific advice or recommendations for any individual. This material was prepared by LPL Financial, LLC.