Each week, the ITRC works with Scam Detector to bring you up-to-date information on the scams and breaches that caused the most red flags in the previous week. By arming yourself with information on what kinds of criminal activity identity thieves are up to, you can help prevent further crimes and not be a victim yourself.
#1 – New Infrared Tech Hands Your PIN to a Thief
With so many people glued to their smartphones these days, it’s easy to overlook this new cybercrime. We’ve become so accustomed to this behavior that we may not even notice someone standing nearby, using a smartphone for what we assume to be as harmless as texting. But if the person is actually using a FLIR One camera, which is easily attached to a smartphone and looks like a simple protective cover, he may actually be recording your credit card number and your PIN number.
The FLIR One lets the thief nab a photo of your credit card number for later analysis, but also records the infrared signature of where your fingers touched the keypad. The brighter the color, the most recent (or therefore, last) button you pressed. In this way, he can also record your four digit PIN in the proper sequence.
To protect yourself, it’s always a good idea to be aware of who’s around you and who may be taking notice of you. For situations specifically like the FLIR One scam, if you keep one or two fingers on other keys as you enter your PIN or press your entire hand lightly against the PIN pad after the transaction has gone through, you can help confuse the scanner into not recognizing your specific keystrokes.
#2 – Hidden Airline Fee Scam
As October approaches, smart travelers are already beginning to shop around for the best deals on airfare and book their holiday travel flights. A new scam, though, may ruin many unwitting travelers’ holidays.
This Seat Selection Fee scam involves very official-looking emails with the names of major airlines in the subject line. The link alleges that it is a receipt for an outrageously expensive fee that the traveler has already been charged, claiming that the cost was for selecting his own seat on the flight. Of course customers would click on a link that claims they have already been charged hundreds of dollars, but the link actually installs malicious software on the users’ computers, intent on sifting through stored information for personal data.
First, you can spot these emails immediately for their lack of personalization. A genuine email from your airline would contain your name, your flight number, your travel dates, and more. Always check for poor grammar and spelling, too, as that is often a giveaway. If you do receive an email from your airline and just aren’t sure about it, contact your airline directly and speak with a representative; be sure to have your itinerary number handy to speed up the process.
#3 – Facebook Lottery
It’s surprising how many people fall victim to scams involving social media, largely because they don’t know how many of the platforms actually work. In the case of a recent Facebook lottery scam, it operates a couple of ways.
The first involves fake accounts that look realistic enough to get you to accept a friend request. After some time has passed, the account holder messages you that she works for Facebook’s corporate headquarters and informs you that you’ve won their lottery. You’re given a link to click—one that installs harmful software on your computer—and you’re also required to send a small processing fee so that FedEx can ship your winnings to you. It’s the perfect double play as they have your “processing fee” and access to your personal data on your computer.
But reports from people who’ve been approached with the scam also indicate that hackers are breaking into existing legitimate accounts and contacting potential victims through that account’s friends list. You check Facebook one day to discover a message from your aunt, for example, informing you that she’s won the Facebook lottery and will split it with you if you’ll help her out with the transaction fee. Then the thieves have your credit card information, which you’ve just shared with someone who is definitely not your friend or relative.
To protect yourself, you must remember that—first of all—Facebook doesn’t have a lottery! But more importantly, develop the good habit of never sharing your information online, never clicking unsolicited links, and keeping the “too good to be true” adage in mind.
For the rest of this week’s top ten scams, be sure to check out Scam-Detector.com or the ITRC website.