Expert offers tips on how to protect against evolving Internet scams

Scams and cyberattacks are only getting more sophisticated and widespread, and almost anyone with a digital device and online accounts is at risk of being targeted.

Attempts to glean individual personal information can come in many forms - unsolicited emails or fake messages suggesting a security risk for an important online account. Websites or apps designed to look like banking platforms. Phone calls or texts from someone purporting to be in law enforcement, cybersecurity or even a family member. The risks are widespread, but there are some steps anyone with an online presence can take to make sure they are as protected as possible.

David Wolf is the vice president of Just Solutions, Inc, a technology services company based in Rochester, New York. The company provides a wide range of commercial IT services and a residential and commercial cybersecurity protection service.

Wolf said that many of his company's customers are older people, who tend to have more money that can be targeted by scams or theft while also less familiarity with the technological platforms that have become part of everyday life.

"We're finding seniors always seem to be a targeted audience, because they are a little more trusting and don't understand the technology completely, so it's not too hard to convince them there's something they need to do."

One common scam that has targeted many older clients involves someone pretending to be a Microsoft technician, reaching out to a target and offering to repair or speed up their computer. It's been around for many years, but victims of all ages are regularly targeted with emails, letters and phone calls from the bad actors. As of 2021, Microsoft reported it received about 6,500 complaints from people who've been victims of a tech support scam. That report, based on a Microsoft-commissioned YouGov poll, found that millenials and Gen Z were the most targeted by that particular scam, but were among the least likely to fall for it.

Other scams may involve someone calling purporting to be an IRS agent, a federal or local police officer, or some other authority figure, who says the target needs to pay some amount of money to avoid being arrested or otherwise punished.

"The first thing to know is Microsoft, Apple, the IRS, none of these organisations are going to be calling you up by phone," Wolf said. "That's a fact. If someone calls you and claims they're from the sheriff's department with a warrant for your arrest, someone says you're past due on your taxes and need to go to a website to fix it, or your Apple ID has been compromised and you need to log in and fix it, that is a scam."

A relatively recent avenue for scam outreaches has been via text message. Bad actors can reach out pretending to be an automated online account security warning, a bank warning about a suspicious or fraudulent charge, or even a political candidate soliciting donations in this election year.

Links in these messages may appear to be authentic, and the websites themselves may look exactly like the intended destination. But Wolf said it's relatively easy for someone to recreate a convincing log-in page with a little bit of computer know-how and use that to collect people's usernames and passwords.

"When I went to hacking class and got my certificate, Certified Ethical Hacker, we did that," he said. "There are tools out there that any, we call them 'script-kiddies', or anybody can use this tool, it can go to a website, 'scrape' it, and build a duplicate image of the website. It won't really work, but it's enough to trick someone into giving their login info over."

Wolf said it's not a question of intelligence when someone falls for a scam - they're built on a combination of trust, duplicity and just how difficult it can be to keep a perfectly safe online presence. Information someone doesn't even willingly hand over can be stolen in an instant, and any online account can have its data stolen, even if the individual didn't even make their account for themselves.

Credit bureaus, medical record depositories, banking records, phone records for every customer of AT&T have all been broken into and had their information taken by bad actors. Bloomberg Law reported on August 2 that 2.9 billion records, including Social Security numbers, were stolen from National Public Data, a public records data company that offers background checks and fraud prevention. Most people are unlikely to have heard of the company before, but it has records on essentially every US citizen as well as British and Canadian citizens.

The best anyone can do is be as vigilant as possible, Wolf said. One key is remaining always skeptical of attempts to get you to enter your personal information on any platform.

"Zero trust, always verify," he said.

When any individual reaches out demanding money, find the phone number for the agency they claim to represent and call it directly. Some scams have started to use relatively simple tools that can "spoof" a caller ID record and phone number, where even using a redial function will call the scammer instead of the seemingly-authentic number displayed on the phone.

Wolf suggested that families even establish secret "code words" that can be used to verify that a call is from the correct person. If an individuals social media accounts are broken into, scammers can try to reach out to other family using their accounts, and recent advances in voice-spoofing and generative language models like ChatGPT can make it sound like a family member is calling in an emergency, asking for money, when in fact it's a scammer.

Wolf said that another key to online security is to have a diverse range of passwords, made as complex as possible, with no passwords repeating and ideally not even very similar. That can be very difficult if someone has a large number of online accounts, but Wolf said using a password manager of some kind can be very helpful.

Some password managers are built into Internet browsers or your computer or cell phones operating system - they can suggest passwords that are very secure as well, and the user only needs to remember their computer or phones password to use them. There are third-party options, applications that can be downloaded that offer a similar function.

But Wolf suggested that an old-fashioned paper notebook might be the best option for many people who only use the computer at home and have only a few online accounts to keep track of.

He said he has family that use this method - they brainstorm very complicated passwords and write them down. The notebook never leaves the house, and while there's the risk of a theft, keeping it secret and safe can guard against that. Wolf said that's also useful for seniors who may need someone to take care of their accounts after they pass, giving their family an easy way to handle finances and social media accounts.

Wolf's company Just Solutions Inc, also offers an at-home cybersecurity package that puts his team of experts on standby for home or commercial clients. A combination of credit monitoring, antivirus and scam-filtering software, data backups, round-the-clock hotline customer support and even identify theft insurance, it aims to cover the biggest online risks.

Wolf said that scams of all kinds are only going to keep going, getting more advanced and convincing as technology advances and becomes more integral to society, while cybersecurity experts like himself will continue to find ways to protect people from them.

"There's always this back and forth, for example AI will make things harder but we'll combat that with AI detection software," he said. "This is the back and forth, every generation has to deal with different issues and ways people will try to use the tools of the day to scam others."

 - TNS