Cybercrime is on the rise, but even the best antivirus software can’t thwart scammers who target the human psyche.

Some of the most damaging and costly scams involve what’s known as “social engineering.” That’s when fraudsters use time-tested techniques of deception and emotional manipulation, tricking people into divulging personal or financial information, or even granting remote access to their computers.

This is what happened to Barry Heitin, a 76-year-old retired lawyer who lost roughly US$740,000 to sophisticated swindlers impersonating bank and government officials.

People of all ages and socioeconomic levels are potential targets, but senior citizens are particularly vulnerable. They’re more likely to have amassed savings, and they’re perceived to be more isolated or perhaps less computer savvy.

There are also more entry points for scammers now - in our text messages, social media, dating sites or online groups. That silly personality quiz you just whizzed through on Facebook? It might have been created by fraudsters phishing for personal details.

“What is changing is the criminals’ ability to connect with us, and that’s because of the device we carry with us 24/7,” said Amy Nofziger, director of fraud victim support at AARP Fraud Watch Network. “A day doesn’t go by where we don’t have a million-dollar loss.”

Nobody ever expects to be the victim, but criminals are constantly fine-tuning their techniques and operating from well-worn playbooks.

Here are tips on how to avoid some of the most devastating schemes and what to do if you or someone you care about becomes ensnared.

Avoiding scams

Familiarise. People may be susceptible to scams because of their life stage or circumstances. Young college graduates may be targeted by promising job offers. People buying homes are being tricked into wiring money to scammers. Older people tend to fall into schemes involving fraudsters who claim to be a government official or someone offering tech support. And people of all ages are lured into frauds promising lucrative investment returns, often in cryptocurrency.

To stay informed, familiarise yourself with the most common scams circulating. The Federal Trade Commission sends consumer alerts, and the FBI, which issues public service announcements on the latest schemes, will soon offer an option to subscribe to email updates.

Check your emotions. Criminals appeal to our lizard brains and often combine those emotional appeals with a false sense of urgency.

“I am a sophisticated person and aware of these scams, but when I heard the words ‘We are going to kill your daughter’, all sense nearly went out the window,” said the Rev. Debra Andrew Maconaughey, rector of St. Columba Episcopal Church in Marathon, Florida, who was targeted last month by criminals demanding money.

A retired corporate executive who lost US$100,000 in a romance scam said that, in hindsight, he realised he was hooked through an “intoxicating combination” of emotions at a vulnerable moment. He was extremely lonely when an attractive banker who called herself Alice contacted him on Facebook.

After winning his trust, Alice suggested that he trade into bitcoin, “investing” money incrementally. But when he went to withdraw his fictitious winnings from what he later realised was a phony trading app, the platform told him that his account was frozen because of potential money laundering - and that he would have to pay to release it. When he told the trading app that he would contact the authorities, Alice vanished.

“I would say it was greed,” he concluded. “Never get lonely with a woman on Facebook.”

Understand what you won’t be asked for. Nofziger sees complaints daily. Her advice: “Just listen to what they’re asking for,” she said. “If anyone is asking you for prepaid gift cards, bitcoin via ATM machines, gold bars, cash, Venmo, CashApp, Zelle or Social Security numbers or Medicare information, stop.”

Government and law enforcement rarely reach out to citizens by phone, and, even if they did, they will not ask you to pay them using cryptocurrency, prepaid cards and wire transfers.

Remember online hygiene. There are some basic practices that can help, but slowing down and moving more deliberately, like taking time to check whether suspicious emails have official-looking addresses (or are off by one letter or digit), can help.

Don’t download software providing remote access to your computer or cellphone. Don’t click on sponsored links, advertisements and pop-up screens, all of which can contain malware. Turn on pop-up blockers in your web browsers.

Scammers can spoof legitimate numbers on your caller ID so it looks like as if are calling from, say, your bank or the taxman. Be sure to call back providers using phone numbers you found independently, or on the back of your bank cards. (Also be aware that scammers have been known to take over mobile phones and redirect outgoing calls.)

If you become a victim

What’s my first step?

The nature of each scam is different, so the remedies will vary. But generally speaking, the first call should be to your financial institution to alert it. If you’ve wired money to a fraudster, you can try to request a recall or a reversal, but that needs to be done almost immediately.

If you’ve purchased a gift card, immediately report it to the gift card issuer.

Which law enforcement/government agencies can help?

Many people don’t report frauds because they feel so much shame, but it’s important to do so quickly with as much information as possible. That helps law enforcement aggregate complaints, detect patterns and emerging threats, and identify and investigate criminals.

Local police. Experts suggest starting with your local police department, though not every one will have experience or training in cybercrime. If yours doesn’t, ask for a detective who specialises in economic crimes.

National Scam Response Centre. Currently, victims of scams in Malaysia can contact the dedicated hotlines set up by their respective banks (available 24/7) or contact the NSRC at 997, which operates from 8am to 8pm daily including on public holidays.

What are the chances I can get my money back?

It’s sometimes possible but usually not probable. It depends on the scam and how quickly it’s reported to the financial institution and appropriate agencies.

What should I do if my computer may have been compromised?

If you believe a scammer may have had access to your device, get your machine scrubbed clean by a professional, like Apple’s Genius Bar or a local computer technician.

That means formatting your computer back to its factory settings and reinstalling the operating system. Taking this step would remove any malware you couldn’t see, including remote access trojans, which let hackers control your device, said Sinan Eren, a cybersecurity expert and CEO of Opnova, a startup that automates security.

“This is the correct approach to remove any doubt,” Eren said.

If my computer starts sounding alarms, what should I do?

Several victims seem to have clicked on a pop-up window, ad or some other link that caused their computers to make loud noises, as if it were under attack. Do not follow the instructions on the screen. Instead, shut the machine off and disconnect from the internet. Then you’ll want to scrub the machine clean to ensure it’s free of any lurkers.

What should I do if I suspect my phone has been compromised?

Fraudsters can infiltrate your mobile device in different ways like having calls and messages forwarded to another number, or porting your phone number to a device they control (known as SIM swapping).

If you think your phone has been tainted, visit your mobile carrier’s store, or call the provider from another phone number.

Tell the representative about your suspicion and go over your account settings with them, including call forwarding and your voicemail password, Eren said. “It is a good idea to establish a security PIN with your mobile carrier, which will be asked when you call for service from there on,” he said.

Eren also suggests returning the device to its factory settings, recovering data through iCloud or Google Play and always updating the operating system as soon as an update becomes available.

Anything else?

Change passwords for email, financial institutions, computers and mobile devices and any other sensitive accounts. Always use two-factor authentication, if you don’t already. 

 - NY Times