Everyone knows how annoying โ and even dangerous โ robocalls can be. Itโs the reason Congress passed the TRACED Act in 2019 to crack down on the calls. But in the wake of new restrictions, spammers and scammers have increased their use of text messages.
According to the U.S. Public Interest Research Group Education Fund, a consumer watchdog group, in the year since the law went into effect, robocalls decreased by half, but robotexts increased from about 1 billion to nearly 12 billion per month.
Who is at risk
Robocalls and text message scams harm everyone, but they are especially hard on the aging population.
โToo often, we hear stories about elderly people who lose their life savings after responding to someone they think is from their bank,โ said Teresa Murray, a watchdog at U.S. PIRG.
What to watch out for
Spam and scam texts usually include a link. The most common scams mimic texts alerts you might get from your bank or from an online retailer. Examples include:
- Texts claiming to be a receipt for a paid bill (that you donโt recall paying)
- Texts claiming be from shippers like UPS and FedEx with โurgent informationโ about your package
- Texts claiming that your account โ anything from Netflix to a credit card โ has been suspended
- Texts claiming your bank account has been frozen
___
Cybercriminals are impersonating your bossโhereโs how to tell
Spam messages are getting more sophisticated
Updated
For any number of reasons, you've likely clicked on your spam email folder from time to time. In doing so, you may have noticed that spam messages have grown more and more sophisticated over time. These days, spam emails often invoke real-life events such as pharmaceutical class action lawsuits or clergy abuse scandals as a way to lure more clicks.
These same scams have now taken to impersonating company bosses: Business email compromise scams are a huge problem with $43 billion lost and more than 240,000 incidents from 2016 to 2021 globally.
As phishing attempts that target business emails become increasingly difficult to identify, Twingate researched helpful ways to verify whether communications you're receiving are really from coworkers, professional contacts, or your boss. These include some simple checks, such as making sure the email address is one you trust, or that a linked page really goes where it claims. The forthcoming tips also include more subtle forms of awareness, like asking yourself if your boss really uses language the way you see in the message or whether they would actually misspell your nameโor theirs.
The best way to prevent these phishing scams in the long run is to continuously hone your gut instinct and be cautious when it tells you something smells fishy. When in doubt, hop on the phone, the company Slack channel, or your email and politely check with colleagues to be sure the message you received is real. Maybe your boss is on the go and typing too fast without paying close attention to typos, and theyโll appreciate your attention to detail.
Check the sender information
Updated
Some forms of scamming are very sophisticated, but most phishing attempts are not particularly elaborate. One of the easiest ways to prevent phishing attempts from succeeding is to pay attention to the sender.
If youโve ever looked in your emailโs spam folder, you're already semi-versed in doing this at least some of the time. Sometimes, a message looks like it might be something realโbut when you click, you see that the email address is just a string of numbers or other nonsense instead of your bank. Itโs easy to cross-check a phone number using websites that list known fake numbers in your local area code. But the best thing to do is to stay wary of numbers you donโt recognize. Legitimate colleagues calling you can leave a voicemail.
Proofread the grammar
Updated
In some forms of spam, grammar mistakes are part of the draw: Scammers want to select out the most vulnerable people, which often includes those with less education or literacy. But when it comes to phishing scams, scammers want to seem as close as possible to the people theyโre imitating. For this reason, look out for messages that immediately sound like theyโre not quite right. Maybe your boss sounds weirdly informal, theyโve misspelled your name or your department, or their characteristic long email signature is missing.
Listen to your gut and tap into your inner copy editor.
Watch out for unsolicited attachments
Updated
This one can be tricky because exchanging attachments is often a big part of the workflow. But you know when youโre waiting for the newest departmental report from a certain person or a PDF of the latest sales numbers.
Be especially wary of any attachment that comes from more of a personal-seeming message. Scammers can load malware into almost anything you can download to your computer, and attachments are one of the easiest ways into your system. In the same vein, be cautious when downloading software updates. In all of these cases, ask your IT office to help you make sure the update is legit.
Preview any links before clicking
Updated
You may already be doing this behavior without realizing itโs a best practice for cybersecurity.
When someone sends you a link, hover your mouse over the text in your browser to show a status bar at the bottom of the window. This preview bar will show you the real URL. This is smart to do, but sometimes it isnโt enoughโscammers can โmaskโ URLs by using lookalike domains that redirect to malware download sites and more. But this one-step check will help prevent a lot that can go wrong when you receive a random link, allowing you to filter out obvious imposter sites.
The sender is requesting too much information
Updated
When scammers ask you to โrepeatโ information like your login credentials or credit card information in the body of an email, thatโs a form of hacking known as social engineering. Itโs the same as if someone walked into your office and found all your logins written on a Post-It stuck to your computer monitor (another thing you should never do).
If someone emails you from your bossโs name but is asking for private information, call or message the boss to make sure itโs legit. Another tell is if the sender asks for something your boss would already know, like your buildingโs alarm code.
This scam has a unique quality in that the request may appear benign and may, in fact, mimic something a co-worker naturally asks you for. If you have coworkers who regularly ask for this sort of information via email, consider asking your IT group to share with your colleague some best practices for sharing personal or financial information.
This story originally appeared on Twingate and was produced and distributed in partnership with Stacker Studio.
