How To Avoid Common Scams in 2024

The last few weeks of 2023 and the first few days of 2024 saw a significant increase in email, text, and phone-based scams. These persistent threats prey on unsuspecting consumers and businesses, arriving in the form of fake notifications from banks, credit card companies, shipping services, and e-commerce sites.

This type of illicit behavior surges around the holidays, when people spend more time shopping online, tracking shipments, and checking financial apps. In 2022, for example, the FBI reported more than 12,000 reports of non-payment or non-delivery scams during November and December alone, resulting in nearly $75 million in losses.

Shockingly, that’s only 2% of the total losses reported from email scams in 2022—a whopping $2.7 billion, according to the FBI. And you have to multiply that number by 10 to get $27.6 billion, the total amount of losses from Internet crimes between 2018 and 2022.

So what can you do to spot common scams, understand the strategies hackers use, and protect yourself, your data, and your systems? Here are some helpful recommendations.

Watch out for phishing attacks. Phishing remains one of the most prevalent types of email scams. Phishing involves scammers masquerading as trustworthy entities to extract sensitive information from unsuspecting users. These deceptive emails (or phone calls) often mimic well-known institutions, financial organizations, or even colleagues, tricking recipients into divulging passwords, credit card details, or other confidential data.

Understand business email compromise (BEC). BEC attacks specifically target businesses by breaking into the email accounts of executives or employees. All it takes is one scammer gaining unauthorized access to a single email account to wreak far-ranging havoc by using that account to send fraudulent requests for money transfers or sensitive company information. BEC attacks often involve extensive research on the targeted organization, making the emails appear highly convincing.

Beware of urgent messages about shipping notifications, bank charges, or financial transactions. To add authenticity to phishing or BEC attempts, scammers may craft emails with urgent language, creating a sense of urgency in the recipient to prompt a quick response. These are particularly common in emails or texts purporting to come from the USPS, UPS, or FedEx requesting address confirmation or package pick-up. Hackers also try to impersonate financial institutions, real estate companies, tax departments, and governmental agencies.

Never click on unfamiliar attachments. The second step of all these different types of scams involves sending emails with seemingly innocuous attachments and asking users to open them. Once that action is taken, these illicit attachments can unleash malware or ransomware, compromising the recipient’s device or entire connected network. The hacker’s typical goals are to encrypt files and demand a ransom for their return, steal sensitive data for identity theft purposes, or exploit infected systems for unauthorized access.

How else can you protect your information?

Double-check email addresses. If you’re not sure about the authenticity of a message—especially if it requests sensitive information or financial transactions—check that the sender’s name matches the email address. Legitimate entities will use official domains, but scammers will try to spoof a legitimate email address with a slight misspelling or suspicious variation. The addition or removal of a single character in an email address may be difficult to spot at first glance. Here are two common scammer tactics:

1) business.com vs. business.corn In this case, the scammer replaced .com with .corn, with the letters “r” and “n” replacing the letter “m.” This change can be hard to detect on most computer screens.

2) Officialemail@business.com vs. 0fficial.email@business.com In this example, a hacker will use a zero instead of a capital O and add a period in the address to spoof an official contact.

Think before you click. Users should never open unfamiliar attachments or click on uncertain links from unknown or unexpected sources. This goes for text messages delivered via smartphone, too. If in doubt, contact the sender directly to confirm the legitimacy of the email and the attachment. Hover over links in the body of an email to preview the URL before clicking, or manually type the desired web address into your browser bar. If a notification arrives via text from a major company like Google, Microsoft, or Amazon, log in to the associated app to check for security alerts before clicking a link in a text.

Employ advanced email security solutions. A trusted IT provider can help your business with tools that automatically detect and filter out malicious emails. These solutions combine AI, machine learning, and human oversight to analyze email patterns and identify potential threats before they arrive in your inbox. Quarantining suspicious emails allows attachments and links to be checked before a user has a chance to accidentally click on them.

Enable multi-factor authentication (MFA) for all accounts. Whenever and wherever possible. your business should implement MFA. This requires something users know (like a password) and something users have (such as a unique code delivered by text or email). This adds an extra layer of security to login credentials, so that even if scammers manage to steal a password or infiltrate a connected machine, the additional verification step of MFA can prevent them from doing further damage.

Educate and empower employees. Instead of hoping for the best and avoiding talk of popular scams, provide updated training and awareness exercises to empower everyone in your company across all locations. Regular sessions that simulate the latest email scams can work wonders on employee confidence and intelligence, emphasizing the importance of skepticism in the face of a deluge of scams and proper verification procedures everyone can take to protect accounts and information.

Regularly update systems and software. Work with a trusted IT provider to protect every component of your IT ecosystem by deploying software updates and security patches to operating systems, hardware, software, productivity apps, email platforms, printers, routers, and much more. This prevents hackers from exploiting known vulnerabilities or legacy applications that are no longer supported by software companies.

As email, text, and phone-based scams increase, 2024 is the year to stay informed and implement practical defenses against common cyber issues. Vigilance and proactive cybersecurity measures can thwart the attempts of cybercriminals and preserve the integrity of personal and business information in this transformative digital age.

CMIT Solutions, a recognized leader in managed IT services for businesses, has more than 250 franchise locations and 900 technology practitioners. Have questions about email protection, cyber defenses, and business security? Visit CMIT’s website or call 800-399-2648.