Phishing Is Surging. Here's How To Spot Online Scams

Online scammers are taking advantage of this worldwide time of uncertainty.

According to the FBI, there's been a surge in COVID-19 related internet fraud and phishing scams targeting stimulus checks, small business loans and fake cures or tests.

A report by the fraud detection company Bolster says the pandemic has generated “record-breaking” levels of cybercriminal activity. The company discovered 30% of counterfeit emails and malicious websites were related to the coronavirus.

Phishing is when a scammer sends an email that appears to come from a legitimate source, says Lorrie Cranor, professor of computer science and of engineering and public policy at Carnegie Mellon University.

These scammers can be a range of suspects — from those working for a large criminal enterprise to someone alone in their basement, she says.

Because many people are working from home and not under the typical protective electronic setting of networks that exist within offices, Cranor believes people have become more susceptible to phishing attacks.

She says most cases she’s heard about recently involve current events, specifically the government stimulus checks in response to the coronavirus crisis. Scammers are acting under the guise of the government, hoping unsuspecting people will give out their bank account information.

Another recent way scammers have tried to infiltrate people’s electronics is through emailing fake Zoom links which, if clicked, may install malware onto one’s computer.

Cranor advises people to be “very careful” before taking any action on an email, phone call or text message.

“If somebody is saying they're from the government, be very skeptical,” she says. “The government usually doesn't call you.”

Think twice before sharing any personal information, she says.

“Any information like bank account information, Social Security number, passwords, anything like that, you really, really should be skeptical and not do it,” she says.

To identify a scam email, observe the email address. Sometimes, it’s not glaringly suspicious, but similar to a normal email. Read the entire email address before taking any actions, she suggests.

Some companies have tested their employees by sending out fake phishing emails. Anyone who falls for the scam then has to attend a training session.

Cranor said researchers at the Carnegie Mellon CyLab did just that 10 years ago, testing students, faculty and staff. Their experiment proved to be “effective at tricking people, but it’s also effective at training people,” she says.

If Carnegie Mellon constituents fell for the fake phishing email, an educational comic strip was immediately displayed, including details on how one could protect themselves in the future.

But researchers found if the informational comic strip was emailed alone, people didn’t read it.

“They ignored it, even though it was cute and funny,” she says. “But if they fell for this fake phishing attack, they suddenly felt vulnerable and they were motivated to actually read the comic strip and think about it and they learned from it.”

When researchers sent another fake phishing message at another time, she says those folks were “much less likely” to give in.

A lot of scammers have updated their tactics, utilizing sophisticated and convincing methods to successfully commit cybercrimes.

But not all scammers have learned new tricks. Fake messages from Nigerian princes promising millions of dollars still exist.

“That Nigerian prince is still alive and well, and is still sending out those fake messages,” Cranor says with a laugh. “It's actually amazing. I just got one the other day.”

Julia Corcoran produced and edited this interview for broadcast with Peter O'Dowd. Serena McMahon adapted it for the web.