3 Sophisticated Cyber Scams

November 15, 2024

The latest cyber scams are coordinated, sophisticated, and alarmingly effective. Here are three cybercrimes to watch out for—and tips for how to protect yourself.

#--bcn-image--9030{display: none !important;}

Cybercrime is booming, costing victims $12.5 billion in 2023 alone¹—a 21% increase over 2022 and a 198% increase since 2020.

Part of the problem is that fraudsters have more ways than ever to target our sensitive data. Smartphones have opened a portal into our private lives. Hacked passwords and personal information like Social Security numbers can live on the dark web long after you've secured your accounts. Artificial intelligence can generate increasingly convincing customer service emails and texts, as well as deepfake phone calls that sound just like they are from a loved one.

But cybercriminals have mastered "soft skills" as well, researching their victims in advance for clues about their histories, personalities, and preferences. "Scammers often spend considerable time identifying a victim's vulnerabilities," says Joel Sauer, CFA^®, director of senior and vulnerable investor investigations at Schwab. "Are they isolated, romantically lonely, or cognitively impaired in a way that often accompanies old age? These are unfortunately the attributes most often targeted."

In short, today's cyberfraud is methodical, professionalized, and persuasive—and is often run by organized crime syndicates that operate like corporations, complete with chief executives and call centers. "It's not just a guy in a basement sending out individual phishing emails anymore," says Peter Campbell, Schwab's director of financial crimes risk management.

Fortunately, there are still some giveaways, if you know what to watch for. Here are three of today's most sophisticated scams—and how to avoid falling victim to them.

1. Fraudulent tech support

What it is: These scams, frequently targeting seniors, stoke anxiety by trying to convince you that your device, usually your computer, has been infected with a virus. "Once fraudsters infiltrate your device, they can access sensitive information, steal passwords, and even monitor your online activity," Joel says.

How it works: This scam typically kicks off in one of two ways:

You receive a call or text from a fraudulent customer service representative—perhaps claiming to work for a well-known tech company—warning they've detected a problem with your computer.
Alternatively, a pop-up on your computer screen warns that malware or a virus has infected your device. The message mimics legitimate alerts from reputable software companies and often includes a phone number to call for immediate assistance.

In both instances, the scammer's goal is to persuade the victim to grant them remote access—which the bad actor can use to install malware, lock the computer and demand a ransom, steal sensitive information, or access the victim's financial accounts to misappropriate funds. The fraudster may also convince victims to pay them in order to "protect" their assets from cybercrime, purchase a fictitious service, or refund "mistaken" deposits.

How to fight it:
					 Never grant remote access to an unknown party.
Never call the phone number listed in a suspicious message; instead, call a publicly listed phone number from an established company's official website.
Be skeptical of unsolicited tech support, particularly if someone requests personal information or payment to resolve a security issue.

					 Never grant remote access to an unknown party.
Never call the phone number listed in a suspicious message; instead, call a publicly listed phone number from an established company's official website.
Be skeptical of unsolicited tech support, particularly if someone requests personal information or payment to resolve a security issue.

2. SIM swapping

What it is: Also known as SIM hijacking, SIM swapping targets your device's subscriber identity module, or the memory chip in phones, tablets, and smartwatches that stores your contacts, text messages, and more. "Your SIM is like the keys to your digital kingdom, and it's incredibly valuable," Peter says.

How it works: The cybercriminal gathers your personal information through phishing or other trickery, or by purchasing it from the dark web. With this information, they contact your mobile carrier, claiming a lost or damaged phone and requesting that your number be reassigned to a new SIM card. This allows the scammer to intercept any two-factor authentication codes sent via text in order to reset passwords for banking, email, social media, and other online accounts. "The consequences can be devastating—emptied bank accounts, unauthorized purchases, and locked social media profiles," says Tiffany Wax, a senior manager of financial crimes risk management at Schwab. "It can take victims months to regain control of their accounts and their very identities."

How to fight it:
					If your phone stops working, immediately contact your carrier, since this is one sign that your number has been reassigned to another SIM.
Ask your mobile carrier about SIM card protection, which typically involves setting up a password or PIN, without which a scammer can't make changes to your account.
Limit the personal information you share on social media, especially identifying details—like your address or even your mother's maiden name—that might make it easier for a scammer to successfully impersonate you.

					If your phone stops working, immediately contact your carrier, since this is one sign that your number has been reassigned to another SIM.
Ask your mobile carrier about SIM card protection, which typically involves setting up a password or PIN, without which a scammer can't make changes to your account.
Limit the personal information you share on social media, especially identifying details—like your address or even your mother's maiden name—that might make it easier for a scammer to successfully impersonate you.

3. Cryptocurrency scams

What it is: Because cryptocurrency is often difficult if not impossible to trace, it's an especially tempting target for those looking to pick your digital pocket. "Cryptocurrency transactions lack basic protections and central oversight," Tiffany says, "making it nearly impossible to recover stolen funds."

How it works: Scams involving cryptocurrencies are manifold but generally take one of two tacks:

Fake crypto investments: The most common approach is investment-related scams, which in 2023 alone accounted for nearly $4 billion in losses.² In one version, a person you've met over a dating app or social media platform shows you a screenshot of a cryptocurrency statement with eyepopping profits. The scam unfolds over weeks or months, with your new online friend eventually offering to bring you in on their once-in-a-lifetime investment opportunity. They may fake statements that show activity and profits, and even allow you to tap some of your "earned" funds to further gain your trust. They will then often solicit yet more money or claim you owe fees and taxes—before vanishing altogether.
Stolen crypto wallets: Cybercriminals generate emails that appear to come from a legitimate cryptocurrency exchange or wallet provider, claiming there's an issue with your account, such as a security breach. The email requests that you confirm your identity to avoid account suspension and directs you to a fake website that's nearly indistinguishable from that of your existing exchange or wallet provider. You are then prompted to enter your private key, recovery passphrase, or other sensitive information, which scammers then use to transfer funds to their own untraceable accounts.

How to fight it:
					Never invest based on the advice of someone you've encountered only online.
Never share your crypto wallet's private key or recovery passphrase. No legitimate provider will ever ask you to reveal this information.
Never use cryptocurrency to settle a transaction you did not initiate. Unlike, say, a credit card transaction, once the funds have left your crypto account, they are all but impossible to recover.

					Never invest based on the advice of someone you've encountered only online.
Never share your crypto wallet's private key or recovery passphrase. No legitimate provider will ever ask you to reveal this information.
Never use cryptocurrency to settle a transaction you did not initiate. Unlike, say, a credit card transaction, once the funds have left your crypto account, they are all but impossible to recover.

Better skeptical than sorry

"The success of many of these scams is predicated on fear, a sense of urgency, or both," Peter says. Your best line of defense? Remain calm—and maintain a healthy dose of skepticism. "A skeptical attitude helps you resist the urge to react quickly, giving you time to verify the legitimacy of a communication or offer," Joel says. "If you take a beat to scrutinize the details, the red flags often become obvious."

'Tis the season—for scams

Nearly 12,000 victims reported scams to the FBI during the 2022 holiday season,* often targeting givers and online shoppers. Among the most common:

Charity scams: Fraudsters exploit the season's spirit of giving by setting up fake charities. Before donating, research the organization in question through trusted resources like the IRS' Tax Exempt Organization Search Tool or Charity Navigator to ensure your contribution reaches those truly in need.
Fake online stores: These sites often lure shoppers with too-good-to-be-true deals on popular items and can even mimic well-known stores. Always verify the legitimacy of websites by checking for reviews, confirming contact information, and ensuring the URL is spelled correctly and starts with "https."
Gift card scams: Scammers often offer gifts cards at a discount but deliver cards with no balance. Alternatively, they may ask for payment via gift cards, which can make the transaction untraceable. Be sure to purchase gift cards directly from an authorized retailer—and be cautious of anyone requesting this form of payment.
Phishing emails and texts: These messages often mimic those from reputable retailers or other legitimate businesses, claiming there's been a problem with your order and urging you to click on links or provide personal information. "It's best not to respond to unsolicited messages—and never, ever click an unsolicited link," Peter Campbell says.

^*^{2023 Holiday Shopping Scams}^{, FBI Internet Crime Complaint Center, 11/15/2023.}

Nearly 12,000 victims reported scams to the FBI during the 2022 holiday season,* often targeting givers and online shoppers. Among the most common:

Charity scams: Fraudsters exploit the season's spirit of giving by setting up fake charities. Before donating, research the organization in question through trusted resources like the IRS' Tax Exempt Organization Search Tool or Charity Navigator to ensure your contribution reaches those truly in need.
Fake online stores: These sites often lure shoppers with too-good-to-be-true deals on popular items and can even mimic well-known stores. Always verify the legitimacy of websites by checking for reviews, confirming contact information, and ensuring the URL is spelled correctly and starts with "https."
Gift card scams: Scammers often offer gifts cards at a discount but deliver cards with no balance. Alternatively, they may ask for payment via gift cards, which can make the transaction untraceable. Be sure to purchase gift cards directly from an authorized retailer—and be cautious of anyone requesting this form of payment.
Phishing emails and texts: These messages often mimic those from reputable retailers or other legitimate businesses, claiming there's been a problem with your order and urging you to click on links or provide personal information. "It's best not to respond to unsolicited messages—and never, ever click an unsolicited link," Peter Campbell says.

^*^{2023 Holiday Shopping Scams}^{, FBI Internet Crime Complaint Center, 11/15/2023.}

Gift card scams: Scammers often offer gifts cards at a discount but deliver cards with no balance. Alternatively, they may ask for payment via gift cards, which can make the transaction untraceable. Be sure to purchase gift cards directly from an authorized retailer—and be cautious of anyone requesting this form of payment.

Phishing emails and texts: These messages often mimic those from reputable retailers or other legitimate businesses, claiming there's been a problem with your order and urging you to click on links or provide personal information. "It's best not to respond to unsolicited messages—and never, ever click an unsolicited link," Peter Campbell says.

^*^{2023 Holiday Shopping Scams}^{, FBI Internet Crime Complaint Center, 11/15/2023.}

" role="dialog" aria-label="

Nearly 12,000 victims reported scams to the FBI during the 2022 holiday season,* often targeting givers and online shoppers. Among the most common:

Charity scams: Fraudsters exploit the season's spirit of giving by setting up fake charities. Before donating, research the organization in question through trusted resources like the IRS' Tax Exempt Organization Search Tool or Charity Navigator to ensure your contribution reaches those truly in need.
Fake online stores: These sites often lure shoppers with too-good-to-be-true deals on popular items and can even mimic well-known stores. Always verify the legitimacy of websites by checking for reviews, confirming contact information, and ensuring the URL is spelled correctly and starts with "https."
Gift card scams: Scammers often offer gifts cards at a discount but deliver cards with no balance. Alternatively, they may ask for payment via gift cards, which can make the transaction untraceable. Be sure to purchase gift cards directly from an authorized retailer—and be cautious of anyone requesting this form of payment.
Phishing emails and texts: These messages often mimic those from reputable retailers or other legitimate businesses, claiming there's been a problem with your order and urging you to click on links or provide personal information. "It's best not to respond to unsolicited messages—and never, ever click an unsolicited link," Peter Campbell says.

^*^{2023 Holiday Shopping Scams}^{, FBI Internet Crime Complaint Center, 11/15/2023.}

" id="body_disclosure--media_disclosure--264701" >

^1,2Internet Crime Report 2023, Federal Bureau of Investigation Internet Crime Complaint Center (IC3), 04/04/2024.

Discover more from Onward

Keep reading the latest issue online or view the print edition.

Onward magazine print issues next to a laptop showing the Onward hub

Keep reading the latest issue online or view the print edition.

The information provided here is for general informational purposes only and should not be considered an individualized recommendation or personalized investment advice. The investment strategies mentioned here may not be suitable for everyone. Each investor needs to review an investment strategy for his or her own particular situation before making any investment decision.

All expressions of opinion are subject to change without notice in reaction to shifting market conditions. Data contained herein from third-party providers is obtained from what are considered reliable sources. However, its accuracy, completeness, or reliability cannot be guaranteed.

Examples provided are for illustrative purposes only and not intended to be reflective of results you can expect to achieve.

Investing involves risk, including loss of principal.

Digital currencies [such as bitcoin] are highly volatile and not backed by any central bank or government. Digital currencies lack many of the regulations and consumer protections that legal-tender currencies and regulated securities have. Due to the high level of risk, investors should view digital currencies as a purely speculative instrument.

The information and content provided herein is general in nature and is for informational purposes only. It is not intended, and should not be construed, as a specific recommendation, individualized tax, legal, or investment advice. Tax laws are subject to change, either prospectively or retroactively. Where specific advice is necessary or appropriate, individuals should contact their own professional tax and investment advisors or other professionals (CPA, Financial Planner, Investment Manager) to help answer questions about specific situations or needs prior to taking any action based upon this information.

1124-K0SX