Cybercriminals are relentless and often find new ways to steal from victims. Losses from cybercrime continue to climb, with a record $12.5 billion in 2023 according to the FBI’s Internet Crime Complaint Center (IC3).1 It is likely that the number may be higher due to some individuals not reporting fraudulent instances to the FBI.

The good news is that with education and a few relatively straightforward best practices, you can significantly strengthen your cybersecurity defenses. To protect yourself from becoming a victim of cybercrime, here are common scams to watch for and recommended best practices for avoiding them.

Common Scams

Though methods vary, cybercrimes usually share a common theme: the victim shares their personal information (either intentionally or unintentionally) with an unknown person or entity over the phone, on a computer, or through a mobile device.

According to the U.S. Cybersecurity and Infrastructure Security Agency, here are some of the most common schemes criminals use to solicit information from their targets and how to minimize your risk of falling victim to them.2

1. Email Phishing

Cybercriminals design emails that mimic those coming from legitimate sources, including banks, government agencies, mortgage companies, and other services and businesses. They use these emails to collect personal and financial information and/or infect your device with malware or viruses.

Examples

  • You receive an email that looks like it came from Amazon requiring immediate action to receive a refund. It includes Amazon’s logo and at first glance appears legitimate, but if you hover over the Amazon.com link provided, you can see that it’s not truly Amazon’s URL.
  • You receive an email that looks like it came from your bank, warning that it will need to shut down your account unless you reconfirm your billing information. If you click on the link, it takes you to a fraudulent website designed to look like your bank’s actual website.

How to Avoid

  • Never input your login information through a link provided by an unsolicited email request.
  • Never provide your personal information in response to an unsolicited email request.
  • If you believe the request may be legitimate, contact the institution yourself.
  • Never provide your password in response to an unsolicited email request.
  • Never click on a link if you have any doubt about an email’s legitimacy.

2. Imposter Scams

Criminals impersonate a government official, family member, colleague, or friend asking you to wire money, often using personal information they have collected about you to sound more convincing. 

Examples

  • An IRS official calls you to warn you that you owe back taxes but can avoid further penalties if you take care of the payment today over the phone.
  • A friend of a friend who claims to have met you at a recent event in your community calls to ask you for a donation to a legitimate charity and that they will match your donation if you provide your payment over the phone tonight.

How to Avoid

  • Ignore and block calls or texts from numbers you don’t know.
  • Never wire money ― or provide a gift card ― to someone you do not know.
  • Never send money because someone contacted you, even if you feel like you might know the person or if the person says they are your friend or are related to you.
  • If you find yourself on a suspicious phone call, hang up. If the person you spoke to claims to be calling from an institution, call back the official number for that institution.

3. “You’ve Won” Scams

Cybercriminals sometimes send emails, calls, or texts claiming that you have won a prize, sweepstakes, or lottery. You are told that to receive the prize, you must first pay a fee or tax. The call or message is usually full of congratulations and excitement.

Examples

  • You receive an email that says you have won $2.5 million in the International Sweepstakes. The scammer claims to represent a legitimate sweepstakes, such as Publishers Clearing House. You are asked to pay a small fee via a link to cover processing and receive your winnings. The email provides assurance that the sweepstakes is safe and legitimate.
  • You receive an email that appears to be from a relative stating that you have won a raffle. The relative asks you to reply with certain pieces of your financial information to collect your winnings.

How to Avoid

  • Stop and think before you act. If an offer seems too good to be true, it likely is.
  • Never pay a fee or provide personal information to collect winnings or a prize.
  • Search online for the offer and contact from which it was received to see if there are any references to a scam.
  • If a friend or family member sends or forwards you an offer via email or social media, confirm with them outside of email or social media that they really sent it.

4. Health Care Scams

Criminals call, email, or send a letter to promise big savings on your insurance, prescriptions, or other healthcare-related expenses. The communication usually requests you to send your Medicare or insurance information, Social Security number, or other pieces of personal information.  

Examples

  • You receive an email with the subject line, “Big Senior Discounts on Prescription Drugs,” with a link to visit a new pharmacy offering low-cost drugs.
  • You receive a text message that claims to be from Medicare. It says you may be eligible for a new 20% discount and asks you to follow a link to provide personal information to see if you qualify.

How to Avoid

  • Stop and think before you act. Medicare and insurance companies will not reach out to you in this manner.
  • Never provide personal or sensitive information in response to unsolicited communication.
  • Search the promotion or offer online to see if there are any references to a scam.

5. Tech Support Scams

Criminals call you or reach you via online popups and claim to be from a technology company contacting you to diagnose or fix a problem with your computer, software, or other technology. The scammer is typically trying to gain remote access to your device or online account.

Examples

  • A popup appears on your computer warning you that a virus has been detected. It asks you to contact a live technician at a provided phone number.
  • Someone who says they work for Dell calls you claiming that they have detected an issue with your computer. They ask you to walk through certain steps with them to gain remote access to your device so that they can fix it. 

How to Avoid

  • Recognize that legitimate technology companies will not contact you by phone, email, or text to inform you about a problem, nor by a popup that asks you to call them or click on a link.
  • Never provide remote access to your personal computer. If it is a work computer, ensure that you are giving access to a known IT employee at your company.
  • If you need help fixing your computer, device, or other technologies, go directly to someone you trust.

Identity Theft

Criminals use your personal information (e.g., your name, credit card number, Social Security number, etc.) to obtain money or credit. Usually, this is made possible by the criminal obtaining multiple pieces of information unbeknownst to you.

Examples

  • Unauthorized charges show up on your credit card. A criminal has been able to make purchases by obtaining your credit card number and other personal information (e.g., your zip code).
  • A criminal uses your personal information, including your Social Security number, to file a fake tax return in your name and collect a refund. 

How to Avoid

  • Use multi-factor authentication, do not respond to emails or other messages that ask for personal information, and do not provide personal information on a computer that’s connected to public Wi-Fi.
  • Physically secure personal identification (e.g., Social Security and Medicare cards) by keeping it in a safe and fireproof place. Shred papers that may contain the information in the header and make sure to retrieve your mail as soon as possible.  
  • Only provide your Social Security number to companies if absolutely necessary. Ask if you can use another type of identification.

Best Practices

Defending against cybercrime and identity theft also includes following best practices as you set up and interact with your devices, including:

  1. Understand common signs of scams, including messages that:
  • Use subdomains (i.e., extra information added to a website’s URL), misspelled URLs (e.g., amozon.com), or otherwise suspicious URLs
  • Claim to be from businesses or other organizations but use a public email address (e.g., Gmail or Hotmail)
  • Attempt to invoke fear or a sense of urgency
  • Request that you verify personal information, such as financial details or a password
  • Are poorly written with spelling or grammatical errors

2. Use multi-factor authentication whenever possible: Usernames and passphrases are not enough to protect important accounts such as those for email, banking, and social media. Strengthen the security of your online accounts by using multi-factor authentication (MFA) tools — like biometrics, security keys, or a unique, one-time code through an application on your phone — whenever offered.
 
3. Protect your phone number: Another common ploy of cybercriminals is to take control of your phone number. Once they do this, they can receive your incoming calls and messages, discover information about your contacts, and even access your private bank accounts. There are several ways to protect your phone number, such as setting a PIN for account access, using strong passwords on your phone, and using additional safeguards your carrier may offer. Keeping your phone number protected also stops it from being used by hackers and spammers for robocalls.
 
4. When in doubt, delete: Links in social media posts (and private messages), emails and online advertising are often how cybercriminals attempt to compromise your information. If there is any doubt in your mind about a link’s security, even if you know the source, delete it or mark it as junk.
 
5. Keep your machine clean: Cybercriminals use viruses, botnets, malware, and spyware to infect or take over your machine. Use antivirus software to defend against these technical attacks; most new machines come with preinstalled antivirus software that you can trial and then purchase. Keep this software — and all other software on your internet-connected devices (and those of family members), including personal computers, phones, and tablets — current to reduce the risk of infection from cyberattacks.
 
6. Connect with caution: Avoid conducting any sensitive transactions, including purchases, when on a public Wi-Fi network. Also, avoid using free charging stations in airports, hotels, or other public places. Cybercriminals use these public USB ports to introduce malware and monitoring software onto devices that access them.3

7. Adjust your online privacy settings: Companies and websites track your online activity. Ads, social media platforms, and websites collect information about your location, browsing habits, and more. The more information available and shared about you, the more vulnerable you become to cyberattacks. Keep this in mind, and set the privacy and security settings on websites accordingly — based on your comfort level for information sharing and with the understanding that ultimately the best way to contain your personal information is by not sharing it in the first place.

8. Use caution on social media: Think before posting about yourself or others online. Consider what a post reveals, who might see it, and how it might affect you or others. Encourage your family to do the same.

9. Back it up: Even the best computers and devices may become compromised and crash. Regular backups to an external hard drive and/or secure cloud provider will help you recover your valuable work, music, photos, and other digital information in the aftermath of these stressful situations.  

Vigilance Makes the Difference

As the above practices highlight, cyber criminals may be relentless, but their methods can be thwarted with continual awareness and caution. Please also know that we continue to evolve our defenses to help keep your data safe as we communicate with you.

Download PDF
Print

Hightower is a group of investment professionals registered with Hightower Securities, LLC, member FINRA and SIPC, and with Hightower Advisors, LLC, a registered investment advisor with the SEC. Securities are offered through Hightower Securities, LLC; advisory services are offered through Hightower Advisors, LLC. This is not an offer to buy or sell securities. No investment process is free of risk, and there is no guarantee that the investment process or the investment opportunities referenced herein will be profitable. Past performance is not indicative of current or future performance and is not a guarantee. The investment opportunities referenced herein may not be suitable for all investors. All data and information referenced herein are from sources believed to be reliable. Any opinions, news, research, analyses, prices or other information contained in this research is provided as general market commentary; it does not constitute investment, tax or legal advice. Please consult with your advisor, attorney and accountant, as appropriate, regarding specific advice. Hightower or any of its affiliates shall not in any way be liable for claims and make no expressed or implied representations or warranties as to the accuracy or completeness of the data and other information, or for statements or errors contained in or omissions from the obtained data and information referenced herein. The data and information are provided as of the date referenced. Such data and information are subject to change without notice. Forecasts represent median expectations and actual returns, volatilities and correlations will differ from forecasts. These materials were authored by Fiducient Advisors and are being used with their permission. This document was created for informational purposes only; the opinions expressed are solely those of the author and do not represent those of Hightower Advisors, LLC, or any of its affiliates.

Citations

1 - Federal Bureau of Investigation: Internet Crime Report 2024. (2024). Federal Bureau of Investigation. Retrieved September 18, 2024, from https://www.ic3.gov/Media/PDF/AnnualReport/2023_IC3Report.pdf

2 - U.S. Cybersecurity and Infrastructure Security Agency, https://www.cisa.gov/be-cyber-smart/common-scams. Accessed September 13, 2023.

3 - FBI, “The Cyber Threat,” retrieved from https://www.fbi.gov/investigate/cyber#What-You%20Should%20Know. Accessed September 9, 2023.

E/ contact@6meridian.comP/ 316.776.4601 / 855.334.2110F/ 316.776.4620
www.6Meridian.com 8301 E. 21st Street N. Ste. 150, Wichita, KS 67206

6 Meridian is a group comprised of investment professionals registered with Hightower Advisors, LLC, an SEC registered investment adviser. Some investment professionals may also be registered with Hightower Securities, LLC, member FINRA and SIPC. Advisory services are offered through Hightower Advisors, LLC. Securities are offered through Hightower Securities, LLC.

This is not an offer to buy or sell securities. No investment process is free of risk, and there is no guarantee that the investment process or the investment opportunities referenced herein will be profitable. Past performance is neither indicative nor a guarantee of future results. The investment opportunities referenced herein may not be suitable for all investors. All data or other information referenced herein is from sources believed to be reliable. Any opinions, news, research, analyses, prices, or other data or information contained in this presentation is provided as general market commentary and does not constitute investment advice. 6 Meridian and Hightower Advisors, LLC or any of its affiliates make no representations or warranties express or implied as to the accuracy or completeness of the information or for statements or errors or omissions, or results obtained from the use of this information. 6 Meridian and Hightower Advisors, LLC assume no liability for any action made or taken in reliance on or relating in any way to this information. The information is provided as of the date referenced in the document. Such data and other information are subject to change without notice. This document was created for informational purposes only; the opinions expressed herein are solely those of the author(s) and do not represent those of Hightower Advisors, LLC, or any of its affiliates.

Hightower Advisors, LLC or any of its affiliates do not provide tax or legal advice. This material is not intended or written to provide and should not be relied upon or used as a substitute for tax or legal advice. Information contained herein does not consider an individual’s or entity’s specific circumstances or applicable governing law, which may vary from jurisdiction to jurisdiction and be subject to change. Clients are urged to consult their tax or legal advisor for related questions.