Welcome to October and another edition of Fraud Friday! October is Cybersecurity Awareness Month (CAM), so the focus of this month’s Fridays will be just that. It is interesting to me that October was chosen for CAM since all things spooky are usually associated with this month. Cyber criminals are bad actors who put on masks to hide their true identities. Much like trick or treating, they go from person to person in search of something sweet; instead of candy, they want all your money and personal information. In this case, the fraudsters are getting all the treats while their victims are the ones being tricked. There are many different types of cybercrime, including phishing, malware, ransomware, identity theft, hacking, and internet fraud. This week we are going to learn about a growing and very scary trend: Social Media Pop-Up Scams.
Social media pop-up scams are malicious ads and alerts designed to trick people into giving up personal information, downloading malware, or sending money. They often appear as fake security warnings or too-good-to-be-true offers. So, while we are mindlessly scrolling Facebook, Insta, or whichever preferred social media site, fraudsters hope to catch us unaware. You are reading an article when suddenly you get a pop-up supposedly from Microsoft. It is alerting you that there has been a security breach with your device and gives a link for you to click. The first thing that usually happens is panic sets in and you click the link. Once you do that, malware is downloaded to your computer, tablet, or phone, and the fraudster takes over. They run a fake scan, tell you they have found very damaging evidence of some horrible crime on the device, and they have the solution to make it all go away. We have dealt with this particular scam just recently and if you fall victim you stand to lose everything. Step by step, these scammers instruct their victims and out of fear the victim complies. Let’s take a more detailed look at the innerworkings of a social media pop-up scam.
- The victim is scrolling through social media and receives an urgent pop-up alerting them to a fake security warning. The pop-up contains a link, and the victim is urged to click it in order to stop the breach from going further.
- One the link is clicked; malware is automatically downloaded to the victim’s device.
- The victim receives a phone call from someone claiming to be support at Microsoft or other tech company. They take over the victim’s device and say they are going to run a scan.
- There is no actual scan of course, and the scammer makes the victim think that there is evidence of despicable and illegal activity on the device. They threaten the victim with jail time for supposed images or videos unless they follow every instruction to the letter.
- The victim is told to get dressed right then, go to their financial institution, and withdraw all their money. The scammer remains on the phone the entire time urging the victim to hurry-this is time sensitive-rushing them to make choices without stopping to think. The scammer wants to know when the victim is dressed, gets in the car, and arrives at the bank.
- Once at the bank the caller tells the victim exactly what to say to the tellers. “Ask for all of your money. The teller isn’t going to want to give it to you and they will ask questions. Just tell them it is for home improvement, and you need the cash. Keep the phone close so I can hear what is happening.” Those are exact quotes from fraudsters to some of our customers. And if their victims have questions, they have all the answers.
- After the victim takes out all their money, they are instructed on how to send it to the scammer. Sometimes this means buying gift cards, sending the money via Western Union, or even placing cash in the mail. The criminal is supposedly using this money to wipe away the evidence of any crimes from the victim’s computer. The victim is told that whatever funds left over after the phony file wipe will be placed in an account for safe keeping and eventually returned to the victim.
- Victims are kept on the phone for hours, sometimes all day, so the scammers tie up the phone line and there can be no other communication with anyone.
- They will keep calling every day until they are satisfied there is no more money. At that point they cease contact and move on to the next victim. However, the malware that was downloaded is still attached to the device so they can continue have access and monitor.
Scary, huh!! But, we can protect ourselves from this sort of attack.
- If you receive a pop up do not click on it or call any phone number provided in the message
- Immediately close the window or browser. If the pop-up locks your browser, use task manager to shut it down if on a computer or just shut it down. Restart if it is a tablet or phone.
- Never provide information to anyone who contacts you or demands you give it.
- If you do click on the pop-up, take your computer to a professional to have it scrubbed of any viruses, malware, keyloggers, or other malicious software. If the fraud occurred on your phone, take it to your provider to have them check it for potential malware. Honestly, it is probably a good idea to take these precautions whether you clicked on the pop-up or not. These scams are increasingly risky with the scammers becoming craftier in their methods. If you don’t know anyone to take the computer to, please let us know and we can provide names.
- Block any calls from unknown numbers, do not answer any calls from unknown numbers.
- Change social media passwords
- Do not comply with any demands, do not send money
- Call the bank to let us know if you receive any type of pop-up or call demanding money or information.
This month we will be covering a wide array of cybercrimes and how to protect ourselves. Even though October is the month set aside for Cybersecurity Awareness, we must always be vigilant and watch out for potential fraud every day. If you can spot a scam, you can stop a scam. Thanks, have a great and safe weekend!
Tara Montgomery
Exchange Bank of Alabama
Fraud Specialist
