Scammers are quick to sense an opportunity to get you to click on something you shouldn't, whether it's the rise of a celebrity singer or the spread of a new coronavirus. It's important to be able to spot these cons and give them a wide berth—otherwise you could find yourself stuck with malware on your device or see your online accounts exposed or find some of your most sensitive financial information leaked out on to the web.
The good news is that minimizing your risk of getting caught out isn't difficult; it just requires a bit of common sense and some extra caution. Here's what you need to know about staying safe and avoiding the crooks.
Keep Up to Date
Today's operating systems, web browsers, and email clients have gradually become very good at spotting a scam—a dodgy link, a dangerous attachment—which means they'll often protect you from harm even if you're not paying attention.
For this to work though, you need to have all your software patched up with the latest updates. These updates will include protection against the most recently discovered threats, and new fixes for any security vulnerabilities that have recently come to light.
The vast majority of devices and apps you use will update themselves automatically. But if something is stopping the update, like a lack of space on your phone, don't delay in fixing it. It's no coincidence that a lot of the worst security breaches happen on older systems.
You can check for updates on Windows through Update & Security in Windows Settings, on Mac through Software Update in System Preferences, on Android through System, Advanced, and System update in Settings, and on iOS through General and Software Update in Settings.
This mantra to "keep up to date" applies to staying in touch with the latest news in tech as well. It doesn't usually take long for news of a big scam to reach the press, and if you're giving the headlines at least a cursory glance every day then you'll be in a better position to spot something untoward.
Stay Locked Down
When we say locked down in this context, we're talking about your online accounts rather than your physical whereabouts, though some of the thinking is the same—reducing your exposure to something that could harm you.
One seriously effective security measure you can put in place is to make sure two-factor authentication is put in place on all your key digital accounts. It means that even if someone gets your password and username, they won't be able to get into your account without a third piece of information, usually a code sent to your phone. For even better protection—especially against so-called SIM swap attacks—you should use a dedicated authenticator app rather than just texts.
Just about every major online account supports 2FA now: Google, Apple, Microsoft, Twitter, Facebook and many more. You should be able to find the option fairly easily somewhere in the security settings. Logging in on new devices is slightly less convenient, but it's worth it for the extra security protection.
It's also a good idea to limit the number of third-party accounts linked to your main accounts as much as possible—so all those apps and sites you've registered for using your Facebook or Google credentials. There's nothing inherently wrong with this, but the more accounts you have connected, the more routes hackers have into your key accounts.
Dig into the settings for your most important accounts and you should be able to find options for reviewing and disconnecting third-party accounts that you no longer need: For Facebook the page is here, for example, and for Google it's here.
These steps are essentially putting up more barriers for the scammers to get over before they're able to access your most important accounts and files—even if you're fooled into clicking on a suspect link or attachment, you've still got a safety net to fall back on.
Be Suspicious by Default
With software and AI getting smarter at spotting suspicious links arriving over social media, via email, or simply as you browse the web, the scammers are upping their game too: Phishing attacks designed to tempt you into a fake site that looks genuine are getting more elaborate, while social engineering tricks are also getting more sophisticated.
Your default position should be wariness of anything that arrives in your inbox, your chat clients, or your SMS app—especially if it comes from a source you don't recognize, and especially if there's no (or very little) context. Remember that scam messages will try to elicit a sense of fear or urgency or intrigue, which is why incidents like the Covid-19 outbreak often lead to a rise in phishing attacks.
Messages can now be elaborately dressed up to appear to come from trusted sources, and they may even actually come from a trusted source, if one of your friends has fallen victim to a hack. Don't just assume something is safe because it comes from someone you know, and if in doubt check with the purported source—your friend, your bank, the tech support team—via a separate channel to see if a message is genuine.
There's no simple checklist you can follow to spot every scam you're going to come across, as they're evolving all the time, but be suspicious of anything that appears unexpectedly, or that makes an unusual request, or that offers something that seems too good to be true.
Be especially wary of opening any attachments or downloading any files until you've double- and triple-checked that they're safe and what you were expecting: A few minutes of research on the web can go a long way here. If you are being scammed, running an online search for the message you've got or the steps you're being asked to take will usually turn up posts for people who've had similar communications. A new tool called Dangerzone will also open attachments for you safely.
Even if you think you know what a phishing email or a spoof SMS looks like, don't get complacent: Scammers are moving with the times, and the days of badly spelled emails requesting the transfer of huge amounts of cash to an overseas bank account are by and large over.