We all know at this point (or should) that if a Nigerian prince contacts us regarding the millions of dollars he will deposit into our account, we should not send him our bank information. But hackers and scammers have gotten more subtle, developing personalized scams that seem much more legitimate. The FBI has identified one such scam and is getting the word out to ensure you aren’t the next victim.
The Platform – Scammers use social media like Facebook, Instagram, and Twitter to create realistic looking profiles and reach out to unsuspecting users with “investment opportunities.” They contact users directly using messaging apps, sometimes even using profiles stolen from the victim’s friends—so the contact seems legitimate.
The Con – Scammers describe a money-making opportunity in which the victim will send a little bit of money that will grow exponentially with no risk or interest. If they comply, the scammer may cease contact (if they got enough) or they will send a fake Cash App screenshot “proving” how the money is growing in order to coerce even more money from the vicitim.
The Cycle – Once money has changed hands, the scammer may suggest that funds are pending until the victim replaces his email address with one provided by the scammer. Once that is done, the scammer need only change the password on the Cash App account to have complete control of the funds. Now that the email matches the victim’s social media profile, the scammer can attack the victim’s friends (who see their friend’s name and, thus, are more likely to believe the offer).
The Counter – As always, the best defense against this kind of attack is to just never send money electronically to someone you don’t know. If the offer seems genuine, contact your friend via phone to confirm it’s really them you’re talking to. Beyond that, take these steps to bolster your online defenses:
- Confirm the identity of anyone reaching out with an unusual request (especially ones having to deal with money). If you can’t, block them.
- Don’t click any links or download any attachments until you’ve confirmed the sender’s ID.
- Don’t change your profile information to suit someone else’s request. Someone asking you to change your username or password should set alarm bells ringing.
- Use multi-factor authentication to secure your account. It’s a pain to have to enter a password AND the code texted to you, but it could save you money and stress.
- Log out of apps when you’re done using them. Staying logged in all day and night is the online equivalent of an unlocked door to an open safe.
Times are tough for a lot of people these days, so the offer of a quick return on investment may be very tempting. There certainly are opportunities out there, but if your gut tells you that this is too good to be true, it probably is.