Iron Comet Consulting, Inc.
cyber security managed services

Movements Bring an Increase in Cyber-scams Preying on the Generous

The current political climate has brought about massive attention to a variety of movements. For example, the Black Lives Matter movement has had record success in online fundraising. Many other movements have had similar success recently on both sides of the political spectrum. But wherever there is a lot of money changing hands, criminals are there to try and take some for themselves. Nowhere is this more true than online. Cyber-scams have had a sharp increase with the COVID-19 pandemic and also with recent racial society issues. With all the media coverage to these movements, its no wonder that scammers take notice. A Google search for the term “Black Lives Matter”  will bring up millions of results. Unfortunately, some of these aren’t legitimate and are criminals posing as a part of the movement to steal money from you. This isn’t an article about any particular movement. This is an article on how to protect yourself from cyber-scams if you want to support any movement online.

People want to help, that is why they get scammed

Most people want to help others in their time of need. This generosity is what will be exploited by criminals. You may receive an email with the subject line that relates to a particular movement. It will contain a great deal of persuasive information on why the group needs your help and your money. There will likely be a link that you can click to donate to the cause. But this isn’t a legitimate email coming from the group it purported to be from. Any donations you send will be going directly to the cyber-criminal.

Alternatively, the email may contain an attachment you are asked to open. The attachment contains malware and it will infect your computer allowing the attacker to steal your data or install ransomware.

These emails will be carefully written to appear as authentic as possible. They will likely come from domain addresses that look very realistic or authentic. The more effort the scammer puts into the email, the higher the chance someone will donate or open the attachment.

How can you protect yourself from cyber-scams?

The first step is to be very suspicious. Did you sign up to receive these emails? If you didn’t, you can 99% be sure this is a scam. Organizations like this will never send unsolicited emails because it is against the law. If you do get an email, go search Google for the actual website of the movement in question and see how you can donate from there. Never donate from an email message. Don’t click the links in the email as it may take you to a copy of the real website instead of the organization’s actual site. Use Google to find the site and go to it from there.

With social media playing a huge part of many people’s lives, this is also a place where we can be attacked. You may receive a direct message from someone claiming to be associated with a movement you support. The message may contain a link for you to click to get more information but as in the phishing emails, the link will take you where you don’t want to go. It may be a site designed to collect information or to get you to donate money. Again, these organizations will never send you unsolicited direct messages

One method we have seen recently is one a person’s account has been compromised, the scammer will send out links to all of their friends. This link contains malware that will allow the hacker to access those accounts as well. This spreads its reach and gives the hacker more opportunities to steal.

Don’t share too much of your information

Breaches happen on a daily basis and more and more of our personal information is making its way online. Because of that, be very careful about what information you are choosing to share online. Most of these breaches end up on the Dark Web at some point. Hackers can use information from multiple breaches to piece together information about you in ways you never imagined.

Check to see if your information has been breached

A good site to check to see if your email address has been found in a breach is Have I Been Pwned. This site scans through thousands of breached databases to see if your email address is there. If it is found, it will show you what breach your data was compromised along with what data was stolen. This can be your name, email address, the password you used for the online service, address, phone number, etc. Since most people use the same password, or a slightly different version of it, for all of their sites, this allows the hacker to access your other accounts.

There is no reason for you to give your real birthdate to an online site (unless it is for official purposes). You can give a fake birthday when you sign up for sites. Use a password manager to help you generate random and secure passwords for each of your online sites. This way, if one of your online accounts has been breached, the attacker can’t use your password to access other accounts. LastPass is a good password manager that is free to use. It will work on all of your devices including phones, tablets, and computers. Your passwords will be synced across your devices so you have them anywhere they are needed.

Two-Factor Authentication

Use two-factor authentication for every site it is available. Two-factor authentication uses a second item, usually a random code generated by an app you have installed on your phone, to keep hackers out of your accounts. Google Authenticator and Authy are good two-factor authentication programs and both are free.

Do your homework 

Before donating to any organization, check them out. Do your research and see if they are legitimate. Two good sites to use to see if your charity or organization is real are Guidestar or Charity Navigator. If you can’t find records of the organization on these sites, there is a good chance they aren’t legitimate. This also goes back to being suspicious. It absolutely a good thing that you want to help others. But hackers also know this and they have many cyber-scams set up to take your money. All the while you think the money went to a worthy cause but instead, it went into some criminal’s pocket.

Be careful out there. Use sound judgment backed up my research and continue helping these worthy causes. Don’t let cyber-scams and hackers stop you from making a difference