Online scammers are proving relentlessly effective, with a staggering 73% of American adults reporting they’ve fallen victim to at least one online scam or attack. This widespread vulnerability highlights how sophisticated fraudsters are, infiltrating even the digital security systems meant to protect our personal information.
- A vast majority of Americans (73%) experience online scams.
- Credit card fraud, online shopping scams, and ransomware are prevalent.
- Younger adults (18-59) are more likely to lose money to fraud than older adults.
- New tactics involve exploiting online calendars and multi-factor authentication apps.
- Simple setting changes and vigilance can significantly enhance online security.
In the last year alone, an estimated 32% of U.S. adults have been victims of a scam. Credit card fraud, online shopping scams, and ransomware attacks—malicious software that locks your files until a ransom is paid—top the list of common cyber cons. Surprisingly, it’s not just older adults who are vulnerable; in 2021, the Federal Trade Commission reported that individuals aged 18 to 59 were 34% more likely than those 60 and older to lose money to fraud. These scams often originate from social media ads, investment schemes, or fake job postings.
Unsolicited Calendar Invites
Table of Contents
Cybercriminals are constantly evolving their tactics, and one of the latest exploits targets your online calendar. Iskander Sanchez-Rola, director of artificial intelligence and innovation for Norton, explains that these unsolicited invitations bypass traditional security measures because they automatically appear on your calendar without requiring your explicit approval.
The trick lies in their subtlety. Scammers aim to confuse you into believing you’ve already accepted an invitation. Clicking on the invite for more details can lead you to a deceptive webpage, often disguised as a legitimate link, or prompt you to download malware hidden as a software update. These attacks frequently target work-related email accounts and their associated calendar applications.
- The calendar invite is unsolicited.
- There are misspellings in the link or sender’s address.
- The invite is work-related but only you received it.
What you can do: To protect your digital schedule, adjust your online calendar settings to prevent automatic updates. For Microsoft Outlook users, specific instructions are available online. Google Calendar users can limit which invitations appear on their schedule by following similar guidance. If you suspect an invite, Derek Manky, chief security strategist at Fortinet, advises against replying directly. Instead, he suggests contacting a trusted contact within the supposed organization to verify the meeting’s legitimacy.
Multi-Factor Authentication Exploits
Multi-factor authentication (MFA), often called two-step verification, is a critical security layer. However, attackers are now targeting the apps that manage these codes. MFA attacks have been ongoing for years, constantly adapting to new platforms like authenticator apps, according to Manky.
A common scam involves an onslaught of verification notifications from your authenticator app, even when you haven’t initiated a login. Sanchez-Rola notes, “This scam is all about wearing you down to the point of clicking an unknown notification and accidentally providing your personal information.” The goal is to pressure you into approving a login you didn’t request, which is akin to “handing your keys to a stranger,” as Sanchez-Rola vividly puts it.
- The authenticator app requests verification or sends a code you didn’t request.
- Multiple notifications arrive in rapid succession without your prompting.
What you can do: When bombarded with MFA notifications, pause before acting. Opt for authenticator apps that provide verification codes rather than those that send push notifications, as the latter are more easily exploited for pressure tactics. Regularly changing your passwords also helps, as it limits the exposure time for any compromised credentials, Manky adds.
Suspicious HTML Attachments
Emails containing unfamiliar HTML attachments remain a persistent threat. These attachments can redirect users to phishing webpages or trick them into downloading malware. Manky states this is a tried-and-true, though still effective, scam tactic.
HTML files contain code that can execute malicious scripts, such as JavaScript, which can install information-stealing malware or launch phishing pages designed to harvest login credentials. Fraudsters often use familiar brand names or services to make these emails appear legitimate. “If an email is unsolicited, the end user should always question the identity of the emails being sent,” Manky advises.
- The sender is an unknown contact.
- The attachment is unsolicited and appears suspicious.
What you can do: Always exercise extreme caution before opening any email attachments. Look closely for “typosquatting” in URLs within attachments, where domain names are slightly altered from legitimate ones, Manky cautions.
