Cyber scams aren’t anything new, but they are getting worse. According to a report by the Federal Trade Commission, people reported losing $10 billion to scams in 2023, $1 billion more than in 2022. With more transactions happening online to the tune of trillions of dollars annually, these losses are only projected to worsen, especially with developing AI tools giving scammers newfound abilities.

Every day, con artists look for fresh opportunities—new “marks” who present themselves as assets ripe for the taking. As individuals, key employees, business owners, and executives, we should be prepared for heightened scam activity.

If you think you’re not worthy of being the target of online predators, think again! Your identity, financial data, and what’s in your email are all valuable. Cybercriminals cast a wide net and count on you thinking you’re not a target.

How to Protect Yourself from Cyberattacks

The first step to protecting yourself from cyberattacks is education. You need to be able to recognize common signs of a scam to identify when someone has their sights on you. The FTC identifies four typical aspects of a scam to look out for. Fortunately, these all start with the same letter:

1. Pretend. A scammer will pretend to be someone you know, or from an organization you recognize. This is a core trait of “imposter” scams, which took the top spot on the fraud list of 2023.
2. Problem, Prize. A scammer might tell you that you’re in trouble, that you have some problem to fix. Or they might tell you that you have something to gain if you act.
3. Pressure. The scammer’s best friend is speed. They want you to act before you can research to see if they’re telling the truth—or even stop to think about what you’re doing.
4. Pay. Scammers want you to pay in a specific, irreversible way.

Starting from first principles, these four aspects can help you defend yourself from scams—by thinking like a scammer!

Known Cyber Scams to Look Out For

After you’ve learned the four core aspects of cyber scams, you can easily identify them in the commonly known crimes, as listed by the FBI:

• Fake Charities. Scammers use major health events to set up donation sites for fake victims or use names that sound a lot like real charities.
• Fake Emails, Texts, and Phishing. Scammers try to get you to share your personal information to steal your money, your identity, or both. They might also try to get you to click on a link that installs ransomware to lock you out of your data, or to gain access to your computer or network.
• Romance Scams. Scammers pretend to be in an online relationship with you to earn your trust, then get you to “invest” your hard-earned money into their “business” or “opportunity.” Alternatively, they may just ask you to directly send them money, preying on your trust.
• Business Email Compromise. Slight variations on real email addresses can allow scammers to trick you into thinking you’re dealing with a known business partner. They can also use these tactics to gain confidential information from key employees, including passwords for company accounts or critical data.

4 Easy Ways to Protect Your Identity Online

So how can you reduce the chances of falling for scams? Here are four basic things for you, your family, and your business to do to start protecting yourselves online.

1. Turn on Multifactor Authentication: Practice Good Cyber Hygiene

Some people skip multifactor authentication because it can make logging in a bit slower. Don’t be like those people. Implementing multifactor authentication on your accounts can make it 99% less likely you’ll get hacked.

Whether it’s called Two Factor Authentication, Multifactor Authentication, Two Step Factor Authentication, MFA, or 2FA, they all mean the same thing: opting into an extra step when trusted websites and applications ask you to confirm you’re really who you say you are.

Instead of asking for a password—which can be reused, guessed, or stolen—these multifactor authentication services verify it’s you by asking for two forms of information:

• Something you know, like a PIN or your sister’s middle name, along with
•  Something you have, like an authentication application or a confirmation text on your phone, or
• Something you are, like a fingerprint or FaceID

Compared to “guessing” that compromised password you’ve been using since 2016, this second form of identification is a lot harder for a scammer to fake.

2. Update Your Software and Operating Systems

That software update you’ve been putting off for a while could be doing much more harm than you think. Scammers exploit flaws and weak points in the system. Network defenders and software engineers are working hard to fix them as soon as they can, but that means all of us need to be updating our software with their latest fixes.

Update the operating system on your mobile phones, tablets, and laptops. Update your applications (especially the web browsers) on all your devices too. Even better for security: enable automatic updates for all devices, applications, and operating systems.

3. Think Before You Click: Watch for Increased Phishing Scams

Have you ever seen a link that looks a little off? It looks like something you’ve seen before, but it says you need to change or enter a password. It could be a text message or even a phone call. They may pretend to be your email service, your boss, your bank, or a friend.

It’s likely a phishing scheme: a link or webpage that looks legitimate but is a trick designed by bad actors to have you reveal your passwords, Social Security number, credit card numbers, or other sensitive information. Once they have that information, they can use it on other sites. And they may try to get you to run malicious software, also known as malware. Do not respond, provide personal information, or pay these individuals.

Sadly, we are more likely to fall for phishing than we think. More than 90% of successful cyberattacks start with a phishing email, according to Deloitte. In general, businesses and government agencies do not reach out to you asking for sensitive information, so if you receive a call or email claiming to be from the Treasury Department, IRS, or other government entity, you should be on high alert. If it’s a link you don’t recognize, trust your instincts, and think before you click.

4. Use Strong, Unique Passwords for Different Accounts

Using an easy password is like locking your door but putting the key under the mat. Anyone can get in with a little effort. In general, you want to make sure your password is:

•  At least 15 characters
• Never used as a password across other apps or websites
• Randomly generated

Using one password for all your online accounts is a security risk. Fortunately, many browsers have built-in password managers that will remember your passwords for you. If you do go this route, make sure you secure your password manager account with Multi-factor Authentication (MFA).

How to Report Scams and Fraud

If you come across a scam, there are a few methods available to report it to authorities, including directly to the FTC or FBI, so that the scammers can be tracked and stopped. Be sure to include as many details as possible, such as:

• The exact date and time that you received the calls or emails
• The phone number of the caller
• The geographic location and time zone where you received the call or email
• A description of the communication

If you have any questions or concerns about keeping your financial accounts safe, reach out to a financial advisor today.