Learn about Boss Scams, Smishing, and Phishing, and how to avoid becoming a target for all three.
When’s the last time you got a text or email that you knew was a scam? With how common scam texts and emails are these days, it probably wasn’t that long ago.
Despite how common these scams may be, it’s more important than ever to protect yourself and your company. It’s too easy for scammers to expose your personal or company data, so you’ll want to do your due diligence to avoid having important data exposed.
Not sure where to start? We’ve got you covered.
This one’s been around for a bit, but if you’re not familiar, here’s the gist. Phishing is the most common way that attackers successfully trick victims into sharing their personal information. By posing as someone the victims know, they send emails with malicious links or attachments in hopes the victims will take click on them and ultimately provide access to sensitive information or funds.
To avoid falling into this scenario, consider these tips:
- Pay attention to the sender of the email. Make sure you confirm who the sender is before clicking on any links or attachments.
- Watch for textual errors or red flags. Any misspellings or strange tones in the content of the email may indicate it wasn’t sent from someone you know.
Phishing scammers are constantly evolving their tactics — did you know they’ve started using Google Ads to redirect users to fraudulent web pages? It’s true! Just like they do in phishing emails and on fake websites, cybercriminals are now using ads on search engines to impersonate legitimate brands.
These fake ads are used by these scammers to bring unsuspecting users to phishing or fraudulent web pages. The web pages trick users into giving up confidential information, like their login credentials, account details, and other Personal Identifiable Information (PII). There are even fake customer support web pages that ask users to call a fake customer support number to carry out their scam.
To keep yourself safe from these fake Google Ads, try these steps:
- Beware of fake search engine ads. Avoid using search engines to search for the login page for any of your accounts. This is generally good advice to follow, too, for any websites you regularly visit.
- Access websites directly. Rather than clicking on a link that pops up in Google’s (or another search engine’s) search results, navigate to the website you want to visit by typing in the URL into your browser’s address bar (or bookmark it for easier navigating). Never click on any ads that claim to bring you to your desired destination, especially one where you enter login credentials. Justworks, for example, doesn’t run ads to our login page.
- Stay vigilant. If you think an account of yours has been compromised, verify that your account information is accurate (e.g., bank account, address, email address, phone number). Then, proactively monitor any other accounts that may be linked. Bank account alerts and credit monitoring services can help you keep track of any changes to your accounts.
You likely know what scam texts are. But what about smishing? Smishing is a form of phishing that uses text messages to contact unsuspecting individuals. Want to know how serious it’s become? Text messages are being abused so much that Twitter announced in March that they discontinued the primary use of text messages as a second factor authenticator.
When it comes to smishing attacks, what should you do?
- Ignore any message from unknown numbers. If someone really needs to get in touch, they’ll find different ways to reach you.
- If you responded in the beginning, stop responding when a link is provided or a fund is requested. The initial message may sound harmless, but most of them are targeting your money.
- Even if no funds are requested, avoid sharing any personal information through text message. Unless you’re absolutely sure who you’re communicating with, you should not provide any personal information. While you’re at it, it’s also best practice to avoid sharing your PII over text in general.
Has your boss ever emailed or texted you? It’s not uncommon, but the key is to consider the nature of the message. Does the message ask you to send gift cards to pay for an upcoming office party? Beware — this specific scenario is a typical Boss Scam. With AI use and capabilities growing rapidly, attackers may use voice calls to target you as well.
The FBI, Federal Trade Commission, New York Attorney General, and other government agencies have issued many warnings against Boss Scams over the years. Why are these scams so effective? Attackers assume their targets are more likely to engage with phishing emails and text sent from a familiar person in a position of authority. Posing as “the Boss” also puts pressure on the employee, prompting them to act with a greater sense of urgency and — against their better judgment — skip their due diligence.
Here are some tips for spotting and avoiding Boss Scams, Smishing, and Phishing:
- Think twice about why your CEO would text you directly. When in doubt, call your boss to verify the request before taking any action.
- Don’t click on links or attachments. Scammers may use attachments or links that look official (labeled as “invoices,” “purchase orders,” or something similar) in order to install malware or take over a computer for ransomware attacks.
- Slow down and do your research. Scammers may use aggressive tactics like urging you to act quickly and threatening you with repercussions to your job. Slow down. Give yourself time to verify the information they provide.
- Know that no legitimate business takes payment through gift cards. Money sent via hard-to-track methods like gift cards cannot be easily recovered. If someone calls you asking for payment via gift cards, it is almost certainly a scam.
If you suspect that you or someone you know has become a victim of a Boss Scam or any other fraud, report it at once. You can also report unwanted text messages. New Yorkers who have been targeted by this scam are urged to file a complaint by completing and submitting a Consumer Frauds and Protection Bureau online complaint form or by calling (800) 771-7755.
This material has been prepared for informational purposes only, and is not intended to provide, and should not be relied on for, legal or tax advice. If you have any legal or tax questions regarding this content or related issues, then you should consult with your professional legal or tax advisor.