Are you confident about spotting scams online or in phishing emails? If there’s a bit of uncertainty or tech discomfort, don’t worry – you’re not alone! Taking the time to learn about common scams, understanding tactics, and adopting to best practices for online security can improve your digital safety. Watch this webinar with Cynthia Stewart, Program Manager for the Center for Information Integrity at the University at Buffalo and Executive Director of DART Collective, as she dives into the world of scamming and how you can protect yourself from it.
- 00: 00 – Intro
- 1:12 – Poll #1: When did you last get an email, text, or phone call that you thought might be a scam?
- 1:58 – Creating tools to help older adults recognize and navigate scams
- 5:46 – Poll #2: Have you or someone you know been the victim of a scam? Was it you?
- 7:57 – 3 Common Scams
- Identity Theft
- Grandparent Scam
- Romance Scam
- 11:00 – Identity theft: Financial ID Theft
- 14:28—Identity Theft Signs
- 14:08—Tax ID Theft
- 16:15 – Medical ID Theft
- 17:30 – Scam Examples & Tips
- 24:55 – Identity theft – What can you do?
- 27:04—Poll #3: Have you ever used one of these passwords?
- 28:01 – Password security
- 29:34 – Choosing and Remembering Passwords
- 31:37 – Phishing Sites
- 33:33 – Encrypted Sites
- 35:02 —Grandparent Scams
- 39:17—Romance Scams
- 45:58 – Learn more about DART (dartcollective.net)
- 48:09 – Viewer questions:
- Are password managers like either LastPass or Password Keeper, things like that, are they still good and secure?
- Where can we send an email? Is there some place that you can report scammers?
- When these identity theft criminals are trying to get into our accounts, do most websites not have where if you go in too many times, it locks you out? Is that just for our banks maybe?
Kathryn: Thank you for joining us for this webinar on Protecting Seniors from Scams with Cynthia Stewart.
Cynthia: Good afternoon. My name is Cynthia Stewart, and I am coming to you from beautiful, frosty Buffalo, New York. I work at the university at Buffalo on a project aimed at using technology to protect people from scammers. It’s called DART. DART now means deception, awareness, resilience, tools. Because it’s not just about providing information. It’s not just about training. If it were, webinars would be enough. What’s important are awareness and resilience, lifting the level of awareness, not just raising awareness. I think we’re all aware that scammers targeting older Americans is a problem but raising the level of awareness in an ongoing way. Increasing vigilance, we need tools for that. And we need tools to build resilience. Ways for people to practice habits to keep yourself safe, so that they become second nature when you’re faced with a scam. Let’s start with awareness, and let’s start by seeing how aware you are. When was the last time you got a text, email, or phone call that you thought might be a scam? Excellent. Nobody is under the delusion that they never have. That’s great. One thing that was really interesting was when I turned 50, the types of scams I got changed, and that was really interesting to see. And that’s an interesting point. Scammers tailor their attacks, so we need to tailor our interventions and our tools. What works for middle school kids is not going to appeal to retirees. And vice versa. So we have to tailor our tools the same way scammers tailor their attacks. And that’s why we decided to start by creating tools for older Americans. Because they are the single most targeted population in the world by an order of magnitude. There are lots of reasons people give to explain this. You’ll hear that older adults grew up before the internet was invented so they’re not as comfortable with technology. Cognitive declines that come with age make older adults more vulnerable. Older people are lonely. They feel rude not answering the phone or hanging up on someone. While these things are certainly true for some older adults, they do not hold true for everyone. Many seniors embrace new technology and cognitive declines that are an individual process. You can’t predict it based simply on someone’s age. And I want to bust one myth in particular. It’s commonly believed that younger people, those who grew up with technology and smartphones, the so-called digital natives, are simply better at using technology than older generations. It’s like breathing to them. If you need help with your phone, ask your grandchild. It’s a cliche because it’s usually true. However, a recent study found that Gen Z and millennials have the highest victimization rates of any generation, more than their parents, more than their grandparents. Despite having grown up with technology and having access to more cyber security training than any other generation, they fall into the traps set by scammers all the time. If anything, their comfort level with technology makes them more vulnerable to scammers. So older adults are not more vulnerable than other generations, but they are more targeted. And they lose more money to scammers because they have more to lose. A 20 something may fall victim to a scam, but they don’t have much accumulated wealth. Older adults have more to lose, so scammers target them more. These numbers are from 2022, but I don’t expect this year’s figures to be any better. And these numbers only reflect people who reported their losses to the FBI. Many people are too embarrassed to say anything to anyone, or they don’t know where to report it. So the real numbers are much higher. And not only do seniors have more to lose, they have less opportunity to recover from any losses. A younger person who loses their nest egg may have to work and save a few more years before making a large purchase. Where an older adult may suffer repercussions for the rest of their lives. They may never recover. Our interview data shows that many older folks feel vulnerable and exposed to a range of online deception schemes, and they’d like to learn more how to protect themselves and to help others. But the numbers don’t tell the whole story in another way. So I want to tell you a story. This is Peggy, a real person that I really talked to last week. Peggy’s a retired nurse who ran the assisted living unit in a retirement community in California. One day, a resident was targeted by a grandparent scam. Peggy intervened, and the good news is that the scammers didn’t win that time. But Peggy was shaken. She felt she had to train both her residents and her staff about scams, and she didn’t know where to start. We need tools to help people like Peggy, older adults that serve a mentoring function in their communities. Maybe you’re one of those people, the one everyone goes to when they have a question, or maybe you’re one of those people for the elders in your life.
That’s another reason we decided to start with older adults, that community feeling. The pain of losses affects a person’s entire support network, but older adults are also more likely than other generations to want to help their friends stay safe. Have you ever been a victim of a scam, or do you know someone who is the victim of a scam? So let’s see, 74% of you know someone, or have been a victim of a scam, or know someone, and 36% are willing to admit they were the one who was scammed. And I congratulate you on that, not on being scammed, but on being willing to tell the truth. The point I wanted to make with this poll is that anyone can be scammed.
Anyone. Every member of the DART team has a story about a scam in their family. And full disclosure, Peggy is my mom. That’s how I can always be sure that I talked to her just last week. And that was just one of her stories. There’s no such thing as being too smart to be scammed. There’s no level of education that will make you immune. There is no magic webinar. I wish there were. But scammers have been honing their craft for centuries. Because you see, it’s not about the technology. Scammers will use whatever technology is available. When the printing press was invented, as soon as Gutenberg finished printing his Bibles, true fact, the very next things that were printed were propaganda and phony sales scams. Scammers exploit our emotions. That’s where their real power lies. They set traps for us, and our embarrassment about being victimized and targeted keeps us quiet. Leaving them free to exploit the next victims. We don’t necessarily need tools for that. We need courage. We need to de-stigmatize talking about scams. And I’m not going to ask those of you who have been a victim to share your story if you’re not comfortable, but I will ask all of you this. If I show you something today that you didn’t know before, please take it back to your community and share it. Help increase awareness. One of the reasons webinars are not enough is because not everyone has access. And not everyone who does takes advantage of it. So we need tools, but we also need ambassadors. We need agents for good to help counter the scammers. And we need our agents to be knowledgeable. So it’s time to get into the information part of this webinar. I’m going to talk about the three most common types of scams. I’m going to share some techniques that scammers use and some of the ways they use technology to make these scams more effective. I’ll also show you some tips and tricks how you can avoid becoming a victim. So let’s get started. Probably the most well-known type of scam is identity theft. That’s when someone steals your personal information.
They pretend to be you in order to steal resources that you have access to. And if you’re thinking, I’m not rich, why would anybody bother to steal from me? It’s not worth it. I’ve got news for you. It doesn’t matter. Because scammers use technology to work in volume, they don’t need to get a lot of money from each victim. And they can take more than your money. They can steal your Social Security benefits, your tax refund, even medical services that you have access to through Medicare or other insurance. They can apply for new loans and credit cards in your name and leave you with the debt. They may even use your identity while committing other types of crimes, leaving you to prove your innocence. If you’re a decent person with a good reputation, you have something they want. Grandparent scams are when a scammer will pretend to be your grandchild or other loved one who’s in trouble and needs your help in the form of money. New technology is making these scams especially difficult to detect. Romance scams are when scammers try to start a relationship with you and then, well, it can go a couple of different ways. We’ll go into that later. The terminology can get complicated and confusing, pig butchering, fishing, cat fishing, spoofing, but all of these types of scams are really variations on a very old theme. When it comes down to it, scammers are con men. They either gain your confidence to steal your money or they steal your identity to gain the confidence of other people and use that to commit crimes. We tend to think that the enemy is some sort of high tech hacker, when really a scammer could be anyone, someone trustworthy, and they use that trust against you. Again, technology allows them to target lots of people at the same time. In the good old days, con men had to earn the trust of their victims face to face. It took time, and so the wealthy were the primary targets. Today’s scammers hide behind screens, and they target everyone they can. There is no reason to be ashamed for being targeted. You didn’t do anything to get on some list. And unfortunately, that means there’s nothing you can do to get off of a list. So as they say here in New York, if you see something, say something. If you get a suspicious text or email, show your friends and family. Talk about what makes you think it’s a scam. Sharing helps everyone’s awareness. And very likely that your friends will get the same scam sooner or later, and then they’ll know what to look for. Okay, let’s dig into this a little bit more. Identity theft is when someone pretends to be you to gain access to resources or use your good name and reputation to get money or other benefits you’re entitled to. This is by no means an exhaustive list of the types of personal information scammers want, but these are some of the most common. The information thieves are interested in is not always clear. Some things are obvious like Social Security numbers or credit card numbers. Others are not like family relationships and insight on your personal life, but anything that can be used to convince someone that you are you can be used by scammers to impersonate you. So any sort of a number that is unique to you or your family, like insurance numbers, is important to protect. Also, family details like your mother’s maiden name. Ever wonder why institutions always ask you for that? It’s something you are likely to know, but it would be very difficult for someone outside your family to discover it. Now, obviously, it’s not very feasible to go through life and not share some of this information. Your name and birthdate are likely already known by many people, maybe even shared on social media. That doesn’t mean you should give up protecting your other information. And if you ever get annoyed at having to prove you are yourself to sign into your accounts, remember that the point is to keep the scammers out. Thieves are creative, and they’re always looking for new methods to access information for their own gain. Think how much information people post about themselves on social media. A thief might be very interested to know that you’re on a nice vacation, or what your pets or grandchildren’s names are. Don’t use social media yourself? That doesn’t mean you’re safe. What could scammers learn about you from what your family or friends post? But scammers also use low tech methods as well, like stealing or redirecting your mail. It’s important to be alert to changes in your mail delivery. Always review your credit card bill and bank statements for charges you don’t recognize. And black out your account numbers and shred the statements before throwing them away. Getting calls from debt collectors or bouncing checks, those would be signs that are hard to miss. But you might not know why you were denied a loan or that someone has taken out credit cards or loans in your name unless you make a habit of checking your credit report regularly. And sometimes, scammers will just plain call you and ask you for your personal information. You’d be surprised how effective this can be. They may pretend to be from your bank or insurance company or Pure Financial Advisors. They’ll tell you there’s been a security breach and they need you to verify your information. Isn’t it great that they’ve used the threat of scammers to scam you? A legitimate company should never do this. And if someone calls and asks you to verify your information, tell them you will call them back. And if they give you a number to call, don’t use it. Instead, go to the company’s website, find their number, and call. Never give identifying information over the phone unless you called them. One specialized type of identity theft is tax ID theft. This is where the scammers impersonate the IRS to get you to disclose your identifying information, and it’s especially popular during tax season, which is coming up pretty soon. Please note, the IRS uses the U.S. Postal Service to initiate contact with taxpayers. They are old school, they use snail mail. They will not call, text, or email you to initiate contact, and if you contact them in one of those ways, they will likely follow up with a paper letter to confirm the interaction. If you get one of those follow up letters but you didn’t call the IRS, then a scammer was probably trying to impersonate you. You need to call the IRS and let them know it wasn’t you who called originally. Why do scammers impersonate the IRS? It’s pretty simple. Because at some level we’re all afraid of the tax man. Scammers use emotion to get us to act without careful thought. If you get a call, text, or email that makes you feel a strong emotion, fear, but also excitement, hope, curiosity, stop and think. You always have time to stop and think. And seek help if you need to. In addition to using fear of the IRS to manipulate people, scammers may also use your Social Security number or tax ID number for their own ends. They may steal your tax refund by filing a return before you do and having the refund sent to their address. Or they may set up a business, leaving you with the tax liability for income they earned. Any communication from the I.R.S. should be taken seriously, but do not panic. You always have time to stop, think and figure out what’s going on. Another specialized type of identity theft is medical ID theft. This is where someone gets access to your insurance information and uses it to get medical care. This can be particularly dangerous for you because it messes up your medical records. As a result, you could get incorrect treatment because your records indicate you have conditions or are taking medications that you don’t. And now that most practices are using electronic medical records, a mistake made one place can be shared by all of your doctors. It can also be financially detrimental because you may be charged for services you didn’t receive, and they’re likely very expensive procedures and treatments. Or you may not be able to get the treatment you need because your benefit limit has been reached. Medical ID theft can be extremely difficult to catch preemptively. You need to monitor all bills and statements in detail and question charges, whether you’re being asked to pay or your insurance company paid. Any charges that you don’t recognize. This practice also has the added benefit that it may save you from padded bills. And remember, just like with credit card statements, be sure to black out personal information and shred any documents with medical information before throwing them away. Okay, that was a lot of heavy stuff and I’m starting to feel like I’m lecturing. Which is fine when I’m dealing with college students, but it doesn’t seem right for grown people.
So let’s break this up a little bit. We’ve seen several of the major types of identity theft, what scammers are out for, what they can get out of it, and a few tips of things you can do to keep them from getting your personal information. We’ve talked about a few ways they try to steal your information. They may go through your trash, so black out and shred anything with identifying information. They may call you and pretend to be an institution with which you do business, and it’s often very generic. They’ll just call and say, Hi, this is so and so from your bank. And being generic is one red flag. If they were your bank, they’d say what bank it is. They’d give you some details. Whenever anyone calls and asks you to verify your personal information, tell them you will call them back. Then look up the number yourself. Do not trust a number they give you. What if they email or text you? There are some specific things you could look for in an email or a text that can be red flags that they’re probably scams. So let’s look at a couple examples. These two text messages claim there’s a problem with your account or payment information without providing specifics. They feel vaguely threatening. They don’t demonstrate that they’re really from official sources and they urge you to click on a link. Do not click links in unsolicited messages.
You want to look for the HTTPS rather than just HTTP, that S indicates that the site is encrypted. That means that the information moving between your computer and the site is encoded in a secure way. If you don’t see the HTTPS, the site may not be safe. But note, just because you do see the S doesn’t necessarily mean the site is safe. I’ll say more about that in a bit. What about this one? It doesn’t feel threatening. In fact, quite the opposite. But it does try to make you feel something. And like the others, it doesn’t provide specifics. You know, the fine print. Some exclusions may apply. A real offer would have limitations. And let’s face it, Walmart giving out $1000? That’s just too good to be true. Email scams can be tricky to spot, especially when they look like they come from a legitimate company. Here are some common signs why this email is not legitimate. It says it’s from Netflix. But Netflix.com is not an email address. All email addresses should have that @ symbol. This is a feature that email programs added to make it easier for you to recognize messages that come from your friends, from people in your contact list. It’ll just show their name instead of their email address, which might not even contain their name, so it makes it easier. But scammers exploit it. But here’s the thing. If you click on that alias, then it’ll pop out the actual address. And that looks like a Netflix email address. You would expect a company email address to have the company’s name after the @ symbol in some form. So you would expect a message from Netflix to be from customer service@Netflix.com or something like that. If this says email@example.com, I’m not sure who that is, but I’m sure it’s not Netflix. If you really want to check it out, maybe it’s a smaller company and you’re not quite sure what the email should look like, you can go to the company’s website and look for a contact email with all of the emails for a company should follow the same protocol. So if you can find one email, you’ll know what format all the emails should look like. Another red flag is this generic greeting just says, Dear customer, instead of having your name. That could be a sign that it’s not legitimate. It also makes a suspicious claim. Claims that your account is on hold or you have a billing problem, but it doesn’t provide specific details about the issue. Could be a scam. And then it provides a phishing link. If the email invites you to click a link to update your payment details, the link might be a phishing link. Legitimate companies will not email or text you with a link to update your payment information. What they will do instead is instruct you to go to their site, log into your account, and then update your information. Only by navigating to their site yourself can you be sure you’re in the right place. By the way, phishing is when a link takes you to a website that looks like it’s legit, but it isn’t. In this case, if you were to click that button, you would go to a website that looks very much like Netflix, and they would ask you to log in. You’d give them your Netflix username, password, maybe update your credit card information, and then they have all that information. That’s why it’s not enough to just check if the link looks legitimate. Only if you go to the site yourself, do you have control. Again, it is never a good idea to click links in messages you didn’t request.
Let’s try one more example. This one appears to be from your friend Bruce. Bruce is inviting you to look at some pictures, and Bruce, you do really have a friend named Bruce Straton, and he really did just get back from vacation. You click here to see if that’s really Bruce’s email address.
Maybe it’s not. Maybe that’s a red flag. But, then again, maybe that’s Bruce’s email address. Some email addresses look very strange. Even if that is Bruce’s email address, it doesn’t mean that the message is from Bruce. A scammer may have gained access to Bruce’s email and be sending out messages. So, maybe it’s from Bruce, maybe it’s not. Again, there’s no greeting. That seems strange. But, maybe that’s just how Bruce is. The message is trying to get you to feel curious. Again, that is something that Bruce might do. But anytime a message tries to cause an emotion, you now know to stop and think. Photo sharing sites are real. This might be legit, but this link, it’s just strange. It does have that S, so the site’s encrypted. But, I don’t know. That just looks very strange to me. So it might be real. It’s inconclusive. We’ve looked for the red flags. We’re not sure. What I would recommend is that you check with Bruce before you click that link. Make sure he did send you that email. And maybe propose to just meet him for lunch and look at the photos together and hear his stories. Hopefully, these examples give you an idea of what DART is trying to do differently. We think it’s important for people to see and interact with real examples. In a webinar, I can only do half of that. I can show you some examples and walk you through the red flags, but we’re creating a tool that will let you practice where to click and what to look for, and give you immediate feedback. It’s called experiential learning. Things you do yourself stay in your memory longer than things you only heard or read, and that’s what builds resilience. So to summarize, there’s lots of ways you can protect your personal identity, identifying information. Many of them have nothing to do with advanced technology.
Limit what you carry around with you. If you’re not carrying it, you can’t lose it. Only carry what you need. When was the last time you needed to show someone your Social Security card? I have only ever needed it to get a passport or when starting a new job. So don’t carry it around. Keep it safe. And from time to time, check that it’s still in the safe place. Monitor your email and black out personal information and shred documents that have things like account numbers or insurance numbers before you throw them away. Never, ever, ever give personal information to someone who calls you unsolicited, even if you are absolutely sure that it is your favorite grandchild. Call them back at the number you have for them. I’ll say more about that when we talk about grandparent scams. But the same goes true for businesses. If someone says your credit card is about to be canceled, call back at the number printed on the back of your card. Your bank has had a security breach and needs to verify your information so they can reconnect you to your accounts.
Look up the number of your local branch and call them yourself. When it comes to email and text messages, we looked at several common red flags that you can look for. Not every scam will have these red flags, or not every scam will have all of them. And not every message that has these is a scam. In particular, we’re seeing more scam messages that have good grammar and spelling. If you’re wondering why I didn’t point that out as a red flag earlier, this is why. The scammers are getting better at their grammar and spelling. And, let’s face it, students these days are not learning grammar and spelling the way they used to. If you remember nothing else I say today, remember this. It’s the corollary to top tip number one, which as a reminder was, you always have time to stop and think. When in doubt, check it out. Independently verifying that a communication is legit is never a bad idea. And you have time. Okay, last zoom poll question. Before we move on to grandparent and romance scams, let’s look at a couple things I’m calling advanced topics. Start with passwords. How important is it really? We all know we need to have secure passwords and should change them periodically, right? Been told that a million times. And yet, these are still the 20 most common passwords according to Reader’s Digest. If you ever used any of these, if you’re wondering why some of these are most popular, all you have to do is put your hands on the keyboard and it’ll start to make sense. It’s also popular to, use your birthday, use pet’s names, and that’s part of the reason why scammers want that information. We’ve got a few people who are willing to admit they’ve used some of these. If you’re still using one of these or something similar, I would like to try to persuade you to change that. Alright, so here’s a graphic I like. Across the top are factors that make a password more difficult for a scammer to guess. Number of characters, whether you use only numbers, only letters, some combination, whether you use special characters. With the aid of random password generators, a scammer can guess your password virtually instantly if it is too short. And if it was on that top 20 list, instantly. Those, are the first ones they check. Using longer passwords and including a combination of numbers, upper, lower case letters, and special characters can make it harder. These combinations take from a few seconds to a few hours to check, to crack. Going even longer and more complicated can pretty quickly take it from hours to days and even years. Theoretically, any password can eventually be cracked, but the timescale gets really unrealistic if you go with long and complicated enough passwords. I believe this top estimate here is six quintillion years. I’m not even sure how many zeros that is. If for an 18-character complex password. That might be more security than you need. Ultimately, it’s up to you how difficult you want to make it for thieves, but the goal is to make it more trouble than it’s worth, so they’ll just move on to the next person. Personally, I aim to go for the high end of this blue range. That’s where I feel good. And I can almost hear you saying, yeah, we know we should do better with our passwords, but who could remember a long, complicated password? So I have three methods I’m going to suggest. Method one, pick a book, pick a page, and use the first letter of each line. Just doing that, I, think I went with 11 characters here, will give you a password that would take about four years to crack. Notice how substituting numbers for some of those letters really increases how secure the password is. And if you substitute in a few symbols, it gets really, increases it. With this method, you can also just keep a list of what page number goes with which account. And as long as you don’t keep that list with the book, nobody’s going to make the connection. So it’s easy to remember. Second method, pick a phrase, something memorable, something you can remember, and again, use the first letter. Again, swapping in some numbers and symbols can make it even stronger. And finally, random words. You can use a random number generator. I suggested one here. In that generator, you can limit the number of letters per word if you like. For this example, I limited it to four letter words because I wanted something close. I’ve been using 11 letters for the other example, so I wanted something close. But if you don’t limit it, you can easily come up with very long passwords very simply. If you go long enough, you can get a very secure password even before you start swapping in numbers and symbols. To remember words like this, yeah, you might need to make a list and keep it somewhere. and that is a risk. And especially if you have people coming into your home regularly like cleaning people, but it’s less risky than having bad passwords. So, there’s three ways, that you can choose. Hopefully make a New Year’s resolution to make some better passwords. Actually, the New Year is a great time to reset all your passwords and check your credit report so that you know you’re doing it annually. Make that one of the things you do as the New Year ritual. Another topic. I mentioned phishing earlier, but I want to look at it just a bit more closely. As I said, phishing sites can look really real, like this one. They’re made by criminals, so they don’t care about honoring Amazon’s trademark. They will just blatantly rip off Amazon’s logo and the design of their website. They’ll use the same fonts. They will just make an identical looking website. If you clicked on a link and it ended up on this site, you could be forgiven for not noticing that anything was amiss. But if you look at the URL, it’s not quite right. If you were to enter your email address and password in this site, it would behave exactly as if you were signing into your Amazon account. It would take you to another page that looked like Amazon. If you update your profile information, they’d have that information too. Now, they can sign into your real Amazon account and buy whatever they want, on you. And scammers get really tricky about making the URLs look as close as possible to the legitimate site. Put two examples up here. Can you spot the difference? The top one is correct. The bottom one substitutes a Cyrillic character that looks like a lowercase a for the second a in Amazon. And this font makes it a little more obvious. Some fonts it’s virtually impossible to tell. It’s really easy to miss, which is why you should not rely on remembering to check the URLs. Even if you check them, they may fool you. So just don’t click unsolicited links. One more thing I mentioned in passing earlier that I want to show you. Get a little more into what encryption is and how you can tell if a site is encrypted. Encryption is a fancy word for being put into a code, a virtually impossible to crack code. Encryption means that the data sent between your computer and a website is only readable by you and the website you sent it to. That means if a hacker intercepts your data, it will be useless gibberish, and that is a good thing. There are two easy ways to tell if a site is encrypted. One, we already talked about, look for the HTTPS. That S means safer or securer. I always like to think of it as safer because it doesn’t mean it’s totally safe. The other thing to look for is a little lock or key symbol. Now, depending on your web browser, it may not show the HTTPS part of the URL. This one doesn’t, but it shows the little lock symbol. Some show a key, some like this one show both. But those are things to look for. That tells you that the site is encrypted. All right, but why did I say safer but not safe. Well remember encryption means that the data sent from you to the site can’t be intercepted by someone, but the site you send it to can read it. So if the site you’re sending it to is a phishing site, then encryption won’t protect you from the scammers running that site. So just because you see the HTTPS, if they didn’t really say Amazon. You could have an encrypted site going directly to a scammer. So just to be safe, and I know I’m starting to sound like a broken record, don’t click unsolicited links. Okay, next type of scam. Grandparent scams typically work something like this. The victim gets a call from someone posing as his or her grandchild. Sometimes this is as simple as saying, hi grandma, and waiting for the person answering the phone to go, Billy is that you? In which case, of course the person is going to pretend to be Billy. The person on the phone explains in a frantic sounding voice that he or she is in trouble. There’s been an accident, or an arrest, or a robbery. To up the drama and urgency, the caller might claim to be hospitalized or stuck in a foreign country. To make the impersonation more convincing, the scammer may throw in a few family details gleaned from social media. Think about how much information is out there.
Ever posted about a grandchild going away to school or camp? Maybe with a photo wearing their college t-shirt? Now a scammer can look up when that school spring break is. Spring break is a time when students traditionally might get themselves into a wee bit of trouble. They may even find video of your grandchild if they use something like TikTok, and be able to hear and imitate their voice. The imposter offers just enough detail about where and how the emergency happened to make it seem plausible, and then maybe turns the phone over to another scammer who pretends to be a doctor or police officer or lawyer, and they back up the story. The grandchild implores the target to wire money immediately, adding the plea don’t tell mom and dad. Scammers frequently call late at night, figuring that people may be more easily confused if they’re awakened.
They use high pressure techniques, again, trying to elicit a strong emotional response so that their victims do not stop and think. They may also ask you to send money in a strange way, gift cards, or prepaid credit cards, or wire transfers. They do that because those kinds of ways to send money are untraceable. So how can you protect yourself? If you use social media, make sure the privacy settings only allow people you know to access your posts and photos. And remember that other members of your family may be posting things that scammers can use. Don’t volunteer information. Scammers fish for facts they can use to make their impersonations believable.
Do hang up immediately and call the grandchild or other family member in question on a known number to make sure they’re safe. With luck, they’ll answer, and you’ll know the supposed emergency was a scam. Contact other family members or friends. If they don’t pick up and you have concern that the emergency could be real, scammers ask you not to tell mom and dad precisely so you won’t try to confirm the situation. If you speak to someone who claims to be a police officer, call the relevant law enforcement agency to verify the person’s identity and any information they’ve given you. Trust your instincts. If something doesn’t feel right, it probably isn’t. Don’t drop your guard because the number on your caller ID Looks familiar.
Scammers can use technology to make it appear they’re calling from a trusted number. That’s called spoofing. Don’t let a caller rush you into making a decision. Don’t send cash, wire money, or provide numbers from gift or cash cards. Scammers prefer those payments because they’re difficult to trace and almost impossible to get your money back. With a credit card, you can dispute the charge. With a check, you can cancel it. Don’t use weird ways of making a payment. And most especially, don’t panic. No matter how dire the grandchild’s supposed predicament sounds, scam artists want to get you upset to distract you from spotting the ruse. If these tips remind you of what we learned for identity theft, that’s not a coincidence.
Remember, these are variations on a theme, and you always have time to stop and think and check it out. If a situation can be fixed with money, then there’s time to check it out. If it’s really such an emergency that you don’t have time, money can’t fix it. Hang up and call your grandchild or their parents. Verify the situation independently. The last type of scam we’re going to look at are called romance scams. And I wish they’d changed the name, but that’s how it’s known out in the world. So I’m going to stick with it. People often tell me they don’t need to know about these scams because they aren’t dating. I’m happily married. I don’t need to know about romance scams. Well, a couple of things. First, the name’s a bit misleading. What they really are is relationship scams. Scammers pretend to want a relationship with you, but it’s not always a romantic one. There have been cases where scammers found victims by reading obituaries and then contacting the surviving spouse a few months later, just when they might be wanting a new friend, which it’s just despicable. Second, remember we are agents for good. Even if you aren’t looking for love or friendship. Maybe you know someone who is, who might need to know how to spot a romance scam. What distinguishes these scams is the time invested by the scammer. And that also makes the emotional impact of them much greater. It’s not just the momentary panic that is caused by something like a grandparent scan. Scammers start by creating fake profiles on social media or dating sites, they tailor the profile to appeal to the type of people they plan to approach. And so they are particularly attractive. The profiles often indicate profession that gives the scammer a plausible reason to be out of the country, not to meet in person. Impersonating military personnel is particularly popular, but they may also say that they are physicians working abroad or businessmen. Maybe they’ll say they’re with Doctors Without Borders to make them seem, you know, generous. It’s important to remember that a person that you meet only through technology may not be a person at all. The image may be generated by AI. Or it’s just stolen from someone else’s profile. There may be a whole team of people playing a single character so that they seem perfect for you. Or, someone may just have chat GPT write the dialogue. Be suspicious. The more a person is a perfect match, the more suspicious you should be. Nobody’s perfect. Scammers will try to make the new relationship move very quickly. They’ll push to move communication off the platform where they met you as quickly as possible. And that’s because the platforms are trying to catch scammers. So if the scammer can get you to give them your phone number or email address, then the platform won’t notice any suspicious behavior. Scammers use a technique called love bombing, showering their target with affection, flattery, even gifts to move things along more quickly and being showered with positive attention is very hard to resist. And the gifts also confuse people. How can you suspect them of being out for your money when they’re giving you things? But it’s a trap. Once they have their victim emotionally invested, a few different things might happen. The most common is for the scammer to start making requests for money, to pay for emergencies of various kinds, medical expenses for themselves or their family, car repairs, maybe plane tickets so they can come and meet you face to face. Trust me, they’ll have some excuse why they don’t follow through on that. The list goes on, and the scammer will keep up the relationship as long as the victim is willing to send money. Another variation is called pig butchering. This is where the scammer will encourage their victim to invest in some exclusive opportunity. This is often crypto, but can be any type of investment. They invest your money and show you great returns. Again, how could you suspect them of being a thief when they’re making you money? Until you try to cash out. That’s when they disappear and so does your money. Another variation is called being a money mule. The scammer will ask you to send or receive money on their behalf. Or maybe they’ll just ask you to pick up a package and drop it off someplace. You don’t know what’s in it. Either way, they have just involved you in a crime, money laundering, or possibly smuggling or something else. And just because you were only doing a favor for a friend will not keep you out of trouble. All right, we’re nearing the end. And I want to talk about one more advanced technique. And as I promised, you at least one thing you hadn’t seen before. And I’m sure you haven’t seen this. So let’s talk about deep fakes. Deep fakes are videos created by AI, and they have been all over the news lately. One of our DART team members, Siwei Yu, is the leading expert on detecting deep fakes. And he created this one last year when the Buffalo Bills got knocked out of the playoffs. Let’s see, hopefully I’ve got this set up so you can hear the audio. For those who don’t know, that is Buffalo Bills quarterback Josh Allen.
I know in a different and more real world, we were beaten by the Bengals, but in this universe created by artificial intelligence, we won the game. We fought well, both on offense and defense, and dominated the Bengals at the beginning of the first quarter. We look forward to facing off the Kansas City Chiefs in the AFC Division Final, and we will win the Super Bowl in this universe.
I know a lot of Buffalo fans who wish we lived in that universe. Now, Siwei created that clip in under 30 minutes, using tools that are available on the internet to anyone for free. And it is scary how realistic it is. Deepfakes can also be used as a sort of digital mask. A real person drives the fake image. So you might get a video call from a grandchild or your new best friend, but you’re talking to a deepfake. The person, you see the face and hear the voice of your grandchild, but the person sending it is someone completely different. Seeing is no longer believing. And it’s scary. Deepfakes enable a whole new level of malicious activity. But the good news is, at least for our purposes here, the advice I’ve been repeating all afternoon still works. Tell the person you’ll have to call them back. Verify it yourself. This is actually a great topic to discuss with family as you gather for the holidays. Let them know that they need to be cautious too.
And that if you insist on calling them back, it’s just out of an abundance of caution. Be an ambassador, be an agent against the scammers. All right, just a couple things about what we are doing at DART that is a little bit different. I’ve mentioned it in passing. We are currently creating two tools. One is a mobile game. It’s called Deep Cover. It is available on all the app stores for free and it is that mythical thing. It truly, really, truly has no ads. This is for people who don’t want to learn really don’t think they want to learn about scams. They just want to play a game to help keep their minds sharp, but built into the game are ways to help just keep them a little bit top of mind that there are scammers in the real world. The other thing we are currently calling DART Learn needs a better name. That’s a learning platform, sort of like some of the questions I was showing you earlier. Both have been made with the input of older adult users. So we are making sure that we are tailoring our solutions to our audience. And there’s some images. This deep cover game has a nostalgic spy theme. So players are agents of the Digital Agency for Reducing Trickery. See what we did there? That are being called out of retirement to thwart the efforts of an evil conspiracy, the Society for Chaos and Mass Manipulation. These scammers are trying to rob old folks. And so we need all hands on deck. And so you play an agent, you solve little puzzles, and it gives you a little bit of a storyline. And that narrative again, just helps keep the idea that there are real bad guys in real life, top of mind. The other thing is our learning platform, where we are, that’s currently in the prototype stage, where you can interact directly with real examples, review them, check things, practice the habits we want you, build resilience. If you would like to help us test our products, or just would like to keep in touch and learn more about what we’re doing, you can find us at dartcollective.net or there’s the QR code. Thank you for your time and I would be happy to answer questions.
Kathryn: People have asked about password managers. You mentioned, you know, the great tips about the book. I’d never heard that one before. I love that one. But aren’t password managers like either LastPass or Password Keeper, things like that, are they still good and secure?
Cynthia: They can be, it depends again on basically what a password manager does is take it down to you have one password that lets you access your passwords, or you might have a biometric thing. I use the password manager built into my laptop and my husband jokes that if I’m in an accident, the one thing he needs is this finger because otherwise he can’t get into my laptop. As long as you’re keeping that password manager secure, yes, those can be a great tool for, so you don’t have to remember them all. But you just got to make sure that the password for your password manager is not password.
Kathryn: Yes, exactly. Okay. And then, where can we send an email? Is there some place that you can report scammers?
Cynthia: One of the ones that most people, often don’t know about is that you should report things to the FTC. They are the ones trying to track down scammers and they’re the ones, they compile statistics but a lot of people don’t know to let them know.
Kathryn: One thing that actually happened to my husband is he went on to Google, searched Apple, and then it came up with a phone number. He clicked on it to call and that was a scam. So yeah. So make sure that you are actually going to the website. Not to Google, but go to the website, get that phone number and make your call yourself. Don’t click on a number to call.
Cynthia: Well, another thing that some people have questions, I’ve run into this question a lot is, can bad things, can I get a computer virus or something from just opening an email with a suspicious link in it or looking at the text message? And the answer is no, you do have to click the link for the bad things to happen. Again, unless you’re just don’t click links unless you’re absolutely sure.
Kathryn: And one more question is, someone was asking when people, when these identity theft criminals are trying to get into our accounts, do most websites not have where if you go in too many times, it locks you out? Is that just for our banks maybe?
Cynthia: Yeah, many financial institutions often do, others don’t. It can be very, you know, it really depends on the level of security there they are looking for.
Kathryn: So thank you so much everyone for attending and we hope that you have a wonderful, safe day.
• Dart Collective and Pure Financial Advisors, LLC are separate entities. This workshop is for informational purposes only.
• References in this material to Dart Collective does not constitute or imply endorsement, recommendation, or favoring by Pure Financial Advisors nor its employees.
• This material is for information purposes only and is not intended as tax, legal, or investment recommendations.
• Consult your tax advisor for guidance. Tax laws and regulations are complex and subject to change.
• Investment Advisory and Financial Planning Services are offered through Pure Financial Advisors, LLC an SEC Registered Investment Advisor.
• All information is believed to be from reliable sources; however, we make no representation as to its completeness or accuracy.