Most of us have heard the phrase, “If you believe that, I have a bridge to sell you” to indicate that we are gullible.  What most of us do not know is that the historical genesis for this is none other than the 19th century con-man George C. Parker1 who, according to some accounts, sold the then recently built Brooklyn Bridge as often as twice per week to the naive before spending the last eight years of his life in the infamous Sing Sing Prison.

It makes sense that such an epic swindler would have an excess of personality, suave, and few ethical or moral restrictions.  A fact that many of us miss is that Mr. Parker’s effectiveness was largely based on a focused-population he felt would be ripe for such an attack: new immigrants ‘fresh off the boat’ on Ellis Island.  Parker would bribe ship’s stewards2 for information on who might have enough cash to be worth his time, then guile them with his well-rehearsed and somewhat plausible fraud (given that there was an actual debate on who owned the bridge at the time).  When you think about it, it was just a face-to-face version of our modern phishing scams.

However, while George was getting new immigrants to cough up $75 each for the bridge, today’s modern scammers are doing a bit better3 for themselves:

  • Consumers reported $905 million in total fraud losses in 2017, a 21.6% increase over 2016
  • The Federal Trade Commission (FTC) opened 167,000 credit card fraud identity theft reports in 2018
  • In 2018, data breaches containing sensitive personally identifiable information (PII) exposed increased 126%

According to the FTC3, the top three scams you should be watching out for are identity theft, imposter fraud, and debt collection scams.  Here are some of the tell-tell signs3 you should watch out for that might be red flags for scams:

  • Identity Theft: Look for bills for products or services you did not purchase, suspicious charges on your credit cards or new accounts opened in your name that you did not authorize.
  • Impostor scams: Be wary of an email or call from a person claiming to be a government official, family member, or friend requesting personal or financial information… particularly if they cannot validate other information before you give something sensitive or will not provide a call-back number that you can search online to validate.
  • Debt Collection scams: Collectors asking to be paid with wire transfers, credit cards, gift cards, and re-loadable cards.

We tend to think of these as only personal threats, but the bad guys know that many companies are too small to have good internal controls, too big and uncoordinated to catch simple scams, and all of them have deeper pockets than the average consumer.  There are a lot of common scams6 that everybody tends to fall for.  Remember that these threat actors are all about taking advantage of us, so if you are conceiving a test for your organization, there is no such thing as ‘unfair’… if you can think of it, the bad guys can too.

Either way, there are fundamental security controls3 that we should put in place which can lower our chances of being compromised by today’s digital con-artists:

  • Password Security

Long passphrases are MUCH more secure than short, complex ones – but you should be changing all passwords often.  Use a password vault to make it easy; check out this Cyber Security Careers and Studies (NICCS) password guide4 for help.

  • Use Multi-Factor Authentication (MFA) whenever possible

Use the National Initiative for NICCS MFA guide5 to help you understand and get started!

  • Keep Updated

One of the best ways to keep your systems and data secure is to make sure they are patched – set your operating system and software to update automatically to make it easy.

  • Web Surf Safely

Use sites with secure (https://) connections where you see the green padlock, avoid using public WI-FI unless you use a Virtual Private Network (VPN), turn off WI-FI on your mobile devices when not in use, do not release sensitive information to untrusted sites, and type your URLs instead of clicking on links.

These are just some of the simple but extremely effective controls that we can implement to help protect ourselves online; they are the digital equivalent of bolting our front door and locking the windows when you leave your house.  Do your part to stay secure and give the bad guys incentive to find an easier target to hit.  Remember, the only effective scams are the ones that you fall for… so make it your responsibility to PROTECT IT.