We live in an age where online scams are on the agenda. When people talk about it on the main news sites, often those who read dismiss the matter with a classic "but who falls for it? ". While remaining a legitimate question for users who are familiar with the world of the Web, this nonchalance with which the topic is addressed does not take into account a rather important factor: the human being. true that most scams can be avoided by arming with patience, inquiring and using a little common sense, but it is equally true that we all have moments of inattention, taken from our thousand daily activities. One of the factors that scammers are focusing more on is haste. "Click right here, courage you wait, you only have a few minutes".
Before falling back into the usual clichés, like the opinionated "they deserve it", try a second to reflect and maybe take a look at the research conducted by Lloyds Bank, according to which the user group that goes from 18 to 34 years is more and more victim of these scams. So let's see what are the aspects that you should always try to keep in mind when browsing the web to avoid unpleasant surprises.
Always do a check
It may seem like the most banal advice in the world, but it is also the one that people most often forget to implement. Whenever you become aware of a particularly tempting offer or something similar, it is always good to do a simple online search. Just enter, for example, the content of the message / e-mail received or some key word useful for finding information (eg "offer 3 euro telephone operator"). The Web is so vast nowadays that many times you can even find articles related to that singular scam, in case it is. Obviously, it can only be trusted if reliable news sites are reporting the news, not paperinoxyz.org.
In case you are still not 100% sure after carrying out this first check, it is good to lose a few minutes contact directly, through official channels, the company involved. To give you a concrete example, one of the most popular online scams aims to obtain users' bank credentials via SMS or fraudulent e-mails.
By clicking on a link contained in these messages, the person is sent to a website that in many respects resembles the real one of the bank, but which is actually designed only to steal username, password and all the appropriate codes.
Attackers often report that there was an "urgent problem" and therefore rush the user, trying to get his credentials. Assuming that a bank does not ask for this type of data, in this case it is always good to call your branch or the official numbers and ask for clarifications. Better to waste a few minutes than to be cheated. The secret in these cases is always calm. Same thing goes for amazing gifts or discounts: if the price is too low to be true, most likely it is not.
Don't even trust a "strange" message received from someone you know, since it could be malware. For example, the New Year virus has recently circulated on WhatsApp, which used the number of people to send messages containing a malicious link without the data subjects even knowing it. By pressing on the link, the attackers were able to install malware inside the smartphone.
In short, always be wary and maybe try to make a call to who sent you the message before opening links. Pay the same attention to the attachments of the e-mails, as these too can lead to unpleasant inconveniences.
The golden rules for e-commerce spread by the Postal Police
Another field in which scams are becoming more and more numerous is that of e-commerce, or online commerce. For this reason, the Postal Police disclosed his advice for avoid unpleasant inconveniences. First you need to use complete and updated software and browsers and buy only from sites that have the same references as a real shop (check if there are VAT number, landline number and the classic data to contact the company, those who sell online do not must have nothing to hide).
You must then read comments and feedback on the seller, use the official applications for smartphones and tablets (this arrangement allows you not to be "redirected" on fraudulent sites), prefer payments via rechargeable credit cards (always paying attention to what data disclosed) and pay attention to psychological mechanisms such as urgency or obtaining a personal advantage (smishing and phishing techniques). Also take note of the structure of an ad (perhaps check that the photos inserted have not already been published online using Google's reverse image search tool) and be wary of negligible prices (too advantageous deals).
Finally, one of the most important tips given by the Postal Police is to "not trust": it is always good to be wary of those who propose "alternative payment methods", such as the widespread scam linked to the "PostePay top-up" (in which the attackers ask the victim to go to top up a card and then disappear with the money or claim to be able to pay the seller through the PostaMat counter), or by those in too much haste to conclude a transaction. Remember that unfortunately there are many unscrupulous people online.
One of the scams that has been gaining ground in Italy in the last period is that related to advertising banners. We have reported it numerous times on these pages, but at the moment its diffusion has not yet stopped. For example, we recently discovered that fake banner ads have also started appearing within the official YouTube application.
The most used method is the following: obviously, without consent, VIP names known by everyone are used and it is assumed that these characters have declared that an investment in some "project", for example in "Bitcoin Future", is able to earn a lot of money.
To give you a concrete example of the most "used" names in Italy, you can often see advertising banners that mention false statements by Jovanotti, Diletta Leotta, Flavio Briatore, Elon Musk and Bill Gates, but the bad guys could make up stories about any VIP.
Obviously these famous people know nothing about it and they are trying in every way to tell people to stay away from these scams. In this regard, we advise you to read this service of Striscia la Notizia in which Jovanotti explains the problem.
To make the "news" more credible, the bad guys often create fake newspaper articles (sometimes even using, without consent, the name of famous information portals and "recreating" in the most faithful way possible the structure of the official websites) and screenshots apparently from famous TV shows.
If you are wondering where these banners can appear, the answer is essentially everywhere. In fact, it seems that these attackers have managed to get around Google's controls by passing the ads through the AdSense circuit, that is what is used by almost all websites. It is therefore good to understand that in most cases the advertising banners do not have nothing to do with the sites where they appear, since it is Google who decides, based on the interests of users, which advertisements to show.
This means that too if the banner appears on the official website of one of the most famous information portals, you don't have to trust the same. In fact, the attackers may have managed to get around Google's systems and therefore direct you to a fake site, which perhaps even resembles the official one. So how do you recognize a news truly published by an advertising banner? Well, all advertisements on the AdSense circuit have a blue arrow icon and an 'X' in the upper right corner. On platforms like YouTube, however, there is a yellow word "Announcement" just below the banner. Also pay attention to social networks, always try to distinguish advertising from other content. In short, if you find a particularly "strange" news in a similar box, don't trust it.
We don't know how long it will take to stop these scams, but it seems that the bad guys are building increasingly advanced methods. In fact, the first reports begin to arrive regarding the use of deep fake videos, or multimedia contents that exploit artificial intelligence to realistically modify the face of a character and make him say essentially what he wants.
The URL bar, this unknown
It sounds incredible, but many scams can be avoided simply taking a look at the URL bar. In fact, many attackers don't have the tools to "take possession" of an official website. This means that they must resort to other means and it is precisely here that the user can manage to defend himself effectively.
Take, for example, the scam mentioned above, that of the VIPs who seem to make an investment in Bitcoin Future. Well, we have seen that the bad guys have managed to set up particularly sophisticated methods. Yet, simply by looking at the URL bar (the one found at the top in all browsers, where there is the address of the website you are browsing on), you often notice immediately that something is wrong: the name of the portal where the "news" is published is very strange (eg nvgod) and does not correspond to what is described in the article.
Sometimes, scammers also try to "trick the brain" by changing only a few letters, so we advise you to reread the address several times. Also note the fact that this arrangement may sometimes not be enough on its own and that it is always good to check everything calmly.
Stay up to date and make the necessary reports
If you want stay up to date on the latest scams, in addition of course to invite you to follow our information sheet dedicated to IT security, we also recommend that you keep track of the Facebook page "A social life", where the Postal Police reports some of the most significant problems in this regard. As for the reports, it is good to consult the official website of the Postal Police and use the appropriate tools, as well as, in the case of advertising banners, take advantage of the appropriate measures to make them disappear from your device and report them to the companies involved (here we explained to you how to do it for Google AdSense, while here you will find directions for YouTube). If you want to know more about the topic, we also recommend that you take a look at our in-depth analysis on why mobile scams still work and how to defend yourself.
