Recently, I returned from an IT conference where I had the opportunity to chat with many of my peers. The discussions were eye-opening, revealing just how rapidly cyber threats are evolving, especially with the use of AI by bad actors. This week, I’m here to bring you the most up-to-date list of current scams, straight from the front lines of IT security. With cybercriminals becoming more sophisticated, it’s crucial to stay informed. Remember, you are the last line of defense in protecting yourself. Stay vigilant and empower your team with the knowledge to stay safe and secure.
1. Microsoft or Apple calling you to address a problem with your device
The scam: A very helpful support agent from a well-known company like Microsoft or Apple calls you, claiming they’ve detected a problem with your account or device. They just need you to take a few simple steps to help them resolve the issue.
Reality: Microsoft or Apple does not monitor devices or offer services to remediate detected issues in this manner. If you receive such a call, do not engage with the caller or follow any instructions they provide.
2. Bank is calling you, and you get a code
The scam: A concerned agent from your bank calls to ask for a code, which will shortly arrive on your mobile device, to verify an unauthorized account event and protect you from potential fraudulent activity.
What to know: This new scam is highly concerning. Bad actors contact your bank requesting a code to gain access while simultaneously calling you to extract that code and access your account. When your financial institution calls you with an issue, it’s always best to hang up and call them directly.
3. Online purchase asking for a deposit (FB marketplace, vehicles)
The scam: You find a fantastic deal on an expensive item on an online marketplace. The seller is happy to hold it for you with a deposit.
What to know: If it seems too good to be true, it likely is. A good rule for marketplace purchases is to avoid making deposits and only meet in a public place to transact.
4. Impersonate employer scam, HR saying update your contact info
The scam: A caller introduces themselves as an agent from your HR department or business accounting firm, claiming there’s an issue processing payroll because your business or personal information needs to be updated. They ask a few questions to validate information for timely payroll processing.
What to know: Stolen client lists from CPAs and employee directories posted on LinkedIn are goldmines for bad actors. If you can’t verify the identity of the caller, pick up the phone and call them directly.
5. Unauthorized charge notifications
The scam: An email or text reads, “Did you attempt a SQ*Charge for $229.40 at #JumpClothesOutlet? Not you? Click here to review recent charges”.
What to know: Scammers often select businesses close to your location or large chains to present believable charges, mixing them with other legitimate-sounding purchase activity. Never click on such links to review your account activity or provide any information. When in doubt, visit your financial institution’s website directly to review charges or notifications.
6. Issues delivering a package
The scam: A postal service or Amazon driver is trying to reach you to deliver a package.
What to know: You may receive links to verify your identity for delivery or requests for more information. When possible, contact couriers and retailers directly from their website or published phone numbers. Avoid providing any sensitive information if you must click on a link.
7. Service or account such as Netflix has been blocked
The scam: An email or text asks you to click on a link to verify your identity, payment method, or other information to remove a security block from your account.
What to know: Always address account-related matters by calling the provider or logging into your account directly from the official website. Avoid clicking on any links delivered via email or SMS.

Share this list with your team and regularly update them on new tactics hackers use to keep them informed. AI capabilities double every 4 to 6 months, so more sophisticated and harder-to-detect attacks are likely around the corner. Some of these scams may seem familiar and easily avoidable, but we all have moments of weakness when our focus isn’t sharp, leading us to click on a link and take action just to resolve an issue quickly. Staying educated and aware of these schemes can help prevent a catastrophe by triggering a mental alert during a vulnerable moment. By knowing about these scams, your team can either prevent them, catch them as they happen, or recognize the scam shortly after and take timely action.
– Burak Sarac, Team Lead
|