New year, new scams

There are a number of precautions you can take to protect yourself. Read on to learn more about the threats you should be prepared to identify and avoid in 2021.

Critical threats facing consumers

With the global pandemic, we've migrated from traditional brick-and-mortar stores to mobile shopping and ordering. And when we do venture out, we tend to have less physical interaction with service personnel due to curbside pick-ups, online menus, and kiosks/self-checkout instead of cashiers. Malicious actors have taken advantage of the decrease in physical interaction and adapted tried-and-true techniques for the COVID-19 era. Some of the most prevalent threats to be on the lookout for in 2021 will be malicious applications (apps), malicious Quick Response (QR) codes, and new phishing scams.

What are malicious apps, and how can you avoid them?

Your mobile device uses apps to connect you with services such as PayPal, Chase, Netflix, Facebook, and other businesses. While using apps can make life easier, be mindful that scammers can create fake or copycat apps that look genuine. Once installed, these malicious apps can steal your personal data and your passwords, giving thieves the ability to take over your bank account and credit cards or commit identity theft. To minimize the chance of downloading a malicious app, take the following steps:

1. Do some research. Conduct an Internet search on the app and the developer. Most legitimate developers will have a website that showcases apps the company has made.
2. Read the reviews. If there are only a few and they are short and vague, chances are that it's a scam. Legitimate apps may have hundreds, if not thousands, of reviews. Additionally, look for reviews from users who were previously scammed by the app.
3. Read the End User License Agreement (EULA). Understand what the app says it does, what data it can access, and who the makers share data with.
4. Know who developed the app. Examine the developer's name to see if it matches the company whose app you want to install.
5. Only use trusted apps. Only use apps that come from the Apple App Store, JPMC App Store, or Google Play, and never use unapproved applications to conduct business.

How do you know a QR code is safe?

QR codes are machine-readable labels you can scan with your cell phone's camera to open a restaurant menu, pay for goods and services, obtain a membership discount or access a facility. While QR codes help make our lives easier, the vast majority of consumers can't tell when a QR Code is malicious. This presents a substantial risk, since these codes prompt you to take immediate action with limited information. A malicious QR code may direct you to a website with malicious code, or to a site that asks for your login credentials in order to steal them. To protect yourself:

1. Use a mobile QR code reader that previews URLs.
2. Never scan random QR codes in public places. Only scan codes from reputable sources.
3. Investigate QR codes you think are legitimate for signs of tampering, because hackers may have placed a malicious code over the original.

What new phishing scams are out there, and how can you avoid them?

Phishing is nothing new. But hackers are now taking new advantage of the pandemic to trick their victims. With more of us now working from home, there has been an increase in using electronic document signing services and shipping physical documents through UPS or FedEx. Knowing this, hackers have crafted a new series of phishing emails designed to appear as if they originated from these services.

Fake document signing emails may use subject lines like "You received an invoice from XYZ Electronic Signature Service." They will appear to originate from genuine e-signature providers with seemingly valid business email addresses. However, these emails can be malicious. When the recipient opens the MS Word Document for signature, it downloads malware. Other variations of this scam direct the recipient to different websites that request them to enter personal and financial information. To avoid falling victim to this and other phishing attempts, follow these simple rules:

1. Think before you click. If you have not requested any documents, be wary of any requests for signatures. Phishing emails are also typically designed to raise your curiosity, excitement or stress levels (e.g., locked accounts, urgent requests for help, gifts, contest winnings, exclusive invitations). 
2. Check the sender and links.  Ensure that any emails you take action on are from an individual or organization you know. The phishing email's address may look similar at first glance, but if you look at this example, you can see that sender@acme.com is not the same as sender@acrne.com. Also, be sure to hover your mouse over any links before you click them to ensure the link is directing you to where you want to go.
3. Do not forward. If you think an email may be suspicious, don't send it to a family member, a friend or a colleague for review. That may increase the likelihood that others will click on a malicious link.
4. Report suspicious emails. Your work or personal email provider will usually have the option for you to block a specific sender and/or report an email as spam or a phishing attempt. Make yourself familiar with these procedures – and take the right action to help these email service providers prevent additional attacks on other users.    

The information is provided for educational and informational purposes only and is not intended, nor should it be relied upon, to address every aspect of the subject discussed herein. The information provided is intended to help you protect yourself from cyber fraud. It does not provide a comprehensive list of all types of cyber fraud activities and it does not identify all types of cybersecurity best practices. You, your company or organization are responsible for determining how to best protect against cyber fraud activities and for selecting the cybersecurity best practices that are most appropriate to your needs.