There are many aspects to doing business in a changing world.
One important aspect is to keep ourselves and the people we work with safe.
The internet has brought us many great tools: videoconferencing, email, online video, encyclopaedic knowledge at our fingertips.
We’re more efficient, but sadly enough, so are the criminals and bad actors, and at the moment, criminals are winning.
More than one person within my family and close friends has lost substantial amounts money to a scam. Often these are elderly people that lose their life savings.
Most of us have some awareness of the most obvious scams. We’ve all received emails from a Nigerian prince who would like to enlist us to use our bank account for safekeeping of untold millions, and be promised a few millions for the service.
The basic tenet ‘if it sounds too good to be true, it’s not true’ holds more than ever.
But lately, scams and phishing attacks have become tremendously more sophisticated and it is often hard to discern scams from genuine communications.
The rules of the game has changed, and we all need to become much more careful and distrusting.
Gone are the days of using the same password on more than one internet-based service. Using the same password twice on any two different web sites is now a firm no-no, even if we think there’s no harm.
By now, we all need to know that Microsoft or Spark will not call us to inform us there is ‘increased virus activity on our line’.
In my opinion, the battle against scams will not be won closing our eyes and hoping that everyone using the internet will educate themselves and stay abreast of all the new scams.
The battle needs to be fought on many fronts, and it is important that the institutions, companies, banks, and government departments join the battle and help keep their customers and subjects safe.
A few examples from my own experience, in this case with by bank, which show that all is not well
- My father-in-law recently got a small, suspicious transaction on his credit card statement. The transaction mentioned something ‘this is payment for such-and-such online service. For more information ring +44…’ (listing a number in the UK).
Luckily we’ve drilled into him to NOT do anything before consulting with me – which he did. He was fully intent on ringing that UK number (and get sucked into what is known as ‘the refund scam’). Instead, I made him ring the number on the back of his credit card, and he managed to get things sorted without financial losses.
- Recently I purchased some hardware in the USA using my credit card. For some reason this was flagged as ‘suspicious’ and my bank rang me to verify this was a genuine transaction.
It is a ‘good thing’ they rang me. But how they went about it is a ‘bad thing’.
I had no way of verifying whether this person on the line was really with the bank. It could very well have been a hacker, impersonating the bank.
What the bank should have done is: ring me, give me a reference number and ask me to ring the bank back on the phone number printed on the back of my credit card. End of conversation.
I’d then ring the number on the back of my card, and that way, I would be reasonably sure I was talking to someone at the bank.
- I recently rang my bank for some information and they tried to enrol me for ‘voice ID’. This was touted as being ‘more secure’ than PIN numbers.
That might have been true a few years ago, but I know that is not true any more. I am studying artificial intelligence, and due to recent advances in AI and falling prices for hardware, it is now possible to take a recording of someone’s voice, have the AI analyse it, and then have the AI speak a random text in the original person’s voice, including accents and speech impediments.
- When I do a transaction, my bank sends me an SMS message as an additional verification. However, it has been shown that this is highly insecure and easily circumvented. Most online services have now switched to specialized apps and abandoned SMS.
Some close elderly friends of mine lost over $200,000 to a scam recently, and it is easy to blame these elderly people for ‘being stupid’.
But having someone to blame does not fix the issue. Our society and institutions need to join the battle to try and keep everyone safe.
One the one hand, we need more general awareness of scams, and in my opinion our institutions need to do much more to help keep everyone safe.
In my opinion, anyone who interacts with people (banks, supermarkets, government…) needs to become part of a joint defence system. We need processes and systems in place to help recognise and stop scams-in-progress.