Cybercriminals from all four corners of the globe have wasted no time targeting email inboxes, WhatsApp chats, Facebook’s marketplace, and Crypto wallets during the past twelve months, utilizing the latest social engineering techniques to dupe unsuspecting victims into parting ways with their private information and hard-earned cash.
Being aware of the scams that took place in 2022 – and knowing what’s out there as we head into 2023 – is one of the best ways to protect yourself. In this article, we cover:
- Zelle Facebook Marketplace Scams
- “Hi Mum, Hi Dad” WhatsApp Scam
- Crypto Scams
- Romance Scams
- Geek Squad Scams
- Cash App Scams
- Google Voice Scams
- Paypal Scams
- Amazon Scams
- How to Protect Yourself From Scams
Zelle Facebook Marketplace Scams
Zelle Facebook marketplace scams have been some of the most widely searched scams of the year. According to our tools that measure the search volume of keywords, tens of thousands of people have been searching Google for information on these scams every month.
Zelle is an app that allows users to send money between banks. All that is needed to transfer cash is the receiver’s email address or phone number. Zelle doesn’t offer payment protection plans for financial transactions authorized by account owners.
This state of play has made Zelle a favorite for scammers. In one type of Zelle Facebook marketplace scam, a “buyer” – who is actually a scammer – contacts a seller, requesting their email addresses in order to pay them via Zelle for an expensive item.
However, no payment is sent. Instead, the scammer sends a fake email purporting to be from Zelle, detailing how the product has been bought using a business account, and that to receive the payment, the seller must have a business account too.
The scammer then pretends they’ve received a similar email and informs the seller that they have transferred some money to cover the seller's business account upgrade (they haven’t) and asks to be reimbursed, banking on the fact that the seller won’t check their account before doing so (Image Credit: Reddit user u/ImRoxi)
This isn’t the only way payment systems like Zelle, which require little verification and have no payment protection, can be exploited. The volume of searches around Zelle scams suggests there are likely multiple methods currently in use.
“Hi Mum”/“Hi Dad” WhatsApp Scams
WhatsApp has been a hotbed for scams in 2022, and one scam that has been spotted multiple times this year is the “Hi Mum”/”Hi Dad” scam (Image Credit: Mosman Collective).
In this scam, the threat actor impersonates their target's child and pretends they’re simply messaging them from a new phone number.
The scammer will then construct a story, such as pretending they’re stuck in a foreign country and their bank card isn't working, in order to coax targets into sending cash via a bank transaction or some other form of money transfer. Several different iterations of this scam have been observed in 2022, with a number of different “stories” deployed by cybercriminals.
In terms of total money fraudulently obtained, there are few scamming methods that have reached the dizzying heights that crypto scams have.
In June of this year, the FTC reported that more than 46,000 people had lost a combined $1 billion to crypto scams since the beginning of 2021. This amounts to one out of every four dollars lost to scams and makes it by far the most fraud-laden type of payment.
In the first quarter of 2022 alone, $329 million was lost to crypto scams by US citizens.
The vast majority of stolen cryptocurrency is taken through investment-related scams (typically fake investment opportunities), while romance scams are also a popular scamming method that was used to illegally obtain bitcoin and other digital currencies from unsuspecting victims in 2022.
Romance scams aren’t all about cryptocurrency – in fact, they have a much wider reach.
Romance scams involve victims being duped into sending money to criminals who have convinced them, through various means, that they have romantic intentions that have already or will lead to a loving relationship (Image Credit: Reddit User u/curlyangel85)
It’s entirely unsurprising that romance scams have taken off when you think about it. As the saying goes, love really is blind – it’s the ideal emotion to put at the center of your social engineering operation and can lead even the most sensible of people to willfully ignore blatant warning signs.
One romance scammer even found himself at the center of one of the most-watched documentaries of the year, the Tinder Swindler, which was released just before Valentine's Day – a time of year that usually sees an explosion of romance-based fraud.
Shimon Hayut, who masqueraded as a millionaire businessman to extort a collection of women out of hundreds of thousands of dollars, was initially arrested in Greece in 2019.
Between the year of Hayut’s arrest and 2021, romance scams increased by 25% – and multinational credit reporting company Experian predicts the statistics will soon show 2022 was another blockbuster year for perpetrators of this scamming method.
Geek Squad Email Scam
Best Buy – and more specifically, its computer support service Geek Squad – hit the headlines throughout 2022 after scammers consistently impersonated the company and tried to con hundreds of thousands of customers.
Geek Squad is a subsidiary of Canadian electronics corporation Best Buy and offers various on-demand tech support services for clients. The service is widely used across both the United States and Canada.
The high frequency of Geek Squad scams has led the FTC to put out several alerts showing people how to spot them (Image Credit: FTC).
Geek Squad scams come in many forms, with scammers contacting prospective victims via email, text, and over the phone. One version of the scam is called the “auto-renewal scam”(an example of which is pictured above) which looks to scare the victim into acting quickly by threatening a renewal of an expensive subscription if they don't act.
However, Geek Squad “overpayment” scams, as well as Geek Squad “tech support” scams – the latter of which involves threat actors subsuming remote control of victims' computers to fix non-existent problems and instead steal their information – have also been spotted.
Cash App Scams
Cash App scams were another collection of scamming methods widely used throughout 2022 to try and con victims out of their hard-earned cash.
Cash App scammers will deploy a myriad of different social engineering methods to achieve this, including pretending to send “random” payments, offering investment opportunities, impersonating the company’s customer support, and demanding you “re-verify” your account.
Some Cash App scams even play off the companies #cashappfriday competition, and demand victims pay a fee before their “prize” is released.
As well as traditional scamming methods, there have been several reports this year of Cash App scammers utilizing physical debit cards in their operations. Some scammers have reportedly bought stolen details on the dark web, and started posting unsolicited Cash App debit cards to the people the stolen information belongs to while also setting up Cash App accounts in their name.
Inside the Cash App mail, victims will find instructions to scan a QR code to set up their Cash App card – but as we know, the account has already been set up by the scammer, and they'll have access to any funds that their victims deposit.
Google Voice Scams
Google Voice is becoming an increasingly popular choice for businesses that need a VoIP solution – and naturally, this means scams have increased too. Now, Google Voice is being used to steal people’s phone numbers and, in turn, other personal information.
Google Voice scams require a prospective victim to have first posted something online along with their phone number – maybe they’re selling something on a site like Craigslist, or have lost their pet.
The scammer will track down these users and claim they want to purchase such an item, or that they’ve found their lost pet. However, they request that you verify your identity before continuing.
The scammer will then send victims a “verification code” – but what they’ve actually done is set up a Google Voice account with the victim’s phone number and this is the two-factor authentication code that Google will send to devices when new accounts are registered (Image Credit: FTC).
Victims who are duped into going along with the full scam and handing over this verification number have now allowed the scammer to set up a Google Voice account using their info.
Eva Velasquez, President & CEO of the Identity Theft Resource Center (ITRC), told NBC12 that have taken “thousands of calls to the center from victims of this scam”, with 6,700 reports coming in the last 15 months.
Paypal is one of the most commonly impersonated brands, and if you take a second to think about it, you can probably work out why – it’s a money-transferring service that sends out large volumes of correspondence and information to customers regarding transactions they've made or received.
Last year, the Better Business Bureau found that Paypal was the most commonly impersonated payment system, and was used to scam people significantly more than Zelle:
In 2022, Paypal is still being regularly utilized in “classic” phishing campaigns, in which social engineering techniques are deployed to coax victims into handing over their details. These attacks can take place via text or email.
However, there are also “advanced fee” scams, in which victims are conned into sending money to scammers on the proviso that they will be sent more back (which never happens).
“Overpayment scams”, on the other hand, often require more complex hacking and subversion tactics to make it appear as if victims have been transferred a large amount of cash. They are then asked to send it back, after which those who fall for the scam simply send their own money over to the criminal.
In 2022, SMS is still being used by scammers as an avenue to wreak havoc, and it's likely they'll continue to flood our phones with malicious links as we head into 2023.
Amazon is a particularly popular choice for scammers at this time of year, with millions of people expecting text communications from the company relating to items they’ve ordered, which will naturally make their hit rate higher.
Amazon text scams often claim that someone has made a payment on or gained unauthorized access to a victim's account and that they need to take immediate action, or that they’ve recently missed an order. Other scammers will construct bogus competitions with the promise of monetary prizes.
Amazon text message scams include malicious links that will load malware onto your device or allow a threat actor to subsume remote control of your phone.
Amazon, which tracks phishing campaigns that utilize their name and other brand assets, warns that “fraudsters can now insert their scam messages into a thread of legitimate messages that you might have received from us.”
How to Protect Yourself From Scams in 2023
As we’ve mentioned previously, the best defense you have against scams is knowledge. Being able to recognize the common formats scam messages typically take is vital.
If you’re a consumer, remember the golden rule: if you weren’t expecting to receive correspondence from a company and you have, or something just doesn’t seem right, contact the company’s customer support channel.
On top of this, never hand over your phone number, email address, bank details, or any other personal information unless you’re completely sure you’re talking to a legitimate representative of a company with whom you have prior dealings.
Remember: If you're ever in doubt, don’t give your information out.
If you’re a business owner, on the other hand, regular training for employees, which could include exercises like phishing simulations, online cybersecurity courses, and enforcing password best practices, is crucial to keeping your systems safe.
After all, you could have the most watertight security system money can buy, but if employees aren’t clued up, they’re just as much of an exploitable vulnerability as a misconfigured firewall.
However, that’s not to say tech can’t help. Password managers, for example, can ensure that employees aren’t just reusing passwords, or not making them long enough, in an effort to remember them. If account information is stolen during a scam, this will greatly minimize the damage any given threat actor can do.
These are just one example of a step you can take to protect your business. If you’d like to stay up to date on news regarding the latest scamming techniques, data breaches, and software vulnerabilities, as well as the latest tech you need to bolster your defenses, sign up for Tech.co’s weekly email newsletter today: