In a creativity contest, a few groups of people would certainly achieve a high score. Artists, software engineers and interior designers would no doubt be amongst the winners - along, unfortunately, with fraudsters.
The great variety and high level of sophistication of some currently circulating scams indeed show that fraudsters will stop at nothing to gain people’s sensitive data and or/money. And with technology developing at full speed, scammers have an increasing array of tools to reach their victims, individuals and businesses alike.
Indeed, brands and government entities are not safe from malicious attacks. They can become the target of a scam, or, in a type of identity theft, fraudsters can use a trusted brand name to steal users’ data or money. This way, a brand becomes involved in a scam which may tarnish its reputation, even though it had nothing to do with the attack.
This is exactly what’s happening to PayPal and the German Central Agency Packaging Register (ZSVR).
PayPal users in Germany have started receiving telephone calls from an automated voice informing them of an impending outgoing payment from their PayPal account. Users wishing to stop this payment are prompted to press a button on their phone right that instant. However, this action will not lead users to PayPal, but fraudsters pretending to be the company.
PayPal was quick to issue a warning on its website for users not to return automated calls. In addition, the company suggests that if users are in doubt, they should reach out to PayPal on the regular customer service contact channels, and not via the phone number, URL or email address provided in the message of questionable origins.
Unfortunately, telephone scams are not very hard to pull off. All fraudsters need to do is to convincingly impersonate a brand or government entity that usually has valuable data of the victim, or has the power to fine them for irregular activity.
Illustration of a fraudulent phone call
Banks, the police, Europol, Interpol, even the tax authority of any given country can be effectively impersonated to scare people into giving fraudsters their sensitive data or money.
Although it may be hard to keep our cool when facing the possibility of a large tax fine or losing access to an important account, the best people can do in this situation is not to trust the caller but to hang up and try to reach the company or government entity via their regular communication channels.
The German Central Agency Packaging Register (ZSVR) is an important entity for any business that needs some kind of packaging for their products.
European legislation prescribes that companies are responsible for their products, as well as its packaging in terms of waste management, packaging reuse and recycling. In Germany, the ZSVR registers and manages all the obligations producers have regarding packaging.
Recently, fraudsters have started sending out emails to companies in the name of the ZSVR, alerting them to some kind of action they need to take that involves them submitting sensitive data. Unfortunately, the emails feature elements and phrases that genuine ZSVR emails also use, making it really hard to distinguish between real and scam.
The ZSVR published a notice on its website, warning its customers about the fraud and educating them on how to recognise a real email from the organisation. Customers need to check the email address carefully and compare it to the genuine address of the ZSVR. Any misspelling in the email address indicates a scam.
Screenshot of https://www.verpackungsregister.org/en?r=1 displaying the warning in green
Today, sending out fraudulent emails is quite easy. All fraudsters need to do is copy and paste a few publicly available elements of reputable brands or institutions, and potentially (if the scam involves such a thing) create a fraudulent website that mimics the genuine site of a company. This type of scam doesn’t only target consumers, but also employees of various businesses and government institutions.
Users need to bear this in mind when receiving emails that require them to submit highly sensitive or personal data. As a general rule, you should check whether the email address the email came from is the same as the one the entity uses for regular communication. This also applies to the URL of websites and phone numbers.
While phishing and scams are not in the immediate focus of online brand protection, globaleyez’s experts have seen their fair share of scams in the course of their work. This means that there are steps we can take to prevent your brand from getting sucked into a scam, or to help you get out of it.
When examining a scam, the main aim is to find out who’s behind it. When encountering an email scam, for instance, the first thing we do is analyse the email headers to trace the sender. Quite often, we discover individual mail domains behind scam emails, which we can then shut down. If the email comes from a regular provider, we report the scam and get the provider (e.g. Gmail, Yahoo, GMX, etc.) to terminate the account.
In case of phone scams, we try to target and destroy the infrastructure behind the callers. Text message scams are easier to investigate than phone calls because the sender’s phone number is visible. We report the number to the provider and shut the account down.
In addition, we look for similar patterns online, because scammers are quite often active across several media channels. When we find similarities with the texts or phone calls in question, we can investigate the site and trace the operators.
In 2022, consumers have lost a total of $8.8 billion to fraud, 30% more than the previous year. As the trend seems to go in the wrong direction, consumers and brands alike have to be very vigilant before giving out sensitive information.
Even if an email or phone call seems genuine, it can’t hurt to double check with the company on its regular communication channels before you hand over your sensitive data or a sum of money.