With cyberattacks becoming more frequent, and related financial losses on the rise, data protection has never been more important.

Since October is National Cybersecurity Awareness Month, I took it upon myself to refresh my knowledge of how to stay safe online and protect my personal information, with the help from my colleagues focused on cybersecurity. 

Have you ever gotten a random text like this from an unknown number?

“Hey! I had so much fun hanging out with you last night. Who knew you had those moves?”

It’s one of the latest phishing scams, and law enforcement has dubbed this new approach the “friendly greeting.” Scammers are increasingly using casual, short messages like this as a way to start conversations and lure unsuspecting victims—with a goal to build trust in the short run and then scam you in the long run.

If they get a response, the scammer will ask follow-up questions to maintain engagement. The more they keep it, the more information they gather to compromise data. This is not just in the form of texts but can also be phone calls, or emails. In fact, the Anti-Phishing Working Group (APWG) found nearly 1 million phishing attacks in the second quarter of 2024 alone.   

Now I’m glad I didn’t respond to a recent simple unknown “Hi” text. 

Be aware of some advanced tactics to trap you

• Of course, phishing tactics can get more complex than the “friendly greeting” scam. For example, they may be emails that ask you to call a number or a suspicious phone call where the scammer directs you to share your One Time Password (this happened to me several years ago ugh!) or enter a malicious site.  

• Attackers have also started using social media too - according to the APWG Phishing Activity Report, over 30% of all phishing attacks in Q2 2024 occurred on these platforms. I’ve personally found and shut down fake accounts of myself on social media, hearing they were reaching out to people, pretending to be me.  

• Similar to how you might start watching a video on Tiktok and end up, hours later, find yourself watching videos of kittens cuddling, some complex attacks have as many as three “hops,” pulling you deeper into a trap. Before you know it, you're left wondering, "How did I get here?"

Spotting and avoiding phishing scams

The good news is there are steps you can take to protect yourself and your accounts from falling victim to these scams:

1. Be wary of urgent or alarming language. Scammers often use scare tactics to rush you into making a mistake.

2. Don’t share personal or financial information. If it feels suspicious or too good to be true, it probably is. Be skeptical of anyone asking for this information over email, text, voice, or social media. You can always not respond and contact the company directly.

3. Check for incorrect email addresses or domain names. Scammers often use subtle variations, like “rob1nho0d.com” instead of “robinhood.com.”

4. Enable multi-factor authentication, where possible, as an additional layer of security. 

In the end, if you receive a spidey-sense inducing suspicious message—even from a known source—always just reach out to the person or company directly, through a separate, trusted channel to confirm its authenticity. It’s the best way to protect your data, and potentially, your money, from scammers.