Yoopya with The Conversation
Imagine this: Two days before your family holiday party, you get a text about an online order you placed a week ago, saying the package is at your door. It comes with a photo – of someone else’s door. When you click the attached link, it takes you to the online store, where you enter your username and password. Somehow that doesn’t work, even though you answered your security questions.
Frustrated, you call customer service. They tell you not to worry since your package is still on the way. You receive your package a day later and forget all about the earlier hassle. In the end, it was just a mistake.
You are unaware of the terrifying thing happening in the background.
You’ve fallen for a classic package-delivery scam, and a form of “smishing,” or SMS phishing. And you’re not alone. One in three Americans have fallen victim to cybercrime, according to a 2023 poll. That’s up from 1 in 4 in 2018. As cybersecurity researchers, we want to spread the word to help people protect themselves.
Old-fashioned threats haven’t disappeared – identity thieves still steal wallets, dumpster dive for personal information and skim cards at ATMs – but the internet has made scamming easier than ever.
Digital threats include phishing attacks that use fake emails and websites, data breaches at major companies, malware that steals your information, and unsecured Wi-Fi networks in public places.
A whole new world of scams
Generative AI – which refers to artificial intelligence that generates text, images and other things – has improved dramatically over the past few years. That’s been great for scammers trying to make a buck during the holiday season.
Consider online shopping. In some cases, scammers craft deepfake videos of fake testimonials from satisfied “customers” to trick unsuspecting shoppers. Scam victims can encounter these videos on cloned versions of legitimate sites, social media platforms, messaging apps and forums.
Scammers also generate AI-cloned voices of social media influencers appearing to endorse counterfeit products and create convincing but fraudulent shopping websites populated with AI-generated product photos and reviews. Some scammers use AI to impersonate legitimate brands through personalized phishing emails and fake customer service interactions. Since AI-generated content can appear remarkably authentic, it’s become harder for consumers to distinguish legitimate online stores from sophisticated scam operations.
But it doesn’t stop there. “Family emergency scams” exploit people’s emotional vulnerability through deepfake technology. Scammers use AI to clone the voices of family members, especially children, and then make panic-inducing calls to relatives where they claim to be in serious trouble and need immediate financial help.
Some scammers combine voice deepfakes with AI-generated video clips showing the “loved one” in apparent distress. These manufactured emergency scenarios often involve hospital bills, bail money or ransom demands that must be paid immediately. The scammer may also use AI to impersonate authority figures like doctors, police officers and lawyers to add credibility to the scheme.
Since the voice sounds authentic and the emotional manipulation is intense, even cautious people can be caught off guard and make rushed decisions.
How to protect yourself
Protecting yourself against scams requires a multilayered defense strategy.
When shopping, verify retailers through official websites by checking the URL carefully – it should start with the letters “HTTPS” – and closely examining the site design and its content. Since fake websites often provide fake contact information, checking the “Contact Us” section can be a good idea. Before making purchases from unfamiliar sites, cross-reference the business on legitimate review platforms and verify their physical address.
It’s essential to keep all software updated, including your operating system, browser, apps and antivirus software. Updates often include security patches that fix vulnerabilities hackers could exploit.
For more information on the importance of software updates and how to manage them, check out resources like StaySafeOnline or your device manufacturer’s official website. Regular updates are a crucial step in maintaining a secure online shopping experience.
Make sure you only provide necessary information for purchases – remember, no one needs your Social Security number to sell you a sweater. And keeping an eye on your bank statements will help you catch any unauthorized activity early. It may seem like another chore, and it probably is, but this is the reality of our digital world.
To protect against family emergency scams, establish family verification codes, or a safe word, or security questions that only real family members would know. If you do get a distressed call from loved ones, remain calm and take time to verify the situation by contacting family members directly through known and trusted phone numbers. Educate your relatives about these scams and encourage them to never send money without first confirming the emergency with other family members or authorities through verified channels.
If you discover that your identity has been stolen, time is critical. Your first steps should be to immediately contact your banks and credit card companies, place a fraud alert with the credit bureaus, and file a report with the Federal Trade Commission and your local police.
In the following days, you’ll need to change all passwords, review your credit reports, consider a credit freeze, and document everything. While this process can be overwhelming – and extremely cumbersome – taking quick action can significantly limit the damage.
Staying informed about AI scam tactics through reputable cybersecurity resources is essential. Reporting suspected scams to relevant authorities not only protects you, but it also helps safeguard others. A key takeaway is that staying vigilant is critical to defending against these threats.
Awareness helps communities push back against digital threats. More importantly, it’s key to understand how today’s scams aren’t like yesteryear’s.
Recognizing the signs of scams can provide stronger defense during this holiday season. And as you develop your threat identification techniques, don’t forget to share with your family and friends.
Who knows? You could save someone from becoming a victim.
Authors:
Shaila Rana | Professor of Information Technology, Purdue University
Nelly Mulleneaux | Faculty, School of Business and Information Technology, Purdue University
