Are they getting smarter or are we getting dumber?

Probably both.

Scammers call you pretending to be a beloved grandchild, an authority figure with a warrant, or a concerned bank employee. Now they’re able to spoof numbers and emails, use AI to mimic real people’s voices (or even magick up fake videos of them), and play psychological tricks to get you to inadvertently give up your information - and once you’ve provided it, there are very few safeguards left to stop them doing whatever they want with it.

While some inexperienced internet users may still be susceptible to Nigerian prince messages, scams have evolved as fast as the tech landscape and we should all be aware of the signs. The few obvious phishing attempts the typical person still occasionally receives seem halfhearted, routed immediately to Junk folders with warning banners across the top and easily identified by seeing that they come from jmalxyz005629@mjcr0soft.com — modern attempts are vastly more sophisticated. Even people who would describe themselves as far too discerning to fall for Internet scams are at risk, a point recently driven home by a piece at The Cut describing the author’s gradual fall for an Amazon scam and ending with her handing a shoebox containing $50,000 to a stranger through her driver’s side window.

We’ll go over some of the most common new scams and tell you what to do — but the real answer is, often, do nothing. Doing nothing is the best way to stay safe, but if you must do something, we’ll tell you what things.

In this social engineering scam, a scammer contacts you while impersonating a relative such as a grandchild or nephew. They claim they’re in some sort of emergency (perhaps entwined in legal trouble or trapped in a broken-down vehicle) and urgently need to be transferred a large sum of money.

Older relatives are typically targeted (hence the name) as it is assumed they are less likely to be in frequent contact with more distant relatives, making it harder for them to catch on to the impersonation.

Scammers typically harvest relatives’ details, such as names, ages, workplaces, or locations, from social media profiles. In recent years they have also made use of generative AI vocal tools, allowing relatives’ voices to be impersonated extremely convincingly if online recordings of them speaking are available.

The grandparent transfers money wherever the caller tells them to, only for the money to be lost forever and the caller turning out to be a stranger; the grandchild being impersonated is safe, often at home, completely unaware that their likeness was used to scare their grandparents into paying what essentially amounts to a ransom (and not even a real one).

The scammer claims to have overpaid or incorrectly paid funds to the recipient and asks for an amount to be returned. Since banks often reflect deposits prior to clearing of payment, the victim believes the scammer’s story and agrees to return funds in good faith or out of guilt, often via an instant transfer method like Zelle that generally cannot be reversed.

At some point during the bank’s holding period, the original payment from the scammer will be invalidated (e.g., the cheque will bounce) and the bank will report the correct balance -- no legitimate payments from the scammer, but now the victim has also lost the funds they “returned” to the scammer.

Sometimes this scam occurs in the context of tech support scams (someone remoting into your computer edits the webpage UI on your bank portal to make it look like you have been paid funds), business payment scams (you pay to “upgrade” your account to access funds, or send out an item you are selling only to have their payment reversed), rental scams (you pay a deposit to a “landlord” with a fake listing), or recruiting scams (the “employer” sends you a cheque to purchase equipment for the job and asks you to return overpayment, plus you “buy” equipment from a website they control and the equipment never arrives).

Timeshares themselves are questionable investments; John Oliver explains this in Last Week Tonight more entertainingly than we ever could.

Let’s set up the scenario: you own a timeshare that you do not want, but no one wants to buy it from you because it’s not a great investment and it’s very hard to even utilize the features it promised. You may be contacted by a timeshare resale or timeshare exit company, promising they can offload your “investment” onto a new party -- for a price. Once you pay them, they disappear.

Following that, you may be contacted by “lawyers” who can represent you in a lawsuit against the resale/exit company -- for a price. Once you pay them…

Following that, you may be contacted by a “government agency” going after the fraudsters to request your cooperation in their investigation, or claiming that your initial payments were linked to criminal enterprises and requiring you to send funds to avoid prosecution. Once you -- well, you get it.

This type of scam originated in China as a regional phenomenon, but is now worldwide. The scammer contacts you first: sometimes they meet you via a dating website and quickly suggest switching communication to a platform like Telegram where phone numbers are obscured; other times, you may get an unsolicited “Hello, is this Megan?” style text message, and upon informing the sender that they have the wrong number, they apologize profusely and continue to engage you in conversation that you are too polite to ignore. Notably, social standards seem to indicate that men are more susceptible to the first method and women to the second.

Once you have established a light (and often flirty or friendly) rapport with the scammer, they inform you of the heaps of money they have made via a reliable and too-good-to-be-true investment opportunity, and oh, do you want to try? FOMO takes over; but you are a smart investor, and you start small. The investment is often related to cryptocurrency, given it is pseudonymous and difficult to recover or even trace, since it can cross borders without the know-your-customer and anti-money-laundering policies required of banks.

You invest and get back a sum that exceeds your initial investment, more than any traditional investment vehicle; you keep investing with them, increasing the money in the pot each time, but one day the money never comes back around - your new investment advisor has disappeared, never to be located again. Basically it’s a Ponzi scheme for the modern era: with cryptocurrency.

While each of these scams has its own signature strategy, there are a few common themes we can identify here. Scammers prey on stress and fear: a key component of all these scams is social engineering establishing some sort of urgency, rushing the victim to send over the requested money right now to either avoid dire consequences or obtain great rewards for themselves or loved ones. Scammers also try to identify victims who may be particularly easy to victimize, with elderly adults unfamiliar with technology and immigrants with limited proficiency in English both commonly targeted groups — many seemingly “obvious” scam emails or phone calls are intentionally poorly crafted so that recipients savvy enough to catch on will be filtered out before wasting the perpetrators’ time.

Luckily, the same few rules are also effective in avoiding falling victim to most scams: don’t believe any promises that seem too good to be true, because they certainly are. Verify any calls or messages you receive that ask you to give them personal information or take financial actions; call the relative back, or contact the bank’s phone number on the back of your credit card. Reputable government agencies will never send threatening messages online or by phone; have any of them ever been so unbureaucratic? Just breathe, think about what’s being asked of you, and act calmly.

The outside world is a scary place full of potentially bad actors; you should remain vigilant to protect yourself. Never open emails you don’t recognize. Turn off your cell phone when you go to bed. Hang dreamcatchers in your bedroom to filter out the government-sponsored nightmares. Unplug the computer - right now, like, now.

Maybe just throw your computer out the window and return to 1985. Pay only in cash and gold. Or Bitcoin, of course, if you have a backup to the computer you just unplugged and threw away I suppose. Trust nobody, they’re all out to get you. You can never get scammed if you never talk to anyone, right?

Right‽