When it comes to protecting yourself and your organization against cyber scams, there\u2019s no \u201cone-size-fits-all\u201d solution. As organizations and people alike continue to adopt new devices and technology, they\u2019re opening themselves up to more opportunities for cybe rattacks. In order to effectively protect the valuable information that motivates cybercriminals, it\u2019s important that we understand the different types of scams targeting us.Understanding the Warning Signs of Modern Cyber ScamsCybercriminals use a wide variety of scam tactics in order to gain access to a device or network, extort money, or steal valuable information. When it comes to understanding today\u2019s threats and how to protect yourself and your organization against them, knowing the various ways they leverage social engineering tactics to trick users can go a long way.With this in mind, people can minimize the impact of cyber scams by learning about four common variations being used to target them:Phishing Scams Phishing attacks are an all-too-common occurrence in both corporate and personal networks. They happen when a criminal sends a communication (email, phone call, text, etc.) pretending to be someone else in order to extract or access credentials, personal data, or financial information about the targeted individual, or sensitive information related to the organization for which the target works. What\u2019s more, 59 percent of all successful ransomware infections are transported via phishing scams. Here are a few things to be aware of to help you better recognize these malicious scams:Check contact names: Use caution if you receive communications from a source you don\u2019t recognize that asks you to take an action, like providing personal information or signing into a site. Most, if not all, companies will never prompt you for your information via email or text. When someone does, this should be considered a red flag that they\u2019re not who they say they are. Check their email address or phone number and compare it with the person or organization they claim to be associated with for inconsistencies.Look for misspellings and poor grammar:\u00a0Professional organizations take the time to read their communications over before sending. Oftentimes, phishing cybercriminals do not. If you receive a message from a supposedly trusted source that includes typos, poor grammar, or bad punctuation, chances are it\u2019s a scam.Look for aggressive behavior: If the subject matter and language of a message is overly aggressive, it is likely a scam. Have you ever seen an email in your SPAM folder saying something similar to, \u201cUrgent! Your account is X days overdrawn Contact us IMMEDIATELY\u201d? The goal here is to make you uneasy, panic, and take the action the scammers want. Instead, check with the party they claim to represent before taking any immediate action.Spear Phishing Scams While phishing attacks are sent in mass and offer relatively easy-to-spot clues, spear phishing is its highly targeted and much more sophisticated counterpart. Spear phishing scammers conduct in-depth research about their victims and take the time to understand their organization, colleagues, interests, etc. in order to boost their chances of success. To better protect yourself from spear phishing, consider the following:Use an email verification service: Email verification works by validating the source of the emails you receive to check whether or not the identities of the Administrative Management Domain (ADMD) match the email address being used.Use discretion when handing over information:\u00a0While it sounds simple, if users weren\u2019t willingly handing out their information to bad actors, phishing wouldn\u2019t be an effective scam.Maintain good security hygiene:\u00a0When you practice basic security hygiene, you deny scammers many of the common attack vectors they use to infect your machines and gain access to your information or organization\u2019s network. The implementation of simple, everyday habits can go a long way toward preventing scams from successfully compromising a device or network.Baiting ScamsBaiting scams, as the name suggests, aim to bait unsuspecting users into performing a certain action like downloading a virus or entering personal information in exchange for the \u201cbait.\u201d This bait can be anything from free anti-virus software or movies users can download, to physical bait such as a thumb drive labeled, \u201cCorporate Salary Information\u201d left out for a victim to find and plug into their machine. While this type of scam can take many forms, the end goal is always the same: luring users to install something malicious. To protect yourself and your organization, pay attention to these common indicators:Avoid \u201cfree\u201d deals:\u00a0As the old adage goes, \u201cIf it sounds too good to be true, chances are it is.\u201d Many cyber scammers will attempt to lure victims in with promises of free downloads, free shipping, free subscriptions, etc. So, be sure to not only double check the source and read the fine print of any agreements, but also do some checking on the organization claiming to make these offers.Avoid unfamiliar external flash drives or hard drives:\u00a0Baiting can be done digitally or with physical drives that install malicious software. Make sure you know the owner of the drive before you connect it to your machine.Tech Support ScamsIn 2017 alone, the FBI reportedly received around 11,000 reported cases of tech support fraud, costing a staggering total of 15 million dollars in damages. As the name suggests, scammers will pose as tech support employees, either working for a victim\u2019s organization or for an independent service, in order to gain access to personal information. Like the other scams listed here, success or failure is dependent on the victim falling for a social engineering attack. With this in mind, it\u2019s important to watch out for some of the telltale red flags:Lookout for unsolicited messaging: Rarely, if ever, will tech support reach out to \u201ccheck in\u201d or offer to fix your computer. Software and hardware developers never track their solutions and then call to offer security assistance. If a tech support worker or company is reaching out to you via a popup ad, and unsolicited email or phone call, or through social media, it is likely a scam. Legitimate companies have established processes in place to update your products and services, such as published patches and updates, or ways to address issues that are built directly into the solution itself.Avoid installing anything from an unknown source:\u00a0Unless it comes directly from a source you trust, downloading anything from the web comes with the inherent risk of infecting your machine. Like baiting scams, cybercriminals will often attempt to offer \u201cfree security scans\u201d or \u201ccomputer cleanups,\u201d which then infect the victim\u2019s computer with malware.Lookout for actors who want remote access to your device:\u00a0Remote access allows real tech support teams to \u201ctake over\u201d a machine remotely in order to fix it. However, the same technology can be used to quickly access personal information off of your device. If a source you\u2019re unfamiliar with asks to gain access to your device, steer clear.Securing Mobile Devices\u00a0Mobile devices are also being increasingly targeted by criminal scams. Fake applications used to mine for data or ransomware are widely available, especially for Android operating systems.Avoid malware masquerading as legitimate applications and updates:\u00a0A growing number of fake applications are available from third-party app stores (e.g. Apkmonk). In addition, implants and updates that exploit applications and devices also abound (such as cryptojacking malware). Also be wary of apps requesting unneeded permissions (e.g. Device Admin and SMS exploits, etc.)Use secure WiFi:\u00a0Be mindful of free WiFi. Public spaces and shops offering free WiFi connections are common locations for man-in-the-middle attacks where criminals will often broadcast the availability of WiFi services and then use them to capture data. When using public WiFi, use VPN connections and avoid sensitive transactions. Many mobile apps are also programmed to automatically connect to known connections, so cybercriminals often use common WiFi SSIDs, such as \u201cHome Network\u201d to trick devices into automatically connecting without requiring any user input.IoT DevicesIot devices are also an increasingly popular attack vector. Many IoT devices are easy to exploit, have a persistent Internet connection, and use powerful GPU processors, making them ideal for cryptiomining and DDoS exploits.Update credentials: The most common exploit strategy is to simply attempt to connect to an IoT device using its default username and password. Whenever possible, chane the password on your routers, smart TVs, and home entertainment systems, etc.Connected cars: As more and more devices become interconnected, they become vulnerable to the weakest link in the chain. Devices like connected cars are not only rich targets for attackers, contaiing user data, phone contact information, and even payment information, compromise can can also pose a risk to drivers and passengers. When purchasing a connected car, carefully review and change its default security settings and avoid app installs from unknown sources. In addition, review the security and credentials of bluetooth connected devices, especially those that interface with your car\u2019s network.Final ThoughtsCyber scams can affect anybody unaware of these common warning signs. As people continue to adopt more and more devices that connect to a network, the risk of falling victim to a scam only increases. By being aware of the common cyber scams targeting people today, as well as recognizing the telltale signs of those scams, you can safeguard your valuable information and the information of the networks you connect to.Check out\u00a0our entry level designation of the Fortinet Network Security Expert (NSE) program. It is intended to provide a basic understanding of the threat landscape facing networks today.\u00a0Anyone interested to learn about the threat landscape and cybersecurity should take this course for more learning. Also learn more about the\u00a0Fortinet Network Security Academy\u00a0available to educators and students or the\u00a0FortiVets program.Download\u00a0the latest Fortinet Global Threat Landscape Report to find out more detail about recent threat landscape trends.Sign up\u00a0for the weekly FortiGuard Threat Brief.