Does your security awareness training program help your employees learn when someone is trying to scam them? It should. Credit: idWork / Getty I recently received an email from yet another victim of a Craigslist scam. It’s one of the hundreds I’ve read over the last 20 years. In this case, he was selling a valuable cactus plant. The email thread he sent me had all the classic scam tip-offs. The scammer agreed to pay full price and cover shipping, but then had a sudden family death of the person who was supposed to pick up the plant and pay in cash. This type of emotional pull is called a stressor event. The scammer said he needed the seller to accept an “emergency” check for larger than the sales price, and then send the overage to someone else to complete the transaction. Anyone in our field would know this was a scam, but only because we’ve seen it before.What fools the victims is that they mistakenly believe that they are safe once they deposit the check and the bank clears it. This is not true! The bank can reclaim the money at any time if it doesn’t get it from the fraudulent check. “Cleared” in the banking industry doesn’t mean safe to spend.The banks are up-front about what their initial “clear” means, and they are under a lot of pressure to let the people who deposit checks spend “their money” as soon as possible. Still, I wish when a bank confirms a check has cleared that the check depositor no longer needs to worry. When transactions, checks and bank accounts can be checked in seconds, why is it taking two to five days to verify if a check is truly valid? It isn’t a technological reason…or it doesn’t have to be. Unfortunately, this is unlikely to change soon. Defending against scams starts with awarenessI’ve interacted with hundreds of people who have lost money. Many are smart and excel at their jobs. Victims come from every slice of society, including doctors, lawyers, engineers, Nobel Prize winners, mechanics and even IT security workers. So, don’t shame victims thinking that they were dumb or a patsy. Intelligence has nothing to do with it.The deciding factor whether someone can be scammed is awareness of the scam presented to them. Many people have no idea that Microsoft doesn’t call you to let you know your computer is infected with a virus. Most don’t know that they can still be held responsible for a “cleared” check. The number one scam defense is awareness education. Banks are doing it. Employers are doing it. Craigslist is doing it. Many people and businesses try their best to inform people about the various scams. Consider adding the following information to your company’s security awareness training program.Types of scamsHere are a few examples of the most common scams I’ve seen. Business services scamSomeone on Spiceworks, a very cool and technical computer-related blog, needed help to determine if a proposed business deal was a scam. He and his wife run a small business, usually advertising online and interacting with nearly every customer online. They got an email request for work to be performed for someone that contained five common scam email techniques, including the claim, “I’ve been scammed in the past, so I want to do things a little bit differently.” This always equates to some bogus transaction method.Everyone told him and his wife to run away from the scam. I always say, “When in doubt, chicken out!” I also have other ideas I’ll share below.Rental scamsMy daughter is looking for a new place to rent and received a scam email. I was not aware of this type of rental scam, but she was skeptical enough to send it my way to see if I thought it was a scam. It was.The emailer said he owned an attractive property and he was not only offering lower-than-market monthly rent terms, but my daughter’s deposit and every month’s rent thereafter would go toward actually owning the house (“without having to pay unnecessary taxes and fees to the greedy banks”). The “landlord” told my daughter and her husband to drop by the house and look in the windows. He said they would see for-sale signs in the yard, but to ignore them because the “landlord” had been scammed by the real estate firm and no longer wanted to do business with that firm. Further, the “landlord” was out of the country on National Guard tour of duty and would be unable to show them the house. Wow! Who could have guessed? If my daughter and son-in-law needed any more proof, they could look at his email address. It was an email address that “exactly” matched the legitimate owner on record using an @outlook.com domain. We know how official that is, right?Romance scamsI continue to get email from friends and family members about romance scams. A lot of lonely hearts are being scammed. Romance scam victims will give away every cent they have, break every long-lasting friendship they have, break off contact with any skeptical family members until the money and assets are gone. Even then, they still have hope that their online lover will come through. Wire fraudWire fraud shows no signs of abating and appears to be growing. Several cities and businesses have been scammed out of millions of dollars this year alone. Google admitted to being defrauded out of tens of millions of dollars from fake Dell invoices.How to spot a scamHere are 14 red flags that any scam awareness training should cover: Buyer’s willingness to pay full price without haggling and pay shipping and other costsLandlord’s inability to show you inside of propertyScammer uses unusual stressor events, including:Claim that transaction must happen ASAP or the deal is offClaim you must take a check and no other payment method will workThey want to send you a check for more than what is owed and have you remit the excess to someone elseDeath of a family member is impacting the deal somehowYou will be arrested if you don’t send money nowSomeone in your family is hurt, arrested, or detained and so you need to send moneyThey offer to let you pay in gift cardsThey are out of town so they can’t meet with youClaims of having been scammed by previous buyers before, so they want to do the transaction in a strange, unexpected way that, if examined, gives them every opportunity to financially benefitAdamant you must use their escrow person for paymentAdamant you must send them your banking or identity details to get paymentAdamant they will not use online service’s mandatory payment serviceCannot take your phone callYou can’t find their company name or email address on the internetTheir company name is very similar to a very well-known, global company name, but not quite the same (e.g., P&G Printing, GE Electricians, Amazing Books)A request that you need to send them money so they can send you even more moneyThey are in love with you, but for some reason, just can’t speak to you on the phone (or take a picture showing today’s date on a newspaper)I’m sure there are dozens of other signs that you and every person in the world should be aware of, but this list of red flags is a good start. Related content news Top cybersecurity product news of the week New product and service announcements from Coro, Descope, Genetec, Varonis, Cloudbrink, Databarracks, and Security Journey By CSO staff Dec 07, 2023 22 mins Generative AI Generative AI Machine Learning news analysis Attackers breach US government agencies through ColdFusion flaw Both incidents targeted outdated and unpatched ColdFusion servers and exploited a known vulnerability. By Lucian Constantin Dec 06, 2023 5 mins Advanced Persistent Threats Cyberattacks Vulnerabilities news BSIMM 14 finds rapid growth in automated security technology Embrace of a "shift everywhere" philosophy is driving a demand for automated, event-driven software security testing. By John P. Mello Jr. Dec 06, 2023 4 mins Application Security Network Security news Almost 50% of organizations plan to reduce cybersecurity headcounts: Survey While organizations are realizing the need for knowledgeable teams to address unknown threats, they are also looking to reduce their security headcount and infrastructure spending. By Gagandeep Kaur Dec 06, 2023 4 mins IT Jobs Security Practices Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe