The scams are getting baaaaaaaad lately. By that I mean smarter and more sophisticated.

Lately I’ve been getting calls every day informing me that I’m eligible to receive a hefty tax refund for Paycheck Protection Plan loans I took out during Covid. Except, of course, I didn’t take out any PPP loans during Covid.

Back in the 2000s and 2010s, these kinds of scams were usually pretty amateurish – someone with a thick Indian accent informing you that you owed the IRS money and if you did not pay up immediately, the caller would “send the sheriffs to arrest you.” They’re a lot better at it now. The callers all sound convincingly American, and I think in some cases the scammers are using AI-generated voices for the initial portions of the calls.

I’ve also been getting a torrent of Facebook spam messages. Usually it’s along the lines of “your community page is suspended for violating community standards, please click on this link to resolve.”

This one was pretty good, I have to admit:

I’ve written before how everyone has a psychological pressure point for these kinds of scams and phishing attempts. I’m a Crusty Former IT Guy and therefore suspicious of everything technological, but I still have a psychological pressure point. For me, I almost fell for one earlier this year because it had to do with Facebook Ads, and I had lots of bad experiences getting randomly blocked from Facebook Ads in 2020 when Facebook was losing its mind over election advertising. This one didn’t work on me because I don’t run an ecommerce business in the traditional sense and therefore I don’t have business reviews.

But! Imagine you run a food delivery place and Yelp reviews are the bane of your existence, or you have a business that relies on drop-shipping and you have this one disgruntled customer that leaves bad reviews everywhere. If you got a phishing message like this, you might freak out and click on the link.

So there’s no good answer to this problem except to maintain good security practices for your online life. Have different passwords for every site. Use multi-factor authentication when possible and available. And be very suspicious of any threatening email that contains a link.

-JM