Why you need a family codeword or phrase right now: Internet Scambusters #1,084
Setting up a codeword or phrase known only to family members and trusted friends is one of the most effective ways of defeating scammers who use distress calls to trick people into sending them money.
But it's not a simple question of just thinking of the right word. There are several other important steps to take to ensure it remains secret and effective.
In this week's issue, we'll explain how to choose the right word(s) and what to do if the caller doesn't have it/them.
Let's get started…
How To Set Up and Safeguard Your Family Codeword
What is your family codeword to instantly verify you are who you say you are? No, don't tell us. Just kidding. In fact, don't tell it to anyone except family members and friends you trust.
But if you don't have one, set it up immediately. It could save you money and untold hours of suffering.
We've written many times about the growing use of fake distress calls when someone tells you by phone, email, or text message that they're in trouble and need money straightaway.
And, as we reported in our recent Issue # 1078, How Artificial Intelligence Is Turbocharging Frauds and Scams, the use of artificial intelligence (AI) both to mimic victims' voices and automate calls and messaging, even using individuals' writing styles - all stolen from the web - is churning this crime into a crisis.
In particular, AI-generated kidnap calls are the piercing tip of this iceberg. You get a call that convincingly seems to come from a family member claiming they've been abducted and pleading with you to pay a ransom.
Other common tricks are messages from a supposed relative or friend saying they're in trouble, maybe stranded abroad, affected by a natural disaster or in jail trying to raise money for bail.
The US Federal Trade Commission says more than 56,000 scam distress calls were reported in 2021. That number is probably rising rapidly thanks to AI. Average losses run at around $2,000 per incident, though they can be significantly higher, as much as $10,000.
The scammers use shock tactics and threats to frighten victims into paying up immediately before they've had a chance to think it through.
Older adults account for more than a third of these victims, with ethnic groups and non-native English speakers also among the most vulnerable.
The single most powerful defense you can use is to ask the caller or message sender for a codeword or phrase that the crooks wouldn't know, or to ask a question that only a genuine victim would know the answer to.
How To Set Up A Secure Family Codeword
On the face of it, establishing a word or phrase known only to trustworthy friends and family should be straightforward. But there are a few important steps you can take to make it most secure and effective:
- Use a unique word, phrase, or question that's not easy to guess. So don't use things like pet or family names or anything, like a nickname, used on social media.
- Don't share it beyond those close to you. If the message apparently comes from someone you know but not closely, use the personal question tactic.
- Never even tell these others that you have a word or phrase. Keep it totally secret.
- Don't use email, messaging, or social media to share the word(s) with the trusted ones. They can be intercepted. Agree and tell them face-to-face or, at worst, by phone.
- If someone pretending to be family or a friend calls to say they forgot the word(s), ask a personal question to confirm who they are.
- Change the word(s) at least once a year.
- Ensure the trusted ones know and understand the purpose of the code and know how to pronounce it under stress.
- Don't use complicated words or phrases that might be difficult to remember.
- Set up a secondary code just in case someone genuinely forgets the original.
- Store the codeword or phrase in a safe place, like a password manager or in a location available only to family members.
Experts say you should ask for the codeword as soon as possible in the communication to limit engaging with the scammers. Don't get bogged down in a conversation with them. And change it immediately if you think it's been compromised.
It's possible that a scammer or even a genuine caller will say they forgot the codeword. That's when to ask them a question only they'd know the answer to.
Alternatively, an extortionist may make the call and all you will hear is sobbing or screaming in the background. You have to insist on speaking to them or on the extortionist asking the supposed victim for the word.
But Don't Leave It At That
If the caller or messenger doesn't know or repeat the word or phrase, or is not able to answer a personal question, it's almost certainly a scam and you can hang up.
But don't leave it at that. Check on the whereabouts of the genuine person being mimicked and report the crime to law enforcement. Also speak to the police if you have any other cause for concern.
In the long run, AI may be used to detect scam calls as well as helping law enforcement track down the crooks. In the meantime, having a unique family codeword could protect you and save you heartache - and money.
This Week's Alerts
Don't send cash: To get around growing understanding that scammers usually use untraceable methods like money wires, gift cars, and cybercurrency, crooks have started telling victims to send cash via shipping companies, according to a new alert from the FBI.
The crooks tell victims to ship packages of cash wrapped in a magazine containing money to pharmacies and retail businesses that are equipped to receive shipping company packages, where the scammer then anonymously collects it.
Trucking hijack: Scammers are targeting truckers by exploiting a new rule introduced by the Federal Motor Carrier Safety Administration. The crooks pose as transportation load brokers, asking for a copy of the target's commercial driving license (CDL).
The scammers use this to effectively hijack the driver's Department of Transportation number, which they can then use to book fraudulent loads.
Genuine brokers don't usually ask for a CDL copy. If they do, it's probably a scam or at least a reason to check out the supposed broker carefully.
X shutout: So, Elon Musk changed Twitter's name to "X" but apparently some browsers don't like the changed icon, producing a security alert when you try to go there. Perhaps by the time you read this, the browser developers will have resolved the problem, but if you receive an alert suggesting you uninstall the X web app, it's not a scam and you can still proceed to the X site.
That's it for today -- we hope you enjoy your week!