Growth in gig working leads to surge in phishing scams: Internet Scambusters #1,044
Gig working is a big thing these days, with one in six Americans saying they've been earning money this way as independent contractors.
But one unwanted side effect has been for scammers to target the likes of home delivery and ride-sharing freelancers.
In this week's issue, we'll highlight the main scams - mostly through phishing exploits - and give you 7 tips on how to protect yourself.
Let's get started…
Phishing Scam Alert For Gig Workers
Gig workers are being targeted by scammers trying to steal their earnings from activities like personal shopping, home delivery, and ride-sharing.
The crooks have launched a range of phishing attacks aimed at getting freelancers' account email and password details at the companies that employ them. Then they simply sign on and instantly drain every cent the victim has earned.
Gig working, defined as "temporary jobs typically in the service sector as an independent contractor or freelancer," has increased massively in the past couple of years.
Gigs are often used as a second job to top-up earnings or a full-time role that offers flexibility for people with other commitments.
Latest statistics show that the gig economy is worth hundreds of billions of dollars in sales each year. And one in six Americans say they've earned money from gig working.
In many cases, earnings are paid into a holding account at the employing company, where they sit until the worker withdraws them or the company makes a weekly or monthly transfer (known as "cashing out"). It's this money that the scammers want to get their hands on.
Because these people are regarded as independent contractors, they don't have the same rights, bargaining power, and protections as employees. And because they work by themselves - a situation termed "digital isolation" - they're often unaware of the scam risks they face.
Moreover, the doling out of individual job assignments is often handled through artificial intelligence (AI) algorithms and other advanced technologies, which leave the worker without a human point of contact within the employing company.
The phishing trick the villains use is generally to pretend they're either the employing company or the customer when they approach their intended victim.
Recent incidents include spoofing phone numbers or sending emails and texts that appear to come from the delivery firm.
The imposters usually say the victim's sign-on details have been compromised and that they need to reset the account or change the password. Then the scammers say that because of systems issues, the victim will be unable to make the change themselves, so they have to hand over their current sign-on info.
Sometimes, they're warned that they'll be deactivated from working for the company if they don't comply.
"Gig workers are lucrative targets for criminals," security expert Steve Ragan recently told tech monitoring company TheMarkup. "They're stressed, they're busy, and for many of them, they can't lose this job. Criminals are taking advantage of that fear element."
Freelancers have also been caught out by advance payment scams, where they receive a dud check, sometimes for thousands of dollars, and they bank it. Then they're told to pay the money into a cash-transfer app account, supposedly to buy supplies and other items from a bogus company operated by the crooks.
In another version, they're told to buy Bitcoin from an ATM to pay for supplies, again from a phony company. That untraceable money goes straight into the scammers' coffers.
Other scams targeting gig workers include:
- Ride-share customers who ask to borrow the driver's phone, then access the driver's accounts to steal information or transfer money.
- Fake gig work websites that steal personal financial information like bank account numbers.
- Advertising lucrative gigs in return for an upfront fee.
- Individuals who hire childcare providers and pet sitters and then either don't pay them or invent an excuse to cut the payment.
Protect Yourself From Gig Working Scams
Many of the scams we've highlighted also target home workers, a longstanding fraud we've covered many times in earlier issues. Check out one of our earliest issues -- Top 10 Work At Home and Home Based Business Scams. It's still just as relevant today.
If you're a gig worker, here are some other measures you can take to safeguard yourself from scammers:
- Beware of too-good-to-be-true gigs offering high payments.
- Don't pay upfront for work.
- Don't assume that a person who phones, texts, or emails you is who they claim to be. Be guarded in your response.
- Never give your sign-on information including passwords to anyone - let's repeat that: not to anyone.
- Be ultra-cautious about providing bank account details to an employer. Thoroughly check out a supposed gig company, its reputation, and its genuine contact information before doing so.
- If you have a choice, work for a company that instantly transfers your earnings to your bank.
- Know what protections an employer offers and whether they provide information about security risks.
Sadly, it's not just scammers who make gig workers' lives difficult. Some of the employers themselves have been criticized for unfair treatment of freelancers.
So much so that the US Federal Trade Commission (FTC) recently announced a crackdown on these firms.
The Commission accuses some of deception about pay and hours, unfair contract terms, and anti-competitive wage fixing.
It says that, as independent contractors, gig workers are actually consumers and are entitled to the same types of protection.
Specifically, it plans to make companies accountable for claims and conduct about costs and benefits, police unfair methods of competition, and fight unlawful and unreasonable constraints on workers - such as preventing them from doing other jobs.
Elizabeth Wilkins, director of the FTC's Office of Policy Planning, says: "Technological advances and novel business models are no license to commit unfair, deceptive, or anti-competitive practices. We will use all our tools to protect gig workers and promote fair and competitive market practices in the gig economy."
This Week's Scam Alerts
Last Pass hack: Password management provider Last Pass says an "unauthorized party" accessed "certain elements of our customer information" in August. While investigations were ongoing as to what information was accessed at the time of writing, the company says that passwords themselves remained "safely encrypted."
"Guess who died?": If that question pops up on your Facebook feed, seeming to come from a friend, it's actually a spam scam. Clicking on a link that supposedly reveals the identity of the deceased actually leads to a fake profile used for data harvesting. Anyway, who would even ask a question like that?!?!
No compensation: The recent demise of cybercurrency trader FTX has sparked a number of scams relating to compensation for losses. A deepfake video, of the type we reported on a few weeks back, uses a manipulated image of FTX's Sam Bankman-Fried suggesting people who send "him" Bitcoin or Ethereum currencies, will get twice their money back. Twitter suspended the account pedaling the scam, but the incident serves as a timely warning about potential con tricks surrounding FTX. Be on guard!
That's it for today -- we hope you enjoy your week!