What's new

How to Protect Yourself from Fraud

Welcome to the only entrepreneur forum dedicated to building life-changing wealth.

Build a Fastlane business. Earn real financial freedom. Live your best life.

Tired of paying for dead communities hosted by absent gurus who don't have time for you?

Imagine having a multi-millionaire mentor by your side EVERY. SINGLE. DAY. Since 2007, MJ DeMarco has been a cornerstone of Fastlane, actively contributing on over 99% of days—99.92% to be exact! With more than 39,000 game-changing posts, he's dedicated to helping entrepreneurs achieve their freedom. Join a thriving community of over 90,000 members and access a vast library of over 1,000,000 posts from entrepreneurs around the globe.

Join Today
Download Books
No Ads? Join Insiders
Forum membership removes this block.
Supa

Supa

Bronze Contributor
LEGACY MEMBER
Read Fastlane!
Joined
May 27, 2015
Messages
1,302
Location
Germany
Rep Bank
$2,645
User Power: 266%
Thinking about how I could add value to the forum it occurred to me, that the topics I encounter at my day job affects all of us and therefore could be of significant value. So why not share it?

I work in the fraud department of a big company in my country. While I can't share company intern stuff, I definitely can share general advice and current fraud scenarios to help you to protect yourself from fraud.

So, if people find value in that, I will update this thread with current fraud scenarios, how to recognise them and, most importantly, how to protect yourself against them.

It will take me some time to write the first few scenarios up, but to have this be more than just an intro post to the thread, here's one thing that you can do right now to protect yourself against a multitude of fraud scenarios:

Wherever possible, turn 2FA (2-Factor-Authentication) on.

Yes, yes, I know. Many already know and do this. But there are also many others, who don't. Without 2FA many of your logins are really f*cking easy to hack. So, turn it on. Seriously.

More to come soon :)
 
Dislike ads? Become a Fastlane member: Subscribe today and surround yourself with winners and millionaire mentors, not those broke friends who only want to drink beer and play video games. :-)
Don't end up as a phish on the hook.

What? Phish? Yes, you read me right.

Ever got a text telling you for whatever reason to click on that link at the end of it? I'm sure you have.

They are called phishing texts, because - like a fisher - they are fishing for your data.

And, once you click on the link they got you.

Like a fish, you end up on their hook. Phished.

So, you might now think"well, let me guess, Supa, you are going to tell us to not click on that link? Wow... thank you?" and, yes, you definitely should not click that link and even better just delete the text without even opening it. But there's a bit more to know about this. Especially because it is not always so obvious that you are dealing with a phishing text. Some are really "well" made and the text as well as the website the link in it leads you to, can look almost identical to the original they are imitating. So, maybe you are actually waiting for a parcel to arrive, when you get a text that asks you to follow the link inside because your parcel couldn't be delivered. Or you get a text from your cellphone provider, that looks just like all the other texts they sometimes send you, and even the site you get to after clicking the link looks like their site.

So, to protect you against the not-so-obvious phishing texts, here are some tips and insights to help you.

If you are unsure if this is a legit text, there's one way to almost always see if it is: look at the link. Closely.

Now, if the link looks weird, like some random letters and numbers, just delete the text. But, what if it looks like it could be real?

Let's say you get a text claiming to be from your cellphone provider, asking you to activate your eSim. And their name is Best Provider. The link may be something like

bestprovider-activations.com

Go to their real website (manually) and look at their domain. It probably will be something like

bestprovider.com

There is a very limited amount of ways, the original website could legitimately be appended and prefixed by the company. They could put something before the main url followed by a dot (.), called a subdomain, or they could put something at the end of the url, after a slash (/), called a subdirectory. So, for example:

activate.bestprovider.com
bestprovider.com/activate

If the link in the text doesn't fall into one of these two url structures, it is most likely fake.

Here's an image from Hubspot showing the url structure:

parts-url_0.webp


So, if you want to have a quick rule to remember when it comes to detecting not-so-obvious phishing texts, it's this: compare the url of the text to the original one. Second-level and top-level domain are the same? It should be safe to click. They are not? Probably a phishing text.
 
Supa said:
Wherever possible, turn 2FA (2-Factor-Authentication) on.

Yes, yes, I know. Many already know and do this. But there are also many others, who don't. Without 2FA many of your logins are really f*cking easy to hack. So, turn it on. Seriously.
Click to expand...

As an adjacent to this: do never, under any circumstances, give out your 2FA codes.

Like many tips to prevent fraud, this may seem obvious. But there's a reason so many people fall for fraud scenarios. In the moment these tactics can seem really convincing. Even more so if you are not aware of how they work.

And one such current scenario is this:

Someone will call you, maybe disguising themselves as being from a parcel company, and tell you that you will receive a text with a code in a few seconds, to verify that the parcel is actually for you. Then you get a code via text. They ask you to tell them the code. You do. And... they just got a 2FA code for an account of yours where they can now freely login to.

Don't ever tell someone a 2FA code or what might be one.
 
Supa said:
Thinking about how I could add value to the forum it occurred to me, that the topics I encounter at my day job affects all of us and therefore could be of significant value. So why not share it?

I work in the fraud department of a big company in my country. While I can't share company intern stuff, I definitely can share general advice and current fraud scenarios to help you to protect yourself from fraud.

So, if people find value in that, I will update this thread with current fraud scenarios, how to recognise them and, most importantly, how to protect yourself against them.

It will take me some time to write the first few scenarios up, but to have this be more than just an intro post to the thread, here's one thing that you can do right now to protect yourself against a multitude of fraud scenarios:

Wherever possible, turn 2FA (2-Factor-Authentication) on.

Yes, yes, I know. Many already know and do this. But there are also many others, who don't. Without 2FA many of your logins are really f*cking easy to hack. So, turn it on. Seriously.

More to come soon :)
Click to expand...

Really appreciate this, thanks, behind the click "thanks".
 
Since 2FA is very common now, there have emerged ways to get into your accounts despite 2FA being activated.

Here's one of those methods, it's done via

eSIM swaps.

An eSIM is the same as the little SIM card that you receive when getting a new phone contract and that you put into your phone - just that this type of SIM card is a completely digital one. You do not get a physical card but rather activate it electronically.

As great as this is, this also opens the gates for some fraud scenarios, that would be a lot harder with a physical SIM card.

I won't go into the technical details of how eSIM swaps work - frankly, because I don't know them - but what they essentially do, is they swap your eSIM card with one the fraudster owns - basically making it, that everything that gets send to your number, won't get send to you, but to the fraudster.

I'm sure, you can imagine what someone can do, once they get all calls and texts that would go to your number. Among other things, they can get your 2FA codes - without you even being aware it.

But, how does your eSIM get swapped?

That's the good news: they need you to actively swap the SIM. How? Well, here comes another typical fraud scenario, I already wrote about in here: Phishing.

You may get a text, claiming to be from your phone provider, asking you to reactivate your phone number, or some other reason. You then get, through a link in the text, to a site that looks just like your phone provider's. You follow what is asked on that site, aaaaand.... without knowing it, you just swapped your eSIM.

Sooner or later you will probably realize it - one way or the other. But, if you're honest, how long would it probably take you to realize, that you are not getting any phone calls or texts? Enough time to try to login to your bank account and get a 2FA code sent? If yes, then you can imagine the damage this can cause.

The advice to protect you from this is the same as in the Phishing post. Ideally don't click that f*cking link. But even more importantly, keep in mind how to check the link in the text (also mentioned in the above post), as these texts will most likely look very real and like something your phone provider may actually send you.
 
Dislike ads? Become a Fastlane member: Subscribe today and surround yourself with winners and millionaire mentors, not those broke friends who only want to drink beer and play video games. :-)
Last edited:
I would further add on one tip always limit your internet banking transaction amount. Just increase it when needed and decrease back after big transaction.

Always make sure your primary saving account with a lot money is not linked to cards.

Use the other account with a small balance to do frequent transaction.

This is very old school method that works.

The thief has to increase your limit first, which you will receive an email about that.

Make sure get email notification and messaging notification as well.
 
Supa said:
Thinking about how I could add value to the forum it occurred to me, that the topics I encounter at my day job affects all of us and therefore could be of significant value. So why not share it?

I work in the fraud department of a big company in my country. While I can't share company intern stuff, I definitely can share general advice and current fraud scenarios to help you to protect yourself from fraud.

So, if people find value in that, I will update this thread with current fraud scenarios, how to recognise them and, most importantly, how to protect yourself against them.

It will take me some time to write the first few scenarios up, but to have this be more than just an intro post to the thread, here's one thing that you can do right now to protect yourself against a multitude of fraud scenarios:

Wherever possible, turn 2FA (2-Factor-Authentication) on.

Yes, yes, I know. Many already know and do this. But there are also many others, who don't. Without 2FA many of your logins are really f*cking easy to hack. So, turn it on. Seriously.

More to come soon :)
Click to expand...


I help mom and pop and Grandmas with their everyday technology. I don't advertise any expertise in security, but unfortunately the calls for folks getting scammed are pretty much every day and happen on an ongoing basis. This week it's Facebook hacks.

A recent scenario: person had her email hacked because they had no 2-factor security on the account, and the IMAP setting set to ON, and no cell phone attached to the account. This is a rare scenario but happens with older accounts that folk never really changed any initial info on.

Hacker was able to siphon the email using an IMAP hack, once they got into the email, they were able to reset the Facebook password because it too did not have 2 factor enabled and did not have a phone # attached to the account.

-------------------------

Explaining all the ways to protect oneself often makes the eyes glaze over for folks that are already bad with technology in the first place but can't give up the social media. They are large targets for the scumbags that abound in this space.

Unfortunately, the "EZ" method that used to be popular (txting a code to your phone) can be socially engineered by fooling the cell phone companies.

Sending codes to Authentication apps are a great way to stop the codes to phones problem, but explaining all this to Grandma is the real problem, they just end up in an endless loop of changing passwords and accounts confusion.

I feel bad for folks because a lot of the tech neophytes will just continue to get scammed.

----------------

Another REALLY common scam for the elderly is a Google search ending up with a fake website that warns of viruses and says to call a phone #. The person calls the #, and Grandma lets the guy into the computer and off he goes to the bank. It never stops.

You would think that Google would have a way to stop this kind of shit in its tracks but I'm guessing it's not so easy, as the fake sites come and go with the wind.

Two Factor Authentication is your first line of defense for sure. But my phone still rings.
 
MouseTrap said:
Explaining all the ways to protect oneself often makes the eyes glaze over for folks that are already bad with technology in the first place but can't give up the social media. They are large targets for the scumbags that abound in this space.
Click to expand...

Yes, unfortunately. There are many scams targeting people who are not well versed in technology. I‘ll go into some of those as well.
 
Dislike ads? Become a Fastlane member: Subscribe today and surround yourself with winners and millionaire mentors, not those broke friends who only want to drink beer and play video games. :-)
Fake Online Shops

There's a great German YouTube channel that does fantastic documentaries. They also have an English channel where they release some of their German videos translated to English, and as far as I can see even videos that are only on their English channel. The English channel is called Fern if anyone is interested.

Yesterday they released a very well made documentary about an online scam that already resulted in around 800 Mio. $ of damage to people falling for it. Most of that damage was caused in France, the US and Germany. This video is currently only available on their German channel, if they release an English version I'll share it here - for any Germans: the German channel is Simplicissimus and this is the video.

What's it about?

The video goes into great detail about one specific scam, while I rather want to address this type of scam in general.

It's about fake online shops.

But not just some random shop, but ones masked as being official shops selling well-known brands like Nike or Adidas.

In this type of scam, you, usually through a Google search, land on an online shop that looks exactly like the original one. The URL looks a bit different, so no mention of the brand's name in it, but still legitimate enough and not too suspicious.

On there you can purchase products of a brand, often with good discounts.

Browsing through it everything seems ok. You add something to your cart. You pay. Only payment option is credit card. You enter your card details and hit pay. But then an error occurs. For some reason your payment could not be processed. In some cases the scam ends here (for now), in others you may be offered another option to pay, that may link to PayPal or something else, where you can actually pay for what you want to purchase.

If it didn't end with an error after entering your credit card details, your order ends here. With nothing. What you paid for will never arrive.

No matter what happened after you received that error message, in both cases you just handed out all your credit card data.

If you do not realize this quick enough and bar your credit card, anyone with this data can now use your card for purchases.

This is just one scenario of many, but usually the goal of them is to get your credit card data. But what can you do about it?

How to protect yourself from that fraud scenario?

  • Look for things that are suspicous and don't ignore them. Always look at the URL and if in doubt always check it through a quick Google search, usually all big shops have some kind of confirmation that they are trustworthy - like a Trusted Shops logo and reviews on Trusted Shops.
  • Check if there are details about the company running the site - their imprint, privacy policy and other legally required information.
  • If you don't know the site and/or it is not a well-known site, always be sceptical if the only payment option is credit card. Most well-known sites offer a multitude of payment options, many that are much safer than credit card, like PayPal, Stripe, Apple and Google Pay, Amazon Pay, Klarna and others.
  • If you entered your credit card details and for some reason you feel that there might be something wrong - maybe you didn't get a confirmation email, or it looked weird - call your credit card company (they typically print an emergency number on their cards, a quick online search will give you that number as well) and let them bar your credit card. Better be safe than sorry. Receiving a new credit card is not that worse or complicated, but having your credit card data being stolen can quickly become very expensive.
 
A new trend in e-commerce is entire sites being cloned.

It can look identical to the original site in most respects.

Usually with the prices discounted, as you said.

Scams are getting more and more sophisticated.

My mom works for me as an admin assistant and she is fantastic. I trust her implicitly, however I will never give her bank access, other than bill pay (which requires me approving new vendors), as I don’t trust her not to get hacked/phished.
 
As a business owner I make all softwares (that allow me to do so), force all employees to set up 2FA.

Its in my cyber liability insurance terms to have this set up too.

We had one crazy phishing scam, where an employee received texts from someone pretending to me to both their work and personal numbers. Both were socially engineered somehow, and thankfully the employees first reaction was to ask me about it.
 
Supa said:
Thinking about how I could add value to the forum it occurred to me, that the topics I encounter at my day job affects all of us and therefore could be of significant value. So why not share it?

I work in the fraud department of a big company in my country. While I can't share company intern stuff, I definitely can share general advice and current fraud scenarios to help you to protect yourself from fraud.

So, if people find value in that, I will update this thread with current fraud scenarios, how to recognise them and, most importantly, how to protect yourself against them.

It will take me some time to write the first few scenarios up, but to have this be more than just an intro post to the thread, here's one thing that you can do right now to protect yourself against a multitude of fraud scenarios:

Wherever possible, turn 2FA (2-Factor-Authentication) on.

Yes, yes, I know. Many already know and do this. But there are also many others, who don't. Without 2FA many of your logins are really f*cking easy to hack. So, turn it on. Seriously.

More to come soon :)
Click to expand...
In some ways, i believe it's learning about how people manipulate you. You can have the protection you are suggesting. Although, it's all about knowing your stuff when dealing with people. Scammers have been around through the centuries and decades. All of them beat the system sooner or later. The worst is not knowing how the game is played. For example: If you I didn't spend a lot of time in this forum, it would have been easy for five guys to rip me off of a money since August. It doesn't really work, because i know "Words" is how they try to manipulate your thoughts, emotions, and feelings. They are Romance Scammers and believe on Tick and Tock you steal men's photographs and video's, and tell you anything you want to hear as a woman and get you on telegram and if you are falling for this trick in the first place with the red flag of Telegam.

For example: Why would someone honest want to corner you on a app, that they can destroy conversations and photographs? (Red Flag number 1).

2. Moving fast selling themselves as the masculine about how they are the "Great Guy!" they will tell you anything you want to hear as a woman.

3. Then after 24 hours they will ask you can you just give me x amount of dollars. Have some story with stolen photographs of a man and children that are not them.

I had to laugh because when they start trying to sell me anything, I'll listen to them until they get to that point just send me money. Then I'll tell them everything they did wrong in selling me their fake story. Sorry! I don't have any money for you.

Bottom line it's learning to make smart choices sometimes and taking right actions. You are the one who gives your future away bottom line. It's always being aware of who is around you, their words, their actions, and being observant what they are doing. Technology can only protect you so far. Still you open the door and invite them in.
 
Ransomware Attacks

This will be a rather short post, as I do not have direct experience with this type of attack. I do however have a friend who works for a company that does something with servers for other companies. He has some experience with these attacks. As ransomware attacks can be incredibly damaging for companies, if not destroy them completely, I wanted to include them in here, despite my lack of in-depth knowledge about them. Therefore I won't go into what to do once you fall victim to such an attack, but focus more on how to prevent them and, even more importantly, if they happen to you, how to prevent them from destroying your business.

But what are ransomware attacks? According to the FBI

Ransomware is a type of malicious software—or malware—that prevents you from accessing your computer files, systems, or networks and demands you pay a ransom for their return.
Click to expand...

How to prevent ransomware from getting into your company's system

The ways that this malware lands in your company's system is through different kinds of fraud scenarios, some of which have already been covered in here, and some that will be covered in future posts. But put simply, they oftentimes end up in your system the same way other malware lands there: by clicking a link, by downloading something, by opening an email attachment, to name a few possible ways. So please refer to those posts for more in detail looks of how to prevent malware, including ransomware, from getting onto your devices and into your systems.

How to prevent that a successful ransomware attack destroys your company

The more important question, and one that you can actively do something about, is what can you do now that will highten the chances of your company surviving after a successful ransomware attack.

I remember a friend's birthday party. Among the guests was that friend of mine I mentioned, from that server company (please don't ask me what they exactly do lol, I have no idea). The whole evening he was restless and obviously lost in thoughts. When I asked what's wrong, he told me about this client they have. He says that they fell victim to a ransomware attack. They have completely lost access to F*cking EVERYTHING, and unless they pay a huge amount of money, they will never get access to their data again. They were in contact with the police, but they couldn't do much. The reason my friend was so restless, was because he was responsible for setting up the backup system of that company. He knew he did everything correctly, but he was so terrified of maybe having missed something, because, as he said, without their backups they would be totally F*cked, since there would be no possibility to continue doing what they did. Thankfully in this case they could restore everything thanks to the backups and the story has a happy end. But not all do. Just imagine what would've been if they didn't have their backups, or they would've been stored somewhere where the malware had access to as well.

If you are a business owner I highly recommend to read up on this topic and what you can technically do to prevent or survive ransomware attacks. To help you be able to survice one, I want you to ask yourself this:

If for whatever reason you suddenly and permanently lost access to ALL of your business data, would you be able to easily build everything back up again?

If the answer is anything but a clear F*ck YES! then please look into how to properly back up your data, so that it is secure, available, up to date and somewhere, where ransomware that entered your company's system can't reach it.
 
Dislike ads? Become a Fastlane member: Subscribe today and surround yourself with winners and millionaire mentors, not those broke friends who only want to drink beer and play video games. :-)
Last edited:
What are your thoughts on auth apps that aren't Google? The bad reviews from this one involve people getting stuck in a loop lol.

Screenshot_2025-02-28-10-58-59-95_40deb401b9ffe8e1df2f1cc5ba480b12.webp
 
MattR82 said:
What are your thoughts on auth apps that aren't Google? The bad reviews from this one involve people getting stuck in a loop lol.
Click to expand...

I would only use those of well-known names, doesn't have to be Google, but I'd rather pick one of the big names that have lots and lots of good reviews and tests.

Also, where possible, I'd use Passkeys, that Apple and Android offer.
 
Thanks man. After chatting a little to @heavy_industry I'm also going to have a dedicated and completely quarantined laptop strictly for anything that's important financially.

Thinking just a basic Chromebook with its own Sim for data.
 
BlackMagician said:
I won't go with anything which is not known and legit
Click to expand...
Yeah I wouldn't normally but as it was a very established bank in Australia that didn't have the option of using google authenticator I thought it may have been ok. Doesn't sound great though, especially as this was where I was planning on parking most of my cash.
 
Dislike ads? Become a Fastlane member: Subscribe today and surround yourself with winners and millionaire mentors, not those broke friends who only want to drink beer and play video games. :-)
Huh, interesting. Gmail removed the option to turn off IMAP in January 2025.

Can still do it with paid Google workspace.

May be using a new protonmail account from now for anything important anyway I think.
 
Last edited:
Quishing - when the hook is a QR code

The word “quishing” is a combination of “QR code” and “phishing” and it refers to a pretty new type of fraud scenario, in which criminals place fake QR codes in emails, letters or in public spaces that lead those scanning the QR code to fraudulent websites.

What follows once you get to where the QR code leads you is already covered in the post above on phishing. So let's focus on the "Q" of it.

QR codes are used everywhere. From parking lots, across logins, to invoices. But how do we spot a fake one?

Since there is not much about the QR code itself that could indicate that it's a fake one, we have to focus on what surrounds it. There are three steps, where you could detect the fraud and stop before you handed over your data: one step before scanning it and two steps after scanning it.

Before scanning the QR code
This is where you should ask yourself, if this QR code could be legit. Does this letter really look like it's from your bank? Is this QR code at the parking lot a sticker that might be put on top of the real one, or is there also one in the digital parking system that you could scan instead? Is something off with how I got this QR code? Since a QR code is usually used to replace manualyl entering some data or taking some action, if something seems off, you might want to do it manually this time.

Directly after scanning the QR code
When you scan a QR code there are usually two ways it works. You either see a link on your camera or scanner app that you need to tap to get where the code takes you, or it directly takes you there.

In case of the first scenario you can use your url-checking skills learned further up in this thread to see if there's something fishy about it. However this often proves difficult, as the links used are often shortened links and you only get to see the real url once on that website. If that's the case or if it's the second scenario and you get directly taken to the site, do the same as you would with any other potential phishing link.

Where the QR code leads to
If you are wherever that QR code takes you, go through the steps outlined in the post on phishing. This is pretty much the same place you land, when tapping on a link in a text message that says it's from your child or the post service. Once there it's all about getting you to enter your personal data, especially payment data and login information.

This is a rather short post, as this is just another type of phishing, where the process is mostly the same, only the hook is different - in this case it's QR codes, some innocent looking square of black and white forms that for many of us by now belong to everyday life.
 
You must log in or register to reply here.

Navigation Shortcuts

Welcome to an Entrepreneurial Revolution

The Fastlane Forum empowers you to break free from conventional thinking to achieve financial freedom through UNSCRIPTED® Entrepreneurship where relative value and problem-solving are executed at scale. Living Unscripted® isn’t just a business strategy—it’s a way of life.

Follow MJ DeMarco

Fastlane Resources

Get The Books that Change Lives...

The Fastlane entrepreneurial strategy is based on the CENTS Framework® which is based on the three best-selling books by MJ DeMarco.

mj demarco books
Back
Top Bottom