Financial scams have exploded in recent years, and it’s not just banks and corporations getting screwed out of big bucks. U.S. consumers lost more than $10 billion to fraud in 2023 — more than any previous year, and a 14% increase from 2022 — and all signs point to even larger losses in 2024.
So how do we protect ourselves from bad actors who want to steal our money and our identities?
That’s what we — Raj Punjabi and Noah Michelson, the hosts of HuffPost’s “Am I Doing It Wrong?” podcast ― asked Jeremiah Baker, a cybersecurity specialist who has spent the last 17 years growing a firm that hacks into its clients’ networks and web applications to identify the weaknesses in their online defences and fortify them against future attacks.
Listen to the full episode by pressing play:
Baker told us the biggest red flag that we might be getting scammed is someone asking for personal information, especially if they’re doing so with a heightened level of emotion or urgency.
“Your bank’s never going to call you and… ask you for your username and password, or any kind of identifiable information,” he said. “It’s usually a tee-up of someone asking you for something… an impersonation scam — pretending to be an institution when they’re not, [or pretending to be] a friend, a colleague, a relative.”
There’s also usually what Baker referred to as a “sob story” involved in the ask.
It’s “highly emotional, highly urgent — ‘You have to hurry!’ And those are the things that really should raise a red flag to say, ‘Hey, wait a minute, I need to hang up this phone and reach back out to the institution and make sure that it’s really them,’” Baker told us.
That can be difficult to do in the heat of the moment — especially if someone is claiming to be a representative from an institution we work with, and they’re warning us that we might lose everything if we don’t act quickly. However, trusting our guts and taking a step back to analyze the situation can save us a lot of agony — and money.
“Most everyone I speak to said, ‘Yeah, I didn’t really feel like I should be doing it, but I did it because they had all this other information on me ― like, they knew my address, they knew my name, birth date, they knew my Social Security number,’” Baker said. “All that information — with all these huge data breaches that we’ve seen over the last several years, bad guys get ahold of that information. So they use it to set trust and context, and then they get us to do something.”
Baker tells clients to “trust [their] intuition,” and to keep in mind that banks and other institutions are never going to ask for that kind of information over the phone or via email.
“The best medicine there is to hang up the phone, look on the back of your credit card, your bank card, or wherever they’re pretending to be from, and call them directly,” he said. “Or go visit them, if there’s a local branch.”
Another way to instantly get a gut check, Baker advised, is to ask ourselves: “If I do what they want me to do, am I willing to suffer a complete loss or all the damages that can go along with this?”
“If the answer is ‘No, I’m not willing to tolerate that,’ then discontinue the communication and verify with the institution and/or the authorities that you’re dealing with the right people and it’s not a scammer,” he said.
Baker also chatted with us about ways to stay safe from social media scams, why you should always think twice before scanning a QR code, and much more.
For more from Jeremiah Baker, head here.
Need some help with something you’ve been doing wrong? Email us at AmIDoingItWrong@HuffPost.com, and we might investigate the topic in an upcoming episode.