Get wise to these common scams by data thieves

We’ve been storing our important data online since the late 90s. Those of you who have been online long enough may recall those early days of saving files in webmail inboxes. Later, as internet speeds and web storage capacity grew, we were able to keep more and more of our digital possessions online.

More recently, the mainstreaming of cloud storage and advent of features like file syncing increasingly made the web our go-to option for keeping work and personal files safe from physical harm. After all, what’s not to love? It fits well with our always-connected, work-anywhere lifestyles; and has certainly made it much easier to share, connect and collaborate – especially during the pandemic.

Unfortunately, this surge in online storage adoption also means there’s now a treasure trove of our personal data online. Official documents and records; cherished personal memories; sensitive work files and more – all just floating in the cloud: a tempting target for cyber criminals.

Theft and exploitation of this data can cause significant financial loss and devastating personal impact. So it’s crucial that we be aware of the scams that are commonly used to try and steal it, so we can stop them dead in their tracks before they do any real harm.

Phising

This type of scam has been around for a long time. Updated frequently with new variations, they can still catch people out if they’re not careful.

How it usually goes:

Scammers will send you an official-looking email or text message that claims to be from a reputable organization you have regular dealings with, such as your bank or cloud storage provider.
The message will tell you there is an issue with your account you need to resolve, or a prize you can claim. It will ask you to click a link, then log in or submit personal details to confirm your identity.
The link will take you to a fake site that’s designed to look exactly like an official one. Once you submit your details (such as your username/password) it will be captured and stolen.

How to side-step it:

– Always confirm the sender’s email address and the URL of the website that the link leads to. If any of it differs even slightly from the real, official one you know – stop immediately.

– Enable 2-Factor Authentication (2FA) on your accounts. This is a standard feature with service providers that offer top-level security – such as banks and Treasure Cloud. With 2FA, your account can only be accessed when you key in two passwords:

The password you memorize and use at every login.
A second One-Time Password (OTP) sent via SMS to your mobile once you enter the first password. As its name indicates, this OTP is only useable once. A new one is generated every time you log in.

If you log in and the website does not send you an OTP, it’s an immediate warning sign that something is not right and you should change your password immediately.

– Avoid using the same passwords for your various accounts. This limits the threat to your accounts even if one of them is compromised.

Tech Support Scam

In this insidious scam, scammers will try to make you panic over the status of your account or device in order to make you comply with their requests.

How it usually goes:

Scammers will call you posing as tech support from a service provider you use – such as your phone company. They will say your account or device has been sending them error messages or been infected with malware.
They will request remote access to your device so they can root out and resolve the problem. This will give them free rein to steal your data outright, or install spyware to do it over time.
They may also take a more direct approach by asking for your personal and login details outright, ostensibly to verify your identity.

How to side-step it:

– Keep calm and don’t be in a rush to comply with any caller’s request, particularly ones who are asking for your private information. Before you grant access or disclose anything, make sure the call is really from an official number. To be doubly safe, end the call and call the company’s official support hotline to continue with any troubleshooting that may be required.

Tip: Treasure, like many other cloud storage providers, would never call you if there are issues with your account but instead notify you by email. So if you do get a call, you should be immediately suspicious.

Impersonation Scam

By pretending to be a friend or loved one in distress, scammers will attempt to take advantage of your concern to cheat you of cash or steal your data.

How it usually goes:

Scammers start by infiltrating the social account of someone you know. Two of the most common methods for doing this are:
1. Hacking: Stealing login details and taking over their account outright
2. Cloning: Making an exact copy of their account
They will then use the compromised account to pose your friend or loved one to ask you for an urgent favor. Depending on their motives, they may attempt to:
1. Cheat money by asking you to buy them an online gift card so they can make an emergency purchase
2. Steal your data by asking you for private data (for example, they may pretend to be a co-worker who needs you to urgently send them a sensitive work file for a last-minute meeting)

How to side-step it:

Call to verify with your friend if you ever receive an unexpected request from them. Never accede to their request right away, no matter how urgent it may sound.
Never share any password or OTP to any account with anyone – even those closest to you – without being 100% sure of their identity.
Use secure sharing methods to share sensitive files. If you use Treasure, you can send a cloud access link to their verified email instead of sharing the file directly. On Treasure, this access link can also be set to expire at a time of your choosing, thus minimizing the chances of it falling into the wrong hands.

We’ve highlighted just a few of the most common data theft scams. There are many others out there, and sneaky new ideas are being hatched every day by scammers. So stay alert and remember that if anything seems even the slightest bit suspicious – it’s better to err on the side of caution.

Finally, if you encounter any new scams you’d like us to warn everyone about, do share them with us at [email protected]

Cookie	Duration	Description
__stripe_mid	1 year	Used by Stripe to enable them to monitor for and detect potentially harmful or illegal use of Stripe's services.
__stripe_orig_props	1 year	Used by Stripe to enable them to understand how visitors interact with Stripe's services, allowing Stripe to analyze and improve Stripe's services (also through third party analytics).
__stripe_sid	Session	Used by Stripe to enable them to monitor for and detect potentially harmful or illegal use of Stripe's services.
_ga	2 years	Used by Stripe to allow Stripe to place targeted Stripe advertisements on other sites that the user may visit, and to measure user's engagement with those ads.
cid	Session	Used by Stripe to help Stripe understand how visitors interact with our services, allowing Stripe to analyze and improve Stripe's services (also through third party analytics).
docs.prefs	1 year	Used by Stripe to save user preferences and recognize user when user returns to Stripe's services.
lang	1 year	Used by Stripe to save user preferences and recognize user when user return to Strip's services
locale	Session	Used by Stripe to ensure that Stripe's site and services work correctly, such as showing the user the correct and relevant information based on their location.
merchant	Session	Used by Stripe to help Stripe understand how visitors interact with Stripe's services, allowing Stripe to analyze and improve Stripe's services (also through third party analytics).
recent-views	1 year	Used by Stripe to save user preferences and to recognise the user when the user returns to Stripe's services.
SIDCC	2 years	Security cookie to protect a user’s data from unauthorized access.

Cookie	Duration	Description
__Secure-3PAPISID	2 years	Used by Google Analytics that provides an aggregate analysis of website visitors.
__Secure-3PSID	2 years	For targeting purposes to build a profile of the website visitor's interests in order to show relevant & personalised Google advertising.
__Secure-3PSIDCC	1 year	These cookies are used to deliver ads more relevant to you and your interests.
__utmzzses	session	This cookie is set by the provider Google Analytics. This cookie is used for storing the traffic source or campaigns that explains how the user reached the website. This cookie is updated every time when the data is sent to the Google Analytics.
_ga	2 years	This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.
_ga_60GXYXXB14	2 years	This cookie is installed by Google Analytics.
_gcl_au	3 months	This cookie is used by Google Analytics to understand user interaction with the website.
_gid	1 day	This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visted in an anonymous form.
1P_JAR	1 day	Used by Google Analytics that provides an aggregate analysis of website visitors.
APISID	2 years	Used by Google Analytics that provides an aggregate analysis of website visitors.
DV	Session	Used by Google Analytics that provides an aggregate analysis of website visitors.
HSID	2 years	Used by Google Analytics that provides an aggregate analysis of website visitors.
initialTrafficSource	2 years	Used by Google Analytics that provides an aggregate analysis of website visitors.
lastTrafficSource	2 years	Used by Google Analytics that provides an aggregate analysis of website visitors.
lastTrafficSource	2 years	Saves the last traffic source that drove the user to Treasure Cloud’s website.
myoc	1 month	This allows the website to track marketing campaign for statistical purposes.
NID	6 months	Used by Google Analytics that provides an aggregate analysis of website visitors.
OGPC	1 month	Used by Google Analytics that provides an aggregate analysis of website visitors.
OTZ	1 month	Used by Google Analytics that provides an aggregate analysis of website visitors.
pageviewCount	1 month	Used by Google Analytics that provides an aggregate analysis of website visitors.
s	Session	Sets a unique ID for the session. This allows the website to obtain data on visitor behaviour for statistical purposes.
SAPISID	2 years	Used by Google Analytics that provides an aggregate analysis of website visitors.
SEARCH_SAMESITE	5 months	Used by Google Analytics that provides an aggregate analysis of website visitors.
Secure-3PSID	2 years	For targeting purposes to build a profile of the website visitor's interests in order to show relevant & personalised Google advertising
SID	2 years	Used by Google Analytics that provides an aggregate analysis of website visitors.
spin	1 day	This Cookie is placed by Facebook. It enables treasure.cloud to measure, optimize and build audiences for advertising campaigns served on Facebook. In particular it enables treasure.cloud to see how our users move between devices when accessing the treasure.cloud web site and Facebook, to ensure that treasure.cloud’s Facebook advertising is seen by our users most likely to be interested in such advertising by analysing which content a user has viewed and interacted with on the website.
SSID	2 years	Used by Google Analytics that provides an aggregate analysis of website visitors.
user_id	Session	This cookie is set by Treasure, in order for Google Analytics to provide an aggregate analysis of website visitors.

Cookie	Duration	Description
_fbp	3 months	This cookie is set by Facebook to deliver advertisement when they are on Facebook or a digital platform powered by Facebook advertising after visiting this website.
_fbp	3 months	This cookie will help deliver our advertising to people who have already visited our website when they are on Facebook or a digital platform powered by Facebook Advertising. For information on how to opt out of these cookies refer to Facebook’s cookie policy.
ANID	9 years	This cookie carries out information about how the end user uses the website and any advertising that the end user may have seen before visiting the said website.
c_user	1 year	This cookie will help deliver our advertising to people who have already visited our website when they are on Facebook or a digital platform powered by Facebook Advertising. For information on how to opt out of these cookies refer to Facebook’s cookie policy
datr	2 years	This cookie will help deliver our advertising to people who have already visited our website when they are on Facebook or a digital platform powered by Facebook Advertising. For information on how to opt out of these cookies refer to Facebook’s cookie policy
dpr	Session	This cookie will help deliver our advertising to people who have already visited our website when they are on Facebook or a digital platform powered by Facebook Advertising. This Cookie helps record the ratio and dimensions of your screen and windows in order to render sites and apps correctly on your displays.
DSID	1 month	This is an advertising cookie set by DoubleClick to make advertising more engaging to users and more valuable to publishers and advertisers.
fr	3 months	This cookie will help deliver our advertising to people who have already visited our website when they are on Facebook or a digital platform powered by Facebook Advertising. For information on how to opt out of these cookies refer to Facebook’s cookie policy.
id	Session	This is an advertising cookie set by DoubleClick to make advertising more engaging to users and more valuable to publishers and advertisers.
m_pixel_ratio	Session	This cookie will help deliver our advertising to people who have already visited our website when they are on Facebook or a digital platform powered by Facebook Advertising. For information on how to opt out of these cookies refer to Facebook’s cookie policy
presence	Session	This cookie will help deliver our advertising to people who have already visited our website when they are on Facebook or a digital platform powered by Facebook Advertising. For information on how to opt out of these cookies refer to Facebook’s cookie policy
sb	2 years	This cookie will help deliver our advertising to people who have already visited our website when they are on Facebook or a digital platform powered by Facebook Advertising. For information on how to opt out of these cookies refer to Facebook’s cookie policy
x-referer	Session	This cookie will help deliver our advertising to people who have already visited our website when they are on Facebook or a digital platform powered by Facebook Advertising. For information on how to opt out of these cookies refer to Facebook’s cookie policy
xs	1 year	This cookie will help deliver our advertising to people who have already visited our website when they are on Facebook or a digital platform powered by Facebook Advertising. For information on how to opt out of these cookies refer to Facebook’s cookie policy.

Phising

Tech Support Scam

Impersonation Scam

Share

Related Articles

Behind The Data, Wilson. Unlocking the people behind Treasure

Reflections on 2020: A Black Swan Year of Tech Transformation

Who Else is Looking at My Data? Exploring Privacy and Cloud Computing

Create your account today.

As Featured On