People lost more than $10 billion in online financial scams last year, $1 billion more than in 2022. At the same time, more consumers are conducting business online — to the tune of $11.6 trillion in 2024.

It stands to reason that losses will only continue to worsen, especially with artificial intelligence tools giving scammers newfound abilities to mine personal data, imitate voices, and manipulate video images.

Whether you’re a retired individual, a key employee, a business owner or a business executive, you need to prepare for heightened scam activity. Your identity, financial data, and whatever is in your email are all valuable to cybercriminals who are looking to cash in on your vulnerability.

Today’s article explores how fraudsters are working their nefarious magic and what you can do to protect yourself from cyberattacks.

Education is worth a pound of cure

First, You need to recognize how fraudsters use four typical ways to put you in their sights (the four “P’s”):

Pretend >> A scammer will pretend to be someone you know or from an organization you recognize. This is a core trait of “imposter” scams, which took the top spot on the fraud list of 2023.

Problem, prize >> A fraudster might tell you that you’re in trouble or you have some problem to fix. Or they might tell you that you have something to gain — but only if you act “right now.”

Pressure >> The cybercriminal’s best friend is speed. They want you to act before you can research to see if they’re telling the truth — or even stop to think about what you’re doing.

Pay >> Scammers want you to pay in a specific, irreversible way, using prepaid gift cards or bank transfers to an untraceable account.

By understanding how these four aspects of cybercrime work, you can defend yourself from scams. (Ironically, you need to start thinking like a criminal.)

Known cyberscams to look out for

Of the 18 types of crimes routinely tracked by the FBI, here are four of the most common:

Fake charities >> Scammers use major health events and natural disasters to set up donation sites for fake victims or use names that sound a lot like real charities.

Fake emails, texts, and phishing >> Scammers try to get you to share your personal information to steal your money, your identity or both. They might also try to get you to click on a link that installs ransomware to lock you out of your data (until you pay them a ransom) or to gain access to your computer or network.

Romance scams >> Scammers pretend to be in an online relationship with you to earn your trust, then get you to “invest” your hard-earned money into their “business” or “opportunity.”

Business email compromise >> Slight variations on real email addresses can allow scammers to trick you into thinking you’re dealing with a known business partner (bank, mortgage company, credit card company, IRS). They can also use these tactics to gain confidential information from key employees, including passwords for company accounts.

How to protect your identity, your family, and your business online

Here are four proven ways to help foil cyberattacks:

Turn on multifactor authentication >> (also known as MFA or two-factor authentication). MFA is an extra step that trusted, reputable websites use to confirm it’s you trying to log into your accounts. Authentication tools usually ask you for two forms of information:• Something you know, like a PIN, or your mother’s maiden name;

• A confirmation number texted or called to your phone or an authentication application on your phone; or

• Something unique to you, such as a fingerprint or a FaceID scan.

Update software and operating systems >> Scam artists are skilled at exploiting flaws and weak points in the system. You need to make sure your operating system is up to date on your mobile phone, tablet, and laptop, and that you update your applications on all devices (especially web browsers). To ensure your computers and handheld devices are secure, be sure to enable automatic updates for all devices, applications, and operating systems.

Think before you click >> If you see an email or web page pop up that doesn’t look right, trust your instincts and pause before you click on any links. Often, the link or web page may look legitimate. Instead, it’s designed to trick you into revealing your passwords, Social Security numbers, credit card numbers, or other sensitive information. Fraudsters can also “spoof” their phone number to look as though it’s coming from a legitimate business or agency. The IRS will never call you asking for information about your taxes or filings — they always send a letter.

Use strong, unique passwords for different accounts >> Experts suggest using at least 15 characters — a combination of uppercase and lowercase letters, numbers, and punctuation symbols. Never use the same password across other apps or websites, especially for your financial accounts. Get in the habit of using randomly generated passwords, as these are nearly impossible for scam artists to guess.

What to do if you are scammed

Depending on the nature of the attack and the methods used by the scammer, you should contact local police, the Federal Trade Commission, or the FBI. (In some cases, you may want to notify all three.) Provide as many details as you can, including the exact date and time you received calls or emails; the phone number of the caller; the location and time zone where you received the call or email; and, if possible, a description of the communication, including details about the caller’s voice or demeanor.

The opinions voiced in this material are for general information only and are not intended to provide specific advice or recommendations for any individual.

Bruce Helmer and Peg Webb are financial advisers at Wealth Enhancement Group and co-hosts of “Your Money” on WCCO 830 AM on Sunday mornings.