How to Defend Against Cybercrime

By Nicole Young on October 18, 2023

Common scams to watch for and best practices for avoiding them.

Cybercriminals are relentless. As individuals and businesses adopt new behaviors and technologies to stave off attacks, they evolve their techniques and find new targets. Losses from cybercrime continue to climb, with a record $10.3 billion in 2022 ― which only includes those tracked by the FBI.[i] Actual losses are likely much higher.

*Source: Federal Bureau of Investigation Internet Crime Complaint Center. Accessed September 27, 2023.

The good news is that with education and a few relatively straightforward best practices, you can significantly strengthen your cybersecurity defenses. To that end, here are common scams to watch for and recommended best practices for avoiding them.

Common Scams 

Though methods vary, cybercrimes usually share a common theme: The victim provides their personal information (either intentionally or unintentionally) with an unknown person or entity over the phone, on a computer or through a mobile device.

According to the U.S. Cybersecurity and Infrastructure Security Agency, here are some of the most common schemes criminals use to solicit information from their targets and how to minimize your risk of falling victim to them.[ii]

1. Email Phishing

Cybercriminals design emails that mimic those coming from legitimate sources, including banks, government agencies and other services and businesses. They use these emails to collect personal and financial information and/or infect your device with malware or viruses.

Examples

  • You receive an email that looks like it came from Amazon requiring immediate action to receive a refund. It includes Amazon’s logo and at first glance appears legitimate, but if you hover over the Amazon.com link provided, you can see that it’s not really Amazon’s URL.
  • You receive an email that looks like it came from your bank, warning that it will need to shut down your account unless you reconfirm your billing information. If you click on the link, it takes you to a bogus website designed to look like your bank’s actual website.

How to Avoid

  • Never input your login information through a link provided by an unsolicited email request.
  • Never provide your personal information in response to an unsolicited email request.
  • If you believe the request may be legitimate, contact the institution yourself.
  • Never provide your password in response to an unsolicited email request.
  • Never click on a link if you have any doubt about an email’s legitimacy.

2. Imposter Scams

Criminals impersonate a government official, family member, colleague or friend asking you to wire money, often using personal information they have collected about you to sound more convincing. 

Examples

  • An IRS official calls you to warn that you owe back taxes but can avoid further penalties if you take care of the payment today over the phone.
  • A friend of friend who claims to have met you at a recent event in your community calls to ask you for a donation to a legitimate charity ― she will match your donation if you provide your payment over the phone tonight.

How to Avoid

  • Block unwanted calls or texts on your mobile or home phone.
  • Do not answer calls from numbers you do not know.
  • Never wire money ― or provide a gift card ― to someone you do not know.
  • Never send money because someone contacted you, even if you feel like you might know the person or if the person says they are your friend or are related to you.
  • If you find yourself on a suspicious phone call, hang up. If the person you spoke to claims to be calling from an institution, call back the official number for that institution.

3. “You’ve Won” Scams

Cybercriminals email, call or text stating that you have won a prize, sweepstakes or lottery. You are told that to receive the prize, you must first pay a fee or tax. The call or message is usually full of congratulations and excitement.

Examples

  • You receive an email that says you have won $2.5 million in the International Sweepstakes. The scammer claims to represent a legitimate sweepstakes, such as Publishers Clearing House. You are asked to pay a small fee via a link to cover processing and receive your winnings. The email provides assurance that the sweepstakes is safe and legitimate.
  • You receive an email that appears to be from a relative stating that you have won a raffle. The relative asks you to reply with certain pieces of your financial information to collect your winnings.

How to Avoid

  • Stop and think before you act. If an offer seems too good to be true, it likely is.
  • Never pay a fee or provide personal information to collect winnings or a prize.
  • Search online for the offer and contact from which it was received to see if there are any references to a scam.
  • If a friend or family member sends or forwards you an offer via email or social media, confirm with them outside of email or social media that they really sent it.

4. Health Care Scams

Criminals call, email or send a letter to promise big savings on your insurance, prescriptions or other health-care-related expenses. The communication usually requests your Medicare or insurance information, Social Security number or other pieces of personal information.  

Examples

  • You receive an email with the subject line of “Big Senior Discounts on Prescription Drugs,” with a link to visit a new pharmacy offering low-cost drugs.
  • You receive a text message that claims to be from Medicare. It says you may be eligible for a new 20% discount and asks you to follow a link to provide personal information to see if you qualify.

How to Avoid

  • Stop and think before you act. Medicare and insurance companies will not reach out to you in this manner.
  • Never provide personal or sensitive information in response to unsolicited communication.
  • Search the promotion or offer online to see if there are any references to a scam.

5. Tech Support Scams

Criminals call you or reach you via online popups and claim to be from a technology company contacting you to diagnose or fix a problem with your computer, software or other technology. The scammer is typically trying to gain remote access to your device or online account.

Examples

  • A popup appears on your computer warning you that a virus has been detected. It asks you to contact a live technician at a provided phone number.
  • Someone who says they work for Dell calls you claiming that they have detected an issue with your computer. They ask you to walk through certain steps with them to gain remote access to your device so that they can fix it. 

How to Avoid

  • Recognize that legitimate technology companies will not contact you by phone, email or text to inform you about a problem, nor by a popup that asks you to call them or click on a link.
  • Never provide remote access to your computer to someone who contacts you unexpectedly.
  • If you need help fixing your computer, device or other technologies, go directly to someone you trust.

[i] Federal Bureau of Investigation, Internet Crime Complaint Center (IC3), https://www.ic3.gov/. Accessed September 13, 2023.  

[ii] U.S. Cybersecurity and Infrastructure Security Agency, https://www.cisa.gov/be-cyber-smart/common-scams. Accessed September 13, 2023.

Private Vista, LLC is a group comprised of investment professionals registered with Hightower Advisors, LLC, an SEC registered investment adviser. Some investment professionals may also be registered with Hightower Securities, LLC (member FINRA and SIPC). Advisory services are offered through Hightower Advisors, LLC. Securities are offered through Hightower Securities, LLC.

This is not an offer to buy or sell securities, nor should anything contained herein be construed as a recommendation or advice of any kind. Consult with an appropriately credentialed professional before making any financial, investment, tax or legal decision. No investment process is free of risk, and there is no guarantee that any investment process or investment opportunities will be profitable or suitable for all investors. Past performance is neither indicative nor a guarantee of future results. You cannot invest directly in an index.

These materials were created for informational purposes only; the opinions and positions stated are those of the author(s) and are not necessarily the official opinion or position of Hightower Advisors, LLC or its affiliates (“Hightower”). Any examples used are for illustrative purposes only and based on generic assumptions. All data or other information referenced is from sources believed to be reliable but not independently verified. Information provided is as of the date referenced and is subject to change without notice. Hightower assumes no liability for any action made or taken in reliance on or relating in any way to this information. Hightower makes no representations or warranties, express or implied, as to the accuracy or completeness of the information, for statements or errors or omissions, or results obtained from the use of this information. References to any person, organization, or the inclusion of external hyperlinks does not constitute endorsement (or guarantee of accuracy or safety) by Hightower of any such person, organization or linked website or the information, products or services contained therein.

Click here for definitions of and disclosures specific to commonly used terms.

CHICAGO
1 N. FRANKLIN ST., SUITE 1250
CHICAGO, IL 60606
312.831.4370

OAK BROOK
2211 YORK RD, SUITE 310
OAK BROOK, IL 60523
630.455.0600

Legal & Privacy | Web Accessibility Policy

Form Client Relationship Summary ("Form CRS") is a brief summary of the brokerage and advisor services we offer.
HTA Client Relationship Summary
HTS Client Relationship Summary

Securities offered through Hightower Securities, LLC, Member FINRA/SIPC, Hightower Advisors, LLC is a SEC registered investment adviser. brokercheck.finra.org
©2026 Hightower Advisors. All Rights Reserved.