Criminals are creative and have several techniques to take advantage of victims online. Some of the most prevalent tactics include sending lookalike emails, building fake relationships, and pretending to offer technical support — all with the intention of gaining access to financial or other important information. The best way to prevent online scams is by being aware of the tactics used to trick people online, watching out for the signs, and managing your online security. Learn how to recognize these three common online scams and what to do if you encounter one as you surf the web.
In the last year, phishing attempts have grown by 65%, and it is the most common online scam. Phishing attacks use official-looking email messages and websites to get you to share personal information and can happen in personal or business settings. Phishing attempts to obtain sensitive information, like logins and financial information. Phishers will try to get victims to click on a link or open an attachment (usually loaded with malware). Scammers are even beginning to use text messages, which is known as smishing.
Phishers use a variety of methods, but usually they come from sources you think you trust, like your bank, your CEO, or a service you have an account with. It isn’t difficult for phishers to create official looking emails, scraping the logos and style of company emails to make them look as real as possible. They also can edit the To and From addresses to make them look like they are coming from someone legitimate. These tactics are used to lull you into a false sense of security, but fortunately, there are a few hallmark signs of a phishing attempt.
- Does the email or text message request sensitive information urgently, especially financial information?
- Does the email have odd grammar or spelling mistakes?
- Does the email address avoid personalization, using “Dear Customer” or “To Our Valued Customer,” instead?
Here’s an example from Phishing.org of a real attempt, where the fraudster pretended to send an email from PayPal.
What should you do if you think someone has sent you a phishing attempt?
- Use an alternate method to contact the person or organization that sent you the email or text message and ask if your account has been compromised. Do not use the phone number in the email that was sent to you – the fraudster may have altered it. You can check a bill or statement for accurate contact information.
- DO NOT click on any links in an email or text message or download any attachments.
- Report the attempt by forwarding the email to firstname.lastname@example.org or file a complaint. If you think you have received a Smishing attempt, forward it to SPAM (7726).
- Use and update security software on your computer.
- Use multifactor authentication for your accounts.
2. Romance scams
Building relationships is all about trust and connections, and fraudsters are quick to take advantage of this, especially since finding love or companionship is just a click away online. In 2019, the Federal Trade Commission reported $201 million lost to romance scams. These online scams are also incredibly common, happening 50 times a day on average. Not only do romance scams cause financial harm, but they are also emotionally devastating for their victims.
A romance scammer begins by creating a fake profile on a dating site or app. They may also contact victims through social media sites. After establishing a relationship and building trust, the scammer will ask their victim for money. They often make up stories about why they can’t meet in person (they travel for work or are in the army) and why they need their victim to send them money (medical or travel expenses). They will ask their victims to wire money or send a gift card, which allows them to stay anonymous. Victims are predominately older widowed or divorced women according to the FBI.
This type of scam may also look like someone pretending to be a family member or coworker in need of immediate financial rescue. These fraudsters play with your heart, exploiting emotional vulnerabilities. Here are some common red flags to be aware of:
- Does the person try to establish a relationship with you very quickly or profess love early in the relationship?
- Do they constantly make up excuses about why they can’t meet you? Do they suddenly have an emergency on the day you’re supposed to meet?
- Do they claim to work in an oil field, in building or construction, travel for work, or serve in the army? Is their job the reason they cannot meet you?
- Do they quickly try to move the conversation offline or away from a dating app or social media site?
- Do they play on your sympathies?
- Do they say all the right things all the time?
- Are they asking you for money?
What should you do to verify a romantic interest online?
- Check to see if their online profile photo has been used anywhere else with a reverse image search.
- Ask a lot of questions and be wary of trusting a person too soon.
- If the person seems too good to be true, they probably are.
- Be careful about sending inappropriate pictures to avoid extortion.
- NEVER send money to an online romantic interest.
If you think Mr. or Ms. Right might actually be a fraudster, cut off contact immediately. If you think you are a victim of a romance scam, file a complaint with the FBI’s Internet Crime Complaint Center.
3. Tech support scams
In 2019, the IC3 noted Tech Support Fraud as a growing problem and an increasingly common online scam, receiving 13,633 related complaints. In this scenario, scammers claim to provide technical support, posing as a customer service or help desk representative. They offer help for getting back into an email account or handling a computer infected with a virus. They may also offer help with updating security software, virtual currency exchange, or pose as a government official.
Fraudsters use a variety of techniques to pull these online scams off. They may use online ads targeted at people searching for help with their computer, or use pop ups or a locked screen to suggest that a computer has been infected with a virus, directing the victim to call a fraudulent number. They also use phishing attempts, warning victims through email that their computer has been compromised. They will ask their victims for a credit card number or a gift card to pay for repairs or maintenance. Often, the problems they claim the computer has do not exist. Check out this example of a Tech Support Scam pop up from the FTC.
What to watch out for:
- Unsolicited phone calls from big tech or computer security companies, like Microsoft.
- Pop ups or messages on your computer that tell you it has been infected, directing you to call a phone number
- The company asks you to pay with a gift card or wire transfer.
What should you do if you need tech support?
- Do not give untrusted or unverified tech support remote access to your computer.
- Do not give out your login information.
- Go to someone you know and trust.
- Contact software companies directly.
- Update your computer’s security software regularly.
If you see a tech support scam attempt, report it to the FTC.
The bottom line
Scamming attempts can happen to anyone online, and recognizing the signs is the key to preventing fraud. If something feels too good to be true, watch out. If you feel suspicious of someone, or they are asking for information they don’t need or shouldn’t have, trust your gut. Be extra careful when someone asks for money online and get reliable verification. By asking plenty of questions and practicing healthy skepticism, you can protect yourself from getting scammed and keep your financial assets out of the hands of criminals and in the bank where they belong.