How to tell you’re being phished and 9 other common online scams to watch out for
Caroline Delbert •
The internet can feel packed with scams sometimes, especially for anyone who’s had their credit card or other information stolen. But most scams fall into a small variety of types that are easy to identify and avoid once you know about them.
There are only so many ways to reinvent the wheel—scammers will usually fall into a set number of categories. Twingate assembled a list of common online scams that internet users should be wary of, drawing on research from government organizations, payment processors, and tech companies.
One of the major categories of scamming is called social engineering. An old-fashioned method that still works surprisingly well, social engineering is any fraud where a human being communicates with you to obtain information in person, online, or over the phone. Scammers will use manipulative, deceptive, or psychological tactics to get someone to reveal confidential information.
As our lives increasingly have shifted online, scammers have followed, posing as everything from fake online boyfriends to made-up charities. So the next time you get a voicemail claiming to be from Microsoft, an email that says your antivirus service is out of date, or a pop-up ad from “newy0rktimes.com,” take a few seconds and think about whether it’s a genuine message before doing anything. Continue reading to learn about the most common online scams today.
Zero Trust vs. VPNs: It’s Time to Kill Your VPN
Phishing is one of the most common online scams. It’s a form of social engineering, meaning a scam in which the “human touch” is used to trick people. One offline form of phishing is when you receive a scam phone call where someone claims to be calling from the fraud department at your bank and requests your account number as verification.
With online phishing, scammers do the same kind of thing but use emails and links to fraudulent websites to fool users. In your spam folder, you’ll often see messages claiming to be from Bank of America and others. These links lead to imitation bank sites designed to capture your personal banking information.
Advanced fee scam
These email messages are notorious—and the stuff of internet legend: “Hello sir, I have a huge sum to send you!” In this scam, a forlorn prince, bank manager, church reverend, or otherwise reputable-sounding stranger has a large amount of money that they need you to hold for them. All you have to do is send them several hundred or thousand dollars to cover some kind of transactional cost upfront.
Never believe any stranger who wants to send you money, and listen to your gut. If something sounds too good to be true, it is highly likely that it is a scam.
Romance scams are one of the darkest and most sinister scams because of the time investment and emotions involved. Romance scammers pretend to be regular people, often older people, who are looking for love and want to meet eligible singles in other countries. They’ll build an emotional connection with their target by exchanging romantic messages and pretending to be in love.
The scam comes in when, eventually, a series of misfortunes befall the romantic partner. They might plan a visit to finally meet—but suddenly won’t have money to pay for the plane ticket. Then they’re hospitalized with a mystery illness and need money to pay the bill. This continues until the victim grows suspicious of the mounting costs.
Formjacking is a web scam that works the same way as a credit card skimmer does in real life. You go to a website to place an order and enter your information as usual. The transaction even goes through and seems to be fine, except that some code hacked into the website has copied your financial data to someone else.
The owners of the website may not even realize something is happening because they don’t pay close attention to their infrastructure. Make sure the websites you deal with are secure.
ZTNA: What is Zero Trust Network Access?
Phony tech support
Phony tech support is a form of social engineering. This scam may come as an email or a phone call, claiming that your computer has been compromised in some way and that you must call a number or visit a website to fix it.
From there, the scammer may install malware like keyboard capture software (or worse). On the phone, they may request remote access to your computer to help you. These scammers often claim to be from Microsoft or Apple as a way to establish legitimacy.
SDP vs. VPN: Why it’s time to move to software-defined perimeters
Ransomware is a kind of malicious software that is installed without your knowledge. This is usually from an email or fraudulent site, meaning it also uses phishing to imitate your bank or another institutional website. Someone calls or emails with a link that installs the ransomware on your machine. What makes ransomware different is what comes next.
The software locks certain kinds of information on your machines, like your saved documents, photos, and other files. You have to pay to unlock the data and get your files, although the FBI cautions against actually paying.
Scareware is a form of manipulative scamming that threatens users by making them believe they need new software on their machines. One of the common forms is to tell users they need new antivirus software and to offer that software from a fraudulent source.
It’s often easy to tell these websites or emails apart from real ones: Look closely at the URLs or email addresses, which usually have strange spellings or other clues that signal you’re not dealing with legitimate companies.
Principle of Least Privilege: How to Stop Hackers in Their Tracks
Sextortion is an especially grim crime that targets minors, although it can also affect adults. Now that so many people meet romantic partners online, it’s common to exchange explicit photos. That’s also true of teenagers or even of younger children, who can find themselves in online relationships with people who ask for personal information and photos.
Once someone has this material, they can use it as a way to demand more and will threaten to share info or post photos publicly if their target refuses. Unlike the other crimes on this list, sextortion doesn’t always have financial goals.
Charity and disaster fraud
Crowdfunding and mutual aid are becoming more common as a way for people to share resources and help others pay for medical bills and other costs, or to donate following natural disasters. Unfortunately, this well-meaning way to help others in the community has also been targeted by scammers through charity and disaster fraud.
Scammers can make fake Twitter accounts to imitate people in need. They’ll even set up bots to make new accounts that look like your friend’s account to reply with Paypal links that redirect to the scammer. If you aren’t sure about the credibility of a group or crowdfunding page, it is always best to seek more information.
Work from home
This scam is simple and it’s a variation of an age-old, real-life scam. Think of those signs you see on street corners that say, “I make $16,000 a month working from home!” When you call, these people want you to buy training materials to become a real estate agent or something similar.
The same is true of many online ads that say you can work from home and make $500 a day or some other attractive amount. The best advice is also the oldest: If it sounds too good to be true, it probably is.