The threat of cyberspace crime and internet scams grows larger every year. While our governments have to worry on a macro scale about the danger they pose, we on an individual level have to be aware of the evil lurking around the corner…or rather in the next email. While some scams are visible from a mile away, others are well crafted and penetrate your digital security and financial safety without you ever knowing. Below you’ll find 12 common types of internet scams to watch out for and the best habits to practice to keep you and your loved ones safe from this digital danger.
Phishing & Spoofs
The largest and most common type of scam, phishing, pronounced like ‘fishing’, affects millions of people every year and causes millions of dollars of damage in fraud and stolen funds. There are many types of phishing scams, and chances are you’ve seen one, you just haven’t been able to recognize and name it. The purpose of phishing is to obtain sensitive and private information such as bank account information, credit/debit card numbers, your social security number, passwords and almost anything and everything that can be used to steal from you without ever knowing.
Phishing scams come in all shapes and sizes. Maybe you’ve seen an email about the IRS notifying you that you owe money or else you face jail time, or a payment you authorized has been declined, or even an email that an account of yours has been hacked. These are common examples of phishing scams. Some are designed to be near professional, appearing as a legitimate email from a trusted organization, other times they are poorly formatted and clearly look like spam. Phishing scams aren’t that technically complex, they bank on the factor of reactiveness. Hackers cast a wide net, often emailing thousands at once, and who is caught in it is based on naïveté and ignorance. Often when people are fooled by phishing emails or documents, they react by clicking links or filling out forms or downloading software, doing exactly what hackers want. Once that link is clicked, third-party software, malware and/or spyware is installed.
The best protection from phishing is due diligence and patience. If you suspect phishing, it’s better to not even open the email. Whatever you do, do not click the links attached, email back, or download any attachments or software. Doing these opens a door for hackers to your private & sensitive information and exposes you to theft and fraud. When coming across phishing scams, do your research and react proactively.
Shopping scams may not be as common as phishing scams but can be harder to spot. These internet scams can be harder to identify and recognize due to the sheer randomness. Shopping scams are based on pretending to be a seller of products or goods, even by hijacking legitimate brands and websites, with no intention of fulfilling the order. You may receive a confirmation order and receipt or maybe even a shipping confirmation, all of which is bogus and designed to make you ignorantly stay in the place of the victim.
Here are some red flags that you might be falling into a shopping scam:
(1) The site starts with ‘http’ instead of ‘https’. HTTP stands for hypertext transfer protocol and is what allows our computers to communicate with web servers in order to display webpages. The additional ‘s’ stands for secure, and ‘https’ offers a layer of encryption and safety for its users. You’ll find ‘https’ on most sites, but mainly anything to do with online shopping, banking, and any other business that requires confidentiality and security. If you spot a website that doesn’t have ‘https’, especially any website dealing with money transfer, don’t shop here. Sure there’s a chance it’s a legitimate business but the risk of a shopping scam at this point is too high. You’re not just giving them money when you fall for a shopping scam but you give hackers passwords, credit/debit cards numbers and CV2 codes needed to withdraw money from your account.
(2) You received a promotion for an item or service through email or social media. Chances are shopping scams aren’t gonna rank high enough in SEO to appear on the first couple pages of Google search results. So instead they target their victims directly by mass emailing and DM contacts and always redirect you to a third party eCommerce store. These emails appear valid and often offer deals that seem too good to be true. Here’s a little secret: they are. If you see high ticket items going for ridiculously low prices or on sale with no competitors, it’s very likely that you’ve stumbled across a shopping scam.
(3) If you find yourself buying from a private seller, either through a site like Craigslist or Ebay, make sure to use PayPal with buyer protection. Scammers will use sympathy stories and excuses for choosing not to do money transactions over legitimate channels. Never give out your bank account number and routing number to anyone you don’t know and trust. This should immediately raise a red flag. Do not use services like Venmo, Cashapp or Zelle as you will not be able to request a refund or report the transaction when you finally realize you’ve been scammed. Even if the seller is not a scammer, using PayPal offers an extra layer of protection.
Ransomware is not an extraordinarily common scam for private citizens but when it occurs, the results can be devastating. While individuals can be targeted for a ransomware attack, public figures, organizations, companies and even governments are more likely to be targets. Ransomware occurs when hackers manage to penetrate cyber networks and then literally hold your digital information hostage until a ransom is paid. Payment is usually demanded in cryptocurrency because it’s not trackable. Sometimes hackers will threaten to release private and sensitive information online but most often, they want money in return for access to files and computers. Ransomware was once a distant worry but has become more and more frequent in the past couple years.
A recent large case of ransomware was the Colonial Pipeline ransomware attack that started on April 29th. Hackers managed to obtain an employee password used for a virtual private network. This password was then leaked to the dark web where it was obtained by hacker group DarkSide, who on May 7th, demanded 4.4M dollars in cryptocurrency from Colonial Pipeline. Colonial Pipeline made the decision to shut down the pipeline themselves in order to sever any further penetration from the hackers, though it’s believed they only really had access to the company’s billing. Colonial Pipeline is a 5,500 mile long gasoline pipeline that services the Southwest US and travels to the Northeast US. During the fiasco, the price of gas rose and many started to hoard gasoline in fear. Although it is currently unknown how much money Colonial Pipeline lost due to the shutdown it was stated that the hackers could’ve easily demanded 10 times as much as they did and it still would have been paid. The real damage is the societal response and professional reputation from which Colonial Pipeline will have to recover.
The best way to avoid ransomware is basic cybersecurity practices everyone should follow for all their digital needs. Don’t open pages you don’t know and trust. Don’t download software that seems too good to be true. Don’t open emails from people or organizations you don’t recognize. Don’t install ‘free’ antivirus software. Your cyber profile is like your house. Don’t want burglars or squatters? Lock the doors and don’t leave the windows open. Don’t invite people you don’t know and don’t trust those whose credentials seem shady. You’re opening yourself and those connected to you to potentially life devastating outcomes.
NIGERIAN SCAMS/Advance fee scams
Oh the infamous Nigerian scam! Maybe you’ve seen a few yourself or heard legends of this scam but for those who haven’t, I’ll go over what this internet scam is. They changed over time and with each scammer but, they follow a very similar format. Although dubbed the “Nigerian Scam” they can originate from anywhere and were popularized by con men from Nigeria and are referred to as the ‘419 Scam’ or an ‘Advance Fee Scam’. These scams entitle the scammer telling an elaborate tale, posing as a royal member, government official or person of notoriety, about a large sum of money frozen in bank accounts in their country belonging to themselves, a company or a wealthy family. These funds are ‘impossible’ for them to access due to taxes, restrictions or government limitations. They will request your help in transferring said funds (which don’t exist) but need you to pay a transfer or banking fee upfront to move the money with the promise that they’ll give you a portion of the funds when it becomes accessible to them. Sometimes they ask for money directly other times they request your bank information and routing numbers. Victims soon find out there were no frozen funds, no princely fortune, no bank fee…only a mountain of constructed lies and a now smaller bank account.
One out of ten online dating profiles is fake. Sometimes catfishers create a false persona in order to deceive, steal, harm or sometimes just toy with their victims. Other times sexual offenders, murderers and rapists are utilizing catfishing to find their next victim. Dating internet scams have been increasingly common in the past two decades, leading victims to not only have their hearts broken and feeling betrayed but quite literally robbed as well. On average, a catfish victim will lose somewhere around $17,000. Many scammers target their victims very specifically and immediately begin building rapport with them, showering them in love, complaints, and promises. They often claim to be madly in love despite never meeting the person, will make plans to meet in person someday but often break that promises with excuses about why they couldn’t meet, prefer to keep the entirety of the relationship and conversation private and not let anyone know, and will ask for money because of ‘unforeseen circumstances’ or ‘emergencies’. This can continue on for months and sometimes even years before it ends and leaves victims financially destitute and emotionally broken. Rule of thumb? If it seems too good to be true, it probably is. Internet users should be extra cautious when it comes to dating and relationships over the internet but we want to ignore red flags when it comes to love. Whatever you do, don’t ignore the flags! They will save you time, money and heartache.
credit card/banking scams
One type of credit card scam is called card skimming. This type of scam is physical rather than solely internet based and one that frankly makes me extremely paranoid when using my debit card at an ATM or at an EFTPOS machine at a store. Skimmers use different tech, sometimes it’s a little magnetic strip that copies your cards info, other times there’s a miniature cam recording your PIN, sometimes the entire face of the ATM or EFTPOS is a copy that is positioned on top of the actual machine and records and transmits your banking information when used. I have developed the habit, whenever I’m using an ATM I don’t necessarily trust, of pulling at the face of the machine a bit to see if it gives and I try to cover the keypad when entering my PIN to ensure no camera can see what it is.
Scammers will send emails or texts that appear like they are from your bank, financial institution or online payment service like Venmo or PayPal. Scammers are known for making passable duplicates of baking websites, sites you would normally trust. They will claim that there is a problem with your account or it has been hacked and request that you “verify” your information to ensure it’s you and they can fix the problem. What has happened instead is you’ve now provided them with the means of fully accessing your account and draining your funds.
job offer scams
As a recent university graduate, I am extremely familiar with this type of scam. Many of my peers and I have received countless emails throughout our years at college about promising jobs and employment offers that always end up being scams or pyramid schemes. Don’t know if you are receiving a job offer scam? Here are a few red flags: (1) Unsolicited messages regarding employment without having applied or putting your information available on databases or with a headhunter (2) offering high salary or large return in investments following initial upfront payments for “training, fees, software, uniforms, etc” (3) relatively unknown or obscure company with a nondescript website/information.
Maybe you’ve come across one or two of the red flags but can’t be sure. Do your research: find what you can about the company, check out the person who contacted you through social media, ask for details and reference. Quite literally cross examine them like they are on trial, professionally and politely of course. If they are a real offer, the information will fall into your lap but if it’s a scam you’ll begin to see more and more holes in the lie they’ve constructed.
lottery & survey scams
You may be familiar with this type of internet scam. Your spam inbox is sure to be populated by them. “You’ve been selected as our lucky 1000th winner” or “You’ve won the lottery” or “Fill out this survey to win X amount of money”. These scams are almost too obvious but thousands of internet users still fall victim to them every year. Any unsolicited request for information or unsolicited messages along the lines of “you’ve won some ridiculous valuable prize by doing absolutely nothing” is a lottery or survey scam. Time and again, these scams will ask for personal, private & sensitive information.
When your information is obtained, it isn’t used immediately. In almost every instance, your information (if you are an individual and not a corporation) will go into a bundle with dozens if not hundreds of other individuals’ private information for sale on the dark web. Hackers then sell, auction, resell and bid for this information like a “mystery box of gifts”. Sometimes they get nothing, sometimes they hit gold. Either way, you and your loved ones digital safety is exposed and constantly at risk.
scareware (fake antivirus).
Scareware, much like other internet scams, is constructed around the impulsive and naive reactions of its victims. Many times you will come across scareware through internet browsers, typically on unsafe or untrusted websites. Many sites that offer “free” movies, software or other internet content often come with hidden malware and other dangerous content. Sometimes these sites are populated with never ending pop ups, ads and clickbait. If you’ve ever encountered a message saying “your device has been infected”, “warning! viruses have been detected”, “attention: your device has detected threats!” or something along that line, you’ve encountered scareware.
No site on the internet is capable of running and identifying antivirus operations like this, but this isn’t a fact known by many people. When potential victims are hit with these messages they will be offered “free antivirus software” and hackers & scammers use the victims’ fear to coax them into installing what is actually a boatload of viruses, from spyware, trojans, keyloggers, ransomware, adware to rootkits. Scareware is the bottomless pit of internet scams, because once you fall for it once, it’s over. There is not much you have to do to undo the damage at this point, so it’s better to stay vigilant and act proactively when coming across scareware, rather than acting reactively.
Charity fraud has become an extremely common practice. The increase in cases and the ease of falling into this trap is making it easy for people to become cynical about donating. Charity fraud typically occurs after a natural disaster, tragedy or catastrophe. In the hours and days following, organizations begin to make work out of collecting donations and aid for those affected, but many times scammers slip under the radar and manage to set up their own ‘charities’, stealing thousands of dollars of donations meant for victims. Occasionally they are caught, but many times they get away with it. Those who donated feel their compassion violated and those who the funds were meant for, deprived.
You may have heard this story in 2017. A New Jersey couple claimed a homeless veteran gave them his last $20 for gas money and proceeded to start a GoFundMe to raise money for housing and funds for the man. The story, however heartwarming and touching, was concocted. All in all, the scam raised $400,000 from 14,000 donors on the crowdfunding platform before it was discovered that all three were in on the con together. All donors were refunded and all three scammers were caught and prosecuted.
insurance and health scams
Whether it be yourself or someone you know, age and health issues plague us all. Getting insurance coverage and medication is already hard & expensive enough in this country but is made harder by scammers selling phony insurance policies or counterfeit medicine. Senior citizens are more likely to fall for insurance scams and are often targeted via email or phone. Sometimes the company the scammer is calling from is made up, other times they are calling from a legitimate company but are being sold false coverage plans by an agent turned scammer. Online pharmacies have become part of the health industry, offering medicine at reduced costs or with discounts. But with this new change has come counterfeit medicine, sold without oversight or regulation. The best way to prevent yourself and your loved ones from falling for these traps is to keep a line of evidence and paperwork and know who you’re doing business with at all times. Keep documents about everything and if something seems even the slightest bit fishy, it’s time to start investigating where the hole in the story is.
Don’t trust everyone on the internet. It doesn’t matter how many followers they have or how famous they are. Celebrities and influencers are human just like the rest of us and fall victim to scammers and hackers just as often. When someone like you or I are exposed to internet scams it affects us and those immediately around us in a dramatic fashion. When celebrities become the victims of hacking and malware, hackers can utilize their platform to target thousands, if not millions, of more potential victims.
Types of celebrity scams you need you watch out for: (1) Influencers offering experiences, goods, employment opportunities or services with no track record of previous business experience (2) Scammers impersonating celebrities and privately contacting followers and fans soliciting for information or funds (3) Clickbait articles or links about celebrities and influencers from undisclosed and untrusted sources.
One of the largest cases in recent memory, Fyre Festival, a scam so large and infuriating it warranted not one but two documentaries, Fyre: The Greatest Party That Never Happened on Netflix & Fyre Fraud on Hulu. Con man Billy MacFarland used capital from investors & fame conned out of partner in the venture, rapper Ja Rule, to pay influencers and celebrities, such as Bella Hadid & Kendall Jenner, nearly $7 million to promote a luxury music festival. Fyre Festival was advertised as being “…bigger than Coachella…”, a super elite and luxurious music festival located on the exotic, deserted island of Exuma located in the Bahamas. It ended up being a sham, with no live music, no housing or security accommodations, mounds of garbage and food so bad that it would put public school cafeterias to shame. Attendees found themselves stranded on the undeveloped island without basic provisions, much less the luxury experience they were promised. Defrauded victims launched dozens of lawsuits and eventually McFarland was sued in a class action case for $100 million dollars in damages. He is currently serving a six year sentence.
Stay vigilant online and when accessing internet services. If it seems too good to be true, it probably is. The internet is a treasure trove of information but it’s also a pandora’s box of scams and garbage. Use protected browsers, visit trusted websites, utilize real anti virus on your computer and don’t go click crazy! Have a question or comment? Leave it below!