Scams are especially common on the Internet, where new technologies and anonymity can help fool you. Here are a few examples of online scams and how to stay safe online.
Warning Signs on the Web
Educate yourself on these common warning signs that can help prevent you from falling victim to scam websites.
Your web browser warns you
Most web browsers have built-in features designed to alert you about dangerous or deceptive websites. If you receive one of these warnings, do not visit the site. However, just because a website does not generate a warning, does not mean it is legitimate. Scammers are constantly creating fake websites and it takes time for the browsers to detect them.
Unusual URL Structure
The URL is the address of the website, found at the top of your web browser, for example, https://www.texasattorneygeneral.gov. Carefully examine the URL of the website you are visiting. Look for subtle misspellings (for example, https://www.mybonk.com instead of https://www.mybank.com).
Also, watch for URLs that begin with the website you expect, but have extra characters at the end or unusual punctuation (for example, https://www.mybank.com.12345.ir or https://www.my-bonk.com instead of https://www.mybank.com).
If there are any characters or words that look out of place in an otherwise normal URL, you may be on a phishing site built to look just like a trusted website. Read carefully.
No Business Contact Information is Listed
Reputable businesses provide legitimate contact information. If a website does not list an address or phone number, be wary of providing personal information.
Examples of Online Scams
Tech Support Scams
Out of nowhere, you receive a call or a screen pops up on your computer, pretending to be from a reputable company like Microsoft or an anti-virus company. They tell you that they have detected a virus or an error on your computer, and probably warn that you will lose all of your data if you shut down or restart your computer. In order to fix your computer, they direct you to a website where they instruct you to click on a link, download software, or input a special code, which allows them access to your computer. Sometimes they “scan” your computer to try to convince you there is something wrong. Don’t believe them!
Don’t give them access to your computer! If you do, the scammer can look on your computer for your personal or financial information, add malware that really will infect your computer, or add spyware so they can get your information in the future.
Instead, try exiting the internet, restarting your computer, or manually pressing the “off” button on your computer. Or try contacting a reputable source for help. Be careful though when searching for businesses on the internet – sometimes illegitimate services have paid for ads and created websites that might lead you to think they are the real thing!
Remember: real tech support or other computer companies don’t just contact you out of the blue.
Phishing is a scam in which the scammer poses as a legitimate, trusted source, in order to trick you into providing sensitive data such as your username, password, banking details or social security number. The scammer then uses the information to steal money or commit identity theft. Phishing attacks can also give scammers access to your computer or network to install malware or ransomware.
Phishing scams most commonly start with a fake email that appears to come from the trusted source but can also start with a text message (also called “smishing”) or telephone call (also called “vishing”) or a social media message.
If someone contacts you asking for your personal information — e.g., social security number, credit card number, bank account info — do not give it. And be careful of clicking on suspicious links in email messages.
If you are asked to log in after clicking a link in an email, be careful. You may want to verify that you have reached the real login site by instead logging into the website separately outside of the email.
You can also report phishing emails to email@example.com. The Anti-Phishing Working Group — which includes ISPs, security vendors, financial institutions and law enforcement agencies — uses these reports to fight phishing.
Social Media Messenger Scams
Scammers can hack a user’s Facebook or other social media account and send direct messages to their friends with deceptive content or phishing links that contain viruses. Be wary of suspicious outside links provided through messages especially if you are asked to log in after clicking.
Also, be careful if a social media friend makes suspicious offers, claims to have received a grant or business opportunity, or asks you for money through a message! Make sure to verify their statements outside of social media in case their account has been compromised. And it is good practice to only have friends on social media who you know in real life.
Romance/Online Dating Scam
You meet someone great online – either on social media or a dating app. Their profile is impressive, and they’re quick to compliment you. Your relationship moves quickly, and you soon want to meet in person, but it never works out. Then, after some time, they ask you for money for a personal emergency. Be very cautious before giving them money.
This is likely a “catfish” scam. The person you’ve been beginning to trust could turn out to be a scammer who set up a false profile to trick you into getting access to your personal information or money.
Emergency Scams aka “Grandparent Scams”
These scams involve someone claiming to be your friend or family member in dire need. They prey on your emotions by inventing a situation that you must respond to immediately – with your money. While these scams are often conducted over the telephone, they can also happen via email or social media messaging.
Online “Marketplace” Purchase Scams
Online transactions, whether you are the buyer or the seller, require caution to make sure you avoid scams. This is particularly true if you are engaging in a person-to-person transaction, – perhaps through Facebook Marketplace, Craigslist or eBay – rather than purchasing through an online store.
When you are buying items advertised online, make sure that the seller actually has possession of the goods being sold, and hasn’t just copied photos someone else has posted online. If possible, view the product in-person before purchasing, but take appropriate safety precautions including meeting in a safe, well populated place and bringing a friend.
If you must purchase an item without viewing the item in person, take additional precautions:
- Ask for additional photos of the item to make sure the seller has the item. Ask for specific photos (e.g. from a certain angle or a close-up photo of a specific part) or for a photo of the item with a piece of paper with the current date or a specific message.
- If possible, purchase the item through a website that offers protections to buyers and sellers, or use a payment mechanism that offers buyer protections.
- Scammers sometimes set up their own fake escrow service, so do not rely on an escrow service suggested by the seller unless you have thoroughly researched it.
Online sellers also need to take precautions to protect themselves and avoid being scammed. Be careful not to post any personal information in your ad unless necessary, and check to be sure that any photos posted do not include house numbers or other identifying information. Communicate with potential buyers using disposable email accounts or phone numbers. If possible, meet the buyer in a safe, well populated place to complete the transaction, and bring a friend. Be wary of any buyer who offers to pay with a cashier’s check or money order, especially if the check or money order is for more than the asking price. They are probably trying to engage in a counterfeit cashier’s check scam.
"Free" Gift Offers
Be wary of any email, text message, social media post, or Internet advertisement offering a free gift card or other free gift. Such offers usually suggest that you will receive the free gift just for providing your personal information or completing a survey.
In reality, in most cases in order to qualify for the “free” gift, you will need to complete many rounds of “offers” or “surveys,” many of which require you to buy something. While completing the “offers” or “surveys,” you may also unknowingly sign up for services that include a recurring monthly charge -- without even providing your credit card number. And even if you complete all of the requirements to qualify for the free gift, often the gift will never arrive. Even worse, sometimes the link that is supposed to lead you to the free gift, actually takes you to a website that installs malware on your computer.
A scammer will send an email or share a post with a sensational or attention-getting headline – like fake celebrity news or a too-good-to-be-true sale – along with an attachment or a link to a website. The attachment may contain malware or the link may take you to a website that installs malware on your computer.
Be wary of any unexpected email that contains an attachment or link to another website, even if the email came from a friend – the friend’s computer or email could have been hacked. If you receive an unexpected email with an attachment or suspicious link, confirm through another method that your friend actually sent it.
Also, be wary clicking on links with shortened URLs (where you can’t tell what website you are really going to) or other suspicious link posted on social media. This is especially a problem on Twitter, where the character limit of tweets makes it common to post shortened URLs.
Advance Fee Scams
Scammers may promise you some kind of benefit: a loan, a prize like a foreign lottery, a government grant, an inheritance, an opportunity to work from home, or more. The catch is, they want payment up front before you can receive your benefit. Sometimes they will ask for a payment by wire transfer, online payment, or even gift cards. Stop and think – why are you having to pay to receive this benefit? Are you being asked by a source you know and trust? Do your research to avoid these scam artists!
Foreign Money Exchange Scam aka “Nigerian Fraud”
You receive an email informing you that a "government minister" (or his widow), a lawyer representing a deceased client from a foreign country, or a business owner wants to deposit money from a foreign country in your bank account. There are many variations on the same theme but they all have a similar catch. First, you must pay their "transaction fees" or “taxes.” Anytime you have to send money to collect a huge windfall, you should STOP in your tracks. The dream of a huge sum of money is very alluring, but there is no money. It's fake. The truth is that they want to take your money, so do not respond.
Remember that pretty much any scam that can occur off of the Internet can also be perpetrated through it!
Help Stop Spam Emails
Not all spam email is illegal. But there are steps you can take to help stop receiving spam emails.
Laws Regulating SPAM
State and federal laws regulate and protect you from spammers.
The Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act is a federal law that sets standards that email marketers must follow. The Federal Trade Commission and Office of the Attorney General are responsible for enforcing and penalizing violations of this act.
The CAN-SPAM Act requires that unsolicited commercial emails:
- Be identified as advertisements
- Use clear, accurate, non-misleading subject lines and header information
- Provide a functioning return email address and the legitimate physical address of the mailer
- Include a way for people to opt out of future mailings
Learn more about CAN-SPAM Act standards, enforcement and penalties on the Federal Trade Commission website.
Limit the Spam You Receive
You can take steps to reduce and manage the flow of unwanted email into your inbox.
Use an email filter. Take advantage of all spam filtering tools offered by your email service and/or Internet Service Provider. If spam messages get through the filter and reach your inbox, mark them as spam to help improve the filters.
Avoid Posting Your Email Address on Websites. Spammers regularly “harvest” email addresses from websites, so never post your email address on a public website, including on blog posts, in chat rooms, on social networking sites, or in online classified ads.
Protect your personal email address. Consider using two email addresses – one for personal messages and one for shopping, newsletters, chat rooms, and other services.
Reduce Spam for Everyone.
Spammers search the internet looking for computers that are not protected by up-to-date security software. When they find unprotected computers, they try to install malware on the computer so that they can control the computers.
Spammers use a network of many thousands of these infected computers – called a botnet – to send millions of emails at once. Millions of home computers are part of botnets, and most spam is sent through these botnets.
Don’t let spammers use your computer.
You can take steps to reduce the chances that your computer is infected and used to send spam:
Update your software. Keep all of your software – including your operating system, Internet browser and other software programs – up to date to protect against the latest threats. It is a good idea to set your software to retrieve updates automatically.
Use a good antivirus software. Make sure you have good antivirus software installed on your computer, and regularly receiving updates.
Use caution opening email attachments. Do not open an email attachment – even if it is from a friend or relative – unless you are expecting it or know what it is.
Download software only from sites you know and trust. It can be tempting to download free software, but keep in mind that such software may contain malware.
How to File a Spam Complaint
You can also report spam to the Federal Trade Commission by simply forwarding the spam email directly to firstname.lastname@example.org.