Scams and cybercrime are common threats on the internet. Cybercriminals prey on unsuspecting users by using technology and tactics to gain trust, luring potential victims with the promise of something they want, like money or romance, and encouraging them to act quickly.
Nearly every scam listed below starts as a type of phishing attack. There are many different online scams, but with some time and attention, you can avoid falling victim to them.
- Job Offer Scams
- Scammers take advantage of job seekers by creating fake job listings to lure victims, only to steal money from them. These fake listings may be distributed via email, text message or social media. Once scammers have an interested victim, they will ask for personal information or money upfront disguised as job application fees or training materials.
- Another common scam is an offer for a remote job, like a mystery shopper or another role that can be done from home. When the victim accepts the job, the fake employer will pay an amount more than expected. The fake employer then asks for money to be returned, covering the difference. The original transaction will fail to actually go through, and the scammer will pocket the money that was returned.
- Legitimate employers will never ask you for money. Only browse job listings on trusted websites, or by calling/contacting the employer directly.
- Lottery Scams
- Cybercriminals contact targets with great news that they have won the lottery or a sweepstakes. They will send a convincing promise of a large amount of money, and they may even use realistic logos and a website. However, targets need to pay a fee first before being able to claim the prize. The prize will never materialize, and the scammers will pocket the fee.
- Remember, you should never have to pay money upfront to receive money that you are entitled to. You should be especially wary if it’s a lottery or contest you never entered in the first place.
- Beneficiary and Investment Scams
- Scammers may send unsolicited messages offering low or no-risk investments. These offers are convincing and detailed, promising lucrative amounts of money for only a small upfront investment, often guaranteeing future returns. These offers will sound too good to be true because they are; the criminals will pocket the investment and cut off contact.
- A newer tactic known as ‘pig butchering’ entails stringing victims along with elaborate investment opportunity schemes. They will go as far as to speak on the phone, create fake websites, or any other number of tactics to create the air of legitimacy.
- ‘Foreign Government Scams’ are one of the oldest tricks on the internet, and they are still around because people still fall for them. Scammers claim to be a representative of a foreign government, or even the owner/CEO of an unfamiliar business. The bad actor will ask to share in a percentage of a large sum of money by using your bank account as an intermediary holding location. There are many variations of this scam, but they all begin with the victim having to send a sum of money before they are able to collect a much larger amount.
- Any time you need to give ANY amount of money upfront before receiving a larger sum, you are likely being scammed. Stop the communication immediately and report the person contacting you.
- Romance Scams
- A healthy connection on a dating app is a great feeling. Scammers will prey on people looking for love and manipulate them out of money by fostering a close relationship.
- Criminals try to quickly establish a relationship, saying all the right things that victims want to hear. Their profile will be very convincing, including photos, personal information, and additional details to make you think they are actually the person they are pretending to be.
- If a connection on a dating app asks you for money, stop communication and report the profile to the app’s support team. Read the romance scam issue of the Cybersecurity Tips newsletter for more in-depth tips on how to protect yourself while dating online.
- Charity Fraud
- Donating to worthy, reputable charities online is a quick and effective to way to help those in need. Unfortunately, scammers seek to take advantage of well-intentioned generosity.
- These scams can happen anytime but are especially prevalent around the holidays or after a disaster.
- Be wary of any unsolicited attempts to get you to donate, especially online. While there may be legitimate organizations raising funds via social media posts, emails or phone calls, there is a non-zero chance this outreach could be a scam.
- Give to charities you know and trust either in person, or via check or credit card with a verified address or official website.
- For more information and resources, read the ITS Cybersecurity Tips newsletter on how to donate safely to charities.
- Tech Support Scams
- In a tech support scam, bad actors contact you posing as part of an IT business offering to fix issues with your device. These scams are elaborate and believable; they will use official looking logos and may even provide a 1-800 number to seem legitimate.
- Legitimate technology companies will never contact you out of nowhere about an issue with your device. If you think your device has an actual problem, contact your preferred IT company yourself using an official number.
- For more information on tech support scams, check out the ITS Cybersecurity Tips newsletter.
- Social Media Scams
- Be wary of links posted on social media, especially quizzes. Criminals can leverage these links and nefarious websites to gather personal information or share malware.
- Your friends’ accounts could be hacked without them ever knowing! If you receive an unexpected connection request or message from a friend, check with them in real life before responding.
- Emergency/Grandparent Scams
- You receive a frantic call from what sounds like a family member or a friend. They will typically say they are having an emergency that requires some amount of money to help them. For example, a common tactic is saying they are in jail and need bail, or their car just broke down and they need money right away to fix it. These scams can also occur on social media, email, or any app that has a messaging feature.
- Scammers can use AI software to replicate a loved one’s voice, and it may sound very convincing.
- If you receive such a call or message, don’t respond. Call your family or friends directly.
- Online Shopping Scams
- Online shopping is everywhere; nearly every company, even smaller businesses, have an online purchasing option. Criminals have created many different scams to take advantage of online shoppers, including unrealistic deals that entice shoppers to click a link that goes to a fraudulent website.
- Be sure to type in or search for your preferred merchant’s official website, ensuring there are no typos and that the link starts always with ‘HTTPS’.
- For more information on online shopping scams, read our online shopping Cybersecurity Tips newsletter.
- Tax Scams
- If you receive a suspicious email claiming to be from the IRS, do not reply or click on attachments and/or links. Forward the email as-is to [email protected] and delete the original email.
- If you receive a suspicious text message related to your tax return, do not reply or click on attachments and/or links. Forward the text to 202-552-1226 (standard texting rates apply) and delete the original message. If you already clicked on links in the text message and entered confidential information, visit the IRS's identity theft guide for resources.
- In New York, you can report tax fraud and scams to the Department of Taxation and Finance. For more information about tax scams, read the ITS Cybersecurity Tips newsletter.
General Best Practices
Be skeptical. Be wary of requests for personal or financial information, especially if they seem too good to be true or ask you to act quickly.
Don't click suspicious links. Avoid clicking links in suspicious emails or online posts. Instead, you can type the URL directly into your browser or use a search engine to go to the site.
Be sure that all website addresses start with ‘https’ at the beginning. Website addresses, or URLs, that start with https are secure. Also, be sure the padlock icon is present to the left of the link in the address bar.
Make sure the website address is spelled correctly. ‘Typosquatting’ occurs when scammers use website URLs that are very similar to the correct URL to trick you.
Keep your email address to yourself. Scammers illegally scan public websites for email addresses. Avoid sharing your email address in online forums, social media sites or blog posts.
Update all your devices with the most current software consistently. This is an easy and effective way to deny scammers access to your devices. Enable automatic updates wherever possible.
Be cautious when paying using gift cards, cash or cryptocurrency. These methods of payment are untraceable, which is why they are preferred by scammers.
Use multifactor authentication (MFA) wherever available. This gives your online accounts an added layer of protection from unauthorized access.
Be suspicious of requests for your personal identifiable information or money. Only make payments using secure methods. If you are in doubt, call the company directly with a phone number you find on their official website.
Create strong, unique passwords for all your accounts. Hard-to-guess passwords keep your information and finances secure. Visit the ITS Password Security resource page for great tips on keeping your passwords as secure as possible.
Only connect to trusted networks. If you have to use an unfamiliar network, consider using a reputable VPN service.
Report scams. If you suspect a scam, you can report it to the FTC at ReportFraud.ftc.gov or to the BBB Scam Tracker.
Back up your data. Be sure to regularly upload your data to an external hard drive or the cloud.
Monitor your credit often. Get a free copy of your credit reports from the three credit agencies regularly to check for fraud. Check your card transactions frequently, and make sure all purchases are accounted for.
Frequently Asked Questions
Q: What are some indicators of online scams that I should look for?
A: Some key indicators of a scam include unsolicited requests for personal or financial information, generic greetings, poor grammar or spelling, urgent or threatening language, and requests for payments through unusual methods such as gift cards or wire transfers.
Q: What should I do if I or someone I know falls victim to an online scam?
A: Contact your financial institution. Alert your bank or credit card company and ask them to reverse the transaction. File a report with the FBI (via the Internet Crime Complaint Center (IC3)), other law enforcement agencies and/or your bank as soon as possible.
Q: What should I do if I receive a suspicious email?
A: Do not open it or click on any links/attachments. Delete the email and report it as needed.
Q: Who is most affected by online scams?
A: According to the FBI IC3 2023 report, people 60 and older are especially vulnerable to online scams, but every age group has experienced cybercrime.
Additional Resources
StaySafeOnline.org: What to do if your information is stolen
Internet Crime Complaint Center (IC3)
IRS: Report phishing and online scams
NYS Department of Taxation and Finance: Report fraud, scams, identity theft, and data breaches