Internet scams are continually evolving. The FBI documented a record $3.5 billion in losses due to internet crimes in 2019. Right now, con artists around the world are likely targeting a computer or mobile device near you. Here's a look at the most common internet scams—and what you can do to safeguard your personal information and wallet.
- The COVID-19 pandemic has provided scammers with new opportunities to defraud consumers.
- Some of the most well-known scams, such as the Nigerian letter scam, continue to defraud thousands of people a year—despite widespread warnings.
- If you think you've been scammed, change your passwords, delete any questionable software, and contact your local police department.
COVID-19 Online Scams
According to Google, "Scammers are taking advantage of the increase in COVID-19 communications by disguising their scams as legitimate messages about the virus. Alongside emails, scammers may also use text messages, automated calls and malicious websites to reach you."
Common types of COVID-19 scams include:
- Fake health organizations. Scammers pose as health authorities like the World Health Organization (WHO) and U.S. Centers for Disease Control (CDC) to offer cures, tests, or other COVID-19 information.
- Websites that sell fake products. These sites offer face masks, hand sanitizer, disinfectant wipes, and other high-demand products that never arrive. Buy products from known marketers only.
- Bogus government sources. These scammers claim to issue updates and payments on behalf of the Internal Revenue Service (IRS) or local tax authority.
- Fraudulent financial offers. Scammers may pose as banks, debt collectors, or investors with offers designed to steal your financial information.
- Fake nonprofit donation requests. Many people like to donate to charitable causes to help with disaster relief. This provides an excellent opportunity for scammers to set up fake nonprofits, hospitals, and other organizations to collect funds. Donate directly through a reputable nonprofit's website instead of clicking on a link you receive by email or text.
Disaster Relief Scams
When disaster strikes—whether it's a pandemic or weather-related—so do fraudsters. Hiding behind the guise of an actual aid organization, scammers will use a tragedy or natural disaster to con you out of your money. By thinking you’re donating to an emergency relief fund, you unwittingly provide credit card or other e-payment information.
Only give to established, legitimate organizations. Visit GuideStar or Charity Navigator to verify the validity of any charitable organization you are considering supporting before you donate.
You receive an email from a seemingly familiar enterprise that you deem legitimate, such as your bank, university or a retailer you frequent. The message directs you to a site—usually to verify personal information such as email addresses and passwords—that then steals your information and exposes your computer to attack by scammers.
Phishing scams are some of the most common attacks on consumers. According to the FBI, more than 114,700 people fell victim to phishing scams in 2019. Collectively, they lost $57.8 million, or about $500 each.
According to the Federal Trade Commission, phishing emails and text messages frequently tell stories to trick people into clicking on a link or opening an attachment. For example, phishing attempts may:
- Say they've noticed suspicious activity or log-in attempts on your account
- Claim there's a problem with your account or payment information
- Say you need to confirm or update personal information
- Include a fake invoice
- Ask you to click on a link to make a payment
- Claim you're eligible to sign up for a government refund
- Offer a coupon for free goods or services
You should never click the links provided in emails you can't independently confirm. Doing so will make your computer and personal information vulnerable to viruses and malware. Again, though the sender may seem legitimate—which is exactly what the scammer wants you to believe—no reputable institution will ask for your password or other key personal information online. Phishing emails will often contain typos or grammatical errors, and the sender's email address often looks suspicious.
Phishing emails are often rife with typos and grammatical errors. This is an intentional strategy scammers use to "weed out" people who would be unlikely to fall for the scam.
Fake Shopping Websites and Formjacking
Thousands of fake websites offer "great deals" on well-known brands. These websites typically have URLs similar to the brands they try to mimic, such as "Amaz0n.net." If you buy something from one of these websites, chances are you'll receive a counterfeit item in the mail—or nothing at all.
Formjacking is another retail scam. This happens when a legitimate retail website is hacked, and shoppers get redirected to a fraudulent payment page, where the scammer steals your personal and credit card information. To avoid this scam, double-check that the URL on the payment page is the same as the website where you were shopping. Cybercriminals may change the URL very slightly—maybe by adding or omitting a single letter. Be sure to take a close look at the URL before you enter your payment details.
Tech Support Scams
With this scam, you receive a phone call, email, or pop-up warning indicating your computer is infected (ask yourself: How would they know?). The scammer then:
- Prompts you to download an application that allows them to control your computer remotely;
- Downloads an actual virus or otherwise makes you believe that something is wrong; and
- Tells you they can fix the problem for a fee.
Another way to reach you is through search results: Tech support scammers work hard to get their websites to show up in online search results, or they run their own ads.
Often, these scammers ask you to pay using a bank wire, gift card, or money transfer app.
If you gave a scammer remote access to your computer, immediately update your security software, run a thorough scan, and delete anything it identifies as a problem. And, if you shared your user name and password, change those right away, too.
Tech support scams are common. The Federal Trade Commission (FTC) says it received more than 100,000 reports about these scams during 2019. If you think you've been contacted by—or have fallen victim to—a tech support scammer, report it to the FTC.
Fake Antivirus Software (aka 'Scareware')
Fake antivirus software ads and pop-ups try to make you believe your computer is infected with a virus (or dozens of them)—and that you can fix the problem by downloading their software. These scammers get you two ways:
- They gain access to your credit card information.
- They gain access to your computer. When you click the download link, you get a virus, malware, or ransomware instead of antivirus software.
Always be wary of ads and pop-ups that prompt you to take immediate action, or ones that are hard to close. Be sure to install, update, and use real antivirus software to reduce the risk of scareware.
New for 2020 are scammers that sell phony COVID-19 travel insurance policies that claim to cover losses for any reason, at no extra charge. Buyers find out the hard way that these policies don't provide the protection they expected. In general, claims due to "known, foreseeable, or expected events, epidemics, government prohibitions, warnings, or travel advisories or fear of travel" are not covered by travel insurance policies.
COVID-19 is a foreseen event, so many travel insurance coverages don't apply. The only way to get coverage for COVID-19-related losses is to buy a Cancel for Any Reason (CFAR) policy directly from a licensed, reputable company. These policies usually cost significantly more than standard travel insurance policies.
Another travel scam involves social media. Scammers post enticing photos on sites like Pinterest, Twitter, and Instagram to dupe even the savviest of travelers. Upon clicking the image—which lures clicks through the promise of a free trip or plane tickets—you will be prompted to either complete a survey rife with personal information or open your computer up to secretly malicious software.
Make sure the social media page you’re on is an accredited account. All major airlines and travel sites link directly to their social media handles from their respective web pages.
With grandparent scams, a fraudster poses as a panicked grandchild who needs cash right away for some emergency—to get out of jail, to leave a foreign country, or to pay a hospital bill. The COVID-19 pandemic has made it even easier to sell compelling lies: "I'm in the hospital with COVID. Please send money right away." AARP says that grandparent scams are on the rise, with nearly $41 million in reported losses during 2018, up from $26 million versus 2017.
According to the FTC, you can avoid grandparent scams (and other family emergency scams) if you:
- Resist the urge to act immediately. Scammers pull at your heartstrings and rely on you to respond quickly—before you've had a chance to think things through.
- Verify the caller's identity. Ask questions that a stranger wouldn't be able to answer. Confirm the story with other family members or friends, even if (or especially if) the caller says to keep it a secret.
- Never send cash, gift cards, or money transfers.
419 Fraud—Advance Fee Scam
Also known as the Nigerian letter scam, 419 fraud is one of the most common scams on the internet—and one you've likely seen in your own inbox. The advance fee scheme takes its name after the section of the Nigerian criminal code that outlaws fraud. According to the FBI, more than 14,600 people reported falling victim to advance fee scams in 2019. Collectively, they lost $100.6 million, or roughly $6,800 each.
The scammer usually claims to be a member of a wealthy Nigerian or another West African family, reaching out to you personally after the death of a loved one. They seek to relocate a large fortune out of the country for safekeeping purposes and into your bank account. The catch? You must submit small payments for fees in return for a large chunk of their cash cache.
You should never respond to these requests or volunteer your bank details. Any correspondence should be sent to the FBI, the U.S. Postal Inspection Service, the U.S. Secret Service, or the Federal Trade Commission.
You receive a letter or an email declaring that you have been pre-approved for either a credit card or a bank loan. Those experiencing financial strain may fall victim to this scam, which promises instant approval and appealing credit limits. The catch? You must pay an upfront fee when you sign up. While credit card companies do charge annual fees, they will never ask you to pay them when you apply.
In general, be wary of any offer that has a "100% guarantee," requires any upfront fees, or that requests payments in cash, money transfers, or gift cards.
Debt-Relief and Credit-Repair Scams
Individuals who are down on their luck can easily fall for an email claiming to relieve their debt or repair bad credit. This scam makes the false promise to negotiate with creditors to either consolidate or settle debts or to remove negative information from your credit report.
According to the Federal Trade Commission (FTC), "These operations often charge cash-strapped consumers a large up-front fee, but then fail to help them settle or lower their debts—if they provide any service at all."
Steer clear of any debt-relief company that asks for fees in advance, before it settles any debt. Likewise, avoid any company that guarantees it can eliminate or reduce your debt by X amount by X date. Research any debt-relief or credit-repair service you are considering. It's a good idea to check with your state's attorney general and consumer protection agency to learn about the company's reputation.
Congratulations! You’ve won the lottery or some other large amount of money! Except you haven’t. This bogus email comes to you out-of-the-blue—usually claiming to be a part of an international sweepstakes—stressing that you’ve won big and that you just need to send over a processing fee or to get in touch with someone who can process your winnings.
Unless you have entered some legitimate lottery, chances are you haven’t won the jackpot. When you win the lottery, you contact the appropriate retailer—not the other way around.
Fake Check or Money Transfer
You list something on an auction-based website, and the winning bidder offers to pay you more than the offered purchase price via cashier’s, corporate or personal check. Upon receiving the scammer’s counterfeit check, you are conned into sending the difference back through bank wire. Then you have to pay the bank back in full once the fake check bounces.
Never accept payment for more than your selling price. Additionally, you should opt for a secure form of e-payment, such as PayPal or Google Wallet, to ward off scammers.
The Bottom Line
It’s safe to assume that if anyone is asking for your bank or personal information, you’re being scammed. You should never give out personal information to anyone on the internet who contacts you directly. If you have to make a financial transaction online, make sure you’re doing so on a secure server and through a reputable site.
If you believe you’ve been scammed, immediately change all of your passwords and delete any malicious software you may have downloaded, and call your credit card company, if necessary. Contact your local law enforcement authorities to report the scam and get help with the next steps. You can also report the scam to the FBI, the Federal Trade Commission, the U.S. Postal Inspection Service, and your state attorney general's office.