Scammers trick millions of people a year. According to a report from the Federal Trade Commission (FTC), U.S. consumers filed roughly 1.7 million fraud complaints, 892,000 “other” complaints, and 651,000 complaints of identity theft during 2019 (the most recent data available). Of the 1.7 million fraud complaints, 23% reported that money was lost, to the tune of $1.9 billion overall. That's an increase of $293 million over what was reported in 2018.
What may be surprising in the digital age is that the most common method fraudsters used to contact victims was the telephone (74%), followed by websites (9%), email (8%), consumer-initiated contact (5%), mail (3%), and other (2%). People ages 60 to 69 filed the most fraud reports (20%) and reported the biggest losses ($223 million).
Scams are nothing new, and criminals are only getting more sophisticated. That means it's more critical than ever to protect yourself against fraudsters who would try to get your personal information and money. Here are some tips to help you avoid scams—and what to do if you are defrauded.
- Millions of people each year fall victim to scams, accounting for billions of dollars in losses.
- Imposter scams top the list of fraud categories; they represented $667 million in losses during 2019, with a median loss of $700 per victim.
- While scams are widespread, there are ways to protect yourself against fraudsters and keep your money and identity safe.
Types of Scams
While the telephone is the most common way for criminals to contact consumers, the internet provides plenty of opportunities for scammers. The Federal Bureau of Investigation (FBI) says some of the most common online risks are:
- Email account compromise (EAC) ccams—Criminals send a message that appears to come from a known source, making a legitimate request. A vendor that your company works with might appear to send an invoice with an updated mailing address, for example, or a home buyer gets a message from their title company with instructions on how to wire a down payment.
- Identity theft—Someone steals personal information, such as your Social Security number, to commit fraud or theft.
- Ransomware—Malicious software, also called malware, keeps you from accessing your computer files, systems, or networks until you pay a ransom.
- Spoofing—A scammer disguises an email address, a sender’s name, a phone number, or a website address to make you believe you’re interacting with a trusted source.
- Phishing—Phishing schemes direct you to fake websites that might look nearly identical to the real thing and ask you to enter sensitive information such as passwords, credit card numbers, and personal identification numbers (PINs). Similar variations include vishing (scams happen over the phone, voice mail, or VoIP), smishing (via SMS messages), and pharming (malicious code is installed on your computer).
The FBI does not send emails to private citizens about cyber scams. If you receive an email that claims to be from the FBI director or other top official, it’s likely a scam.
According to the FTC report, more people filed claims about identity theft—20.3% of all reports—than any other type of complaint in 2019. Following closely behind at 20.2% of all claims were imposter scams (a subset of fraud reports). Claims for telephone and mobile services rounded out the top three reports with 6%. Here’s a rundown of the leading types of fraud, identity theft, and “other” scams, along with details about the number of reports and total losses.
What You Can Do to Avoid Fraud
Despite the prevalence and sophistication of scams, there are ways to lower your chances of being a fraudster’s next mark. Here are some tips on how to do just that.
Be careful what you download
Never open an email attachment from someone you don’t know and always use caution with attachments that have been forwarded to you—even if you know the sender. If it looks suspicious or is something your friend or colleague is unlikely to send, be wary. When in doubt, contact the person directly to confirm they sent the attachment or link—before you open or click on anything.
Be careful how you pay
Never give your credit card number over the phone unless you initiated the call. Before you submit your card details online, make sure the website and payment page are legitimate.
Unfortunately, you can be on a real e-commerce website and get directed to a fake checkout page if the website has been hacked. Pay attention to the website design: It should match the brand’s style, colors, and logo. Also, any web page that prompts you to enter personal or financial details (including your credit card number) should start with https:// (the “s” stands for “secure”) and have a green lock icon.
Credit cards have built-in fraud protection, so they’re usually the safest way to pay for something. If you pay for something with a wire transfer, reloadable card (such as MoneyPak or Reloadit), or gift card (such as iTunes or Google Play), you won’t have much recourse. Remember that government offices and reputable companies will never ask you to use these payment methods.
Don’t click on unsolicited messages
Never click on anything in an unsolicited email. Instead, hover your mouse—without clicking it—over the text, links, and images to reveal the real destination (more on that below). Keep in mind that just because a link says “Sign Into Microsoft Outlook” doesn't mean that’s where you’ll be directed.
Don’t send money or give out personal information in response to an unsolicited text, phone call, or email. Remember that companies will never contact you to ask for your username or password. Always log onto the official website instead of linking to it from an unsolicited email or text.
If you weren’t expecting a message, look up the company’s phone number and call it directly to ask if the request is legitimate (don’t dial the number included in the message).
Make sure URLs are legit
You can hover your mouse over text, links, and images to see where they point. When you do so, pay close attention to the “root domain”—aka the real address behind a link. That’s the part of the URL that comes between the second-to-last dot and the first slash (the “second-to-last-dot rule”). Why is that important? It’s the only part of a URL that a scammer can’t change.
So while https://www.microsoft.com/ is a valid address, https://www.microsoft.com.scam.co/ is not (this link would take you to the scam.co website). Keep in mind that images, design, text, and logos can all be manipulated to trick you, so check the URLs of the links (without clicking, of course) and the source of the email to find out if the message is legitimate.
Check out email addresses
To check the source of the email, click the “Reply” button and see what appears in the “To” field (don’t send the message, of course). If the email is supposed to be from Microsoft Account Team, but the address shows up as something like firstname.lastname@example.org (sneaky) or qrx%xoiwerj email@example.com (obviously fake), it’s not legit.
Secure yourself online
If a website you frequent offers two-factor authentication (2FA), use it. Always use strong, unique passwords, and store them with a trustworthy password manager. Finally, install reputable internet security software, update it regularly, and allow it to monitor your device continually.
Where to Report Scams
There are many different types of scams, so it can be hard to figure out whom you should contact. Start by changing your passwords and contacting your state consumer protection office. If you lost money (or other personal belongings), reach out to your local police department too. Contact your bank or credit card provider to see if it can help and consider freezing your credit so nobody can open a new line of credit in your name.
The FTC is the primary agency that collects scam reports. Use the FTC complaint assistant or phone 877-382-4357 (9 a.m. to 8 p.m. ET) to report any of the following scams.
- Computer support scams
- Demands for you to send money (check, wire transfers, gift cards)
- Fake checks
- Imposter scams
- Phone calls
- Prize, grant, and sweepstakes offers
- Student loan and scholarship scams
Report identity theft
Report identity theft online at IdentityTheft.gov or by phone at 877-438-4338 (9 a.m. to 8 p.m. ET).
Report online scams
Report fake websites, emails, malware, and other internet scams to the FBI’s Internet Crime Complaint Center (IC3).
Sign up for free scam alerts from the FTC. You’ll get the latest tips and advice about scams in your inbox.
Report international scams
If you believe you’ve been the victim of an international scam, report it through econsumer.gov. The report helps international consumer protection offices identify trends and prevent scams.
Report IRS and Social Security imposter scams
Some scammers pretend to work for the Social Security Administration (SSA) or the Internal Revenue Service (IRS). Here are some red flags to watch out for:
- Threats of arrest or lawsuits
- Demands for payments
- Threats that your Social Security number or benefits will be canceled
Report Social Security imposters online through the SSA’s inspector general or by phone at 800-269-0271 (10 a.m. to 4 p.m. ET).
Report IRS imposters online at the Treasury Inspector General for Tax Administration (TIGTA) or by phone at 800-366-4484.
Report disaster and emergency scams
Submit complaints of fraud, waste, abuse, or mismanagement related to any man-made or natural disaster (including those related to the coronavirus) online through the Department of Justice’s National Center for Disaster Fraud (NCDF) complaint website or by phone at 866-720-5721.
The Bottom Line
Anyone can be a mark—a target for someone’s scam. Still, you can lower the risk of falling prey to scammers by using some common sense and following these tips from the FBI and FTC. If you are swindled, report it right away.
Keep in mind that scammers often target people who may be easier to defraud—namely, older adults and vulnerable individuals. If you have a family member or friend who is at risk, check in with them frequently, share tips for avoiding scams, and discuss the current scams and what to watch out for.