If you’re reading this, you’re using the internet—which means you are likely no stranger to online scams. Even if you haven’t been a victim yourself, you’ve heard about personal information being leaked in data breaches or money being stolen by criminals posing as trusted individuals. According to the Federal Trade Commission, nearly 1 in 5 people lost money to imposter scams in 2018, and it collectively cost victims $488 million.
What are internet scams?
In online scams, criminals use internet services (including email or social media) to steal your personal information, coerce you into giving them money or sometimes both. In some instances, bad actors try to engage you directly—scams like phishing and spoofing fall into this category—while others scams, such as data breaches, use passive methods to collect and disseminate your sensitive information.
Online scams have been around for as long as the internet has existed, and they seem to be here to stay. The FBI’s Internet Crime Complaint Center (IC3), which monitors cybercrime, has seen a rise in consumer complaints every year since 2014. The agency collected more than 350,000 complaints in 2018, a 31% increase in five years. More alarming is the $7.45 billion consumers have lost to internet scams and fraud in that period.
While the cost of cybercrime may seem high, the IC3 collects just a fraction of reports of online scams since many victims choose not to come forward. (The FTC and a number of consumer advocacy groups also collect complaints.)
In fact, experts say internet crime is vastly underreported, and perpetrators are difficult to find and prosecute as a result.
That doesn’t mean you are destined to be a victim. You can be on the lookout for the most common internet scams and take measures to better protect yourself against cybercriminals.
The top online scams in 2019
Here are the 11 most common internet scams in 2019.
In a data breach, personal information is hacked or leaked and at risk of being viewed, stolen or used by cybercriminals. This information is often sensitive and may include login credentials, birthdates, credit card numbers and financial data. Equifax, Yahoo, Capital One and Facebook have all had millions of user accounts compromised—and these are just a few of the more recognizable breaches in recent memory.
Ransomware is a type of malware—malicious software—that infects a device or system, encrypts important data, and holds it for ransom. The only way for the user to access their information is to pay the perpetrator (often in a cryptocurrency like bitcoin). Otherwise, the cybercriminal may threaten to delete the victim’s files. Ransomware is often spread through email, which prompts the recipient to click a link or download an attachment. Research suggests that a ransomware attack will hit a business every 14 seconds by the end of 2019.
Nigerian prince 419 scams
The Nigerian scam, aka the 419 scam or advance-fee scam, originated in the 1990s—and yes, it did involve criminals posing as Nigerian princes asking for financial assistance. This scam has since evolved, and crooks now use phishing emails and online dating sites to find unsuspecting targets and con them into sending money or handing over their bank account information.
Everyone wants to hit the jackpot, right? It’d be easy to get excited if you got an email or social media message saying you’ve won a prize. Criminals know this, which is why they’ll tell you that you’ve won big—but you first have to pay a fee via wire transfer, gift card or bank account transaction in order to claim your lottery winnings. Lottery scams were the third-most common fraud to be reported to the FTC in 2017.
Email scams come in many shapes and sizes, but the common goal is to get you to provide (or confirm) sensitive information that criminals can use to steal your identity, your money or both. Like the Nigerian scam, phishing, spoofing and a wide variety of other internet scams use email as the medium to ensnare victims. Common scam emails may appear to come from legitimate companies like Netflix, PayPal or Amazon, but know that any legitimate correspondence from these companies would never ask for your personal information via email.
Often done by email, phishing attacks are not unlike its homophone, fishing: A scammer baits you with a sense of urgency to act, hooks you with a link or attachment that hopes you will enter personal information, and catches you by stealing that data to access your bank account. Phishing emails often appear to come from a person or organization you know. These attacks cost victims more than $48 million in 2018.
Romance scams play on your emotions. A cybercriminal will reach out through social media or an online dating site and attempt to develop a relationship with you. After they’ve gained your trust, they’ll ask for money to pay for an emergency. Some romance scammers pose as military personnel stationed overseas. Online dating scams rose 147% between 2015 and 2018.
Spoofing is a tactic scammers use to make you believe that a fraudulent email or message is from someone you know and trust, like a friend or a government agency (the Social Security Administration is a common one). Phishing emails are often spoofed—the scammer’s goal is to get you to click a link, send money or give up sensitive information. Scammers may also spoof a website, meaning a fake site is created to look like a legitimate one for the sole purpose of collecting your login credentials or bank account information.
Extortion scammers try to scare you into sending them money, often in bitcoin, by claiming they’ve accessed your computer’s webcam or have evidence that you watch porn or have cheated on your partner. They threaten to share evidence through email and social media if you refuse to pay. Ransomware scams generally also involve extortion.
Social media scams
Cybercriminals may use social media, like Facebook, to connect with you. They’ll send you a friend request or a Facebook message, which may lead to malicious tagging or a romance scam. They may also con you into giving up your credit card info through fake Facebook Marketplace listings.
Tech support scams
Tech support scams may start with a pop-up on your computer that instructs you to click a link or call tech support to fix a “problem” with your device. When you reach out, scammers may pretend to be from a reputable company such as Apple or Microsoft, and they’ll try to convince you to give them remote access to your computer, install software (which is actually malware), buy a worthless service, or give up your credit card or bank information.
These are some of the most common internet scams, but keep in mind that sophisticated cybercriminals are always finding new ways to take advantage of unsuspecting victims.
“There’s always going to be something new, so you always have to be suspicious of anything outside the norm,” Parker said.
How can I protect myself from online scams?
While you may not be able to prevent a scammer from trying to trick you, you can learn about common scams and maintain a healthy skepticism for a lot of what you encounter online. If you feel pressured to act or have an emotional reaction to an email or social media message, tread carefully.
“The biggest red flag of any scam is going to be an emotional hook,” Parker said. “Once our emotional hackles get raised, we drop rationality.”
Here are a few other ways you can help protect yourself from online scams:
- Don’t click links or open attachments. Never open a link or attachment directly from an email, especially if the message seems urgent or is related to login or financial information. If you think the message could be legitimate, go to the company’s website or call using official contact information.
- Keep your software updated. Updates to your apps and operating systems often patch critical security holes. Don’t ignore these—and consider enabling automatic updates.
- Use multifactor authentication. Sure, it’s important to have a strong password, but it’s even better to require multiple layers of security to access your accounts. That way, even if a scammer gets your password, they won’t be able to log in without additional credentials, like a secondary passcode or your thumbprint.
- Don’t give out personal information. Your bank won’t ask you for sensitive data via email. Neither will the IRS or the Social Security Administration. And you should never give out your credit card number or other personal info to a stranger—especially if they contact you unsolicited.
- Don’t send money. Many online scams involve criminals posing as desperate folks asking for wire transfers or gift cards. Lottery scams also use this tactic. Be wary of anyone who asks you for money.
- Triple-check senders of suspicious communications. It’s pretty easy for scammers to spoof email addresses and phone numbers to look familiar. You can always use a reverse phone or email search lookup tool to try and find out more about the sender.
Internet scams can happen to anyone—even those of us who are vigilant. These scams can also have long-term financial and emotional consequences. Watch out for the common online scams listed here, and take every precaution to try and protect your personal information from cybercriminals.