10 Worst Online Scams and How to Avoid Them
Have you ever received an email from an acquaintance or relative who claims to be stuck in London, and asks for $2,000 to settle up his or her hotel bill because the person has been robbed? Or maybe you've received a text message from a customer-service agent, congratulating you because you've just won a free cruise to Jamaica. All you have to do is pay a $200 processing fee to claim your prize.While you might think you're way too smart to ever fall for these and the myriad other Internet scams out there, the crooks think otherwise. Swindling you out of your hard-earned cash is very lucrative for cybercriminals, which is why these scams continue to proliferate. Here are the 10 most common Internet and telephone scams and how to avoid them. (Caveat: If you think you've fallen for any of these, contact the FBI's Internet Crime Complaint Center.)
1. Advance-fee fraud
A criminal who perpetrates an advance-fee fraud promises you money, products or services if you'll only pay a small fee. The crook could offer you a chance to benefit from a special opportunity, tell you that you've got lottery winnings you didn't know about, ask you to help him or her get money out of a country experiencing unrest or, ironically, even help the authorities catch thieves. But no matter what the criminal calls this fee, that person and your money will be long gone before you even know you've been scammed.The best-known such scheme is the Nigerian-prince con, also known as the "419 scam" because of the corresponding section in the Nigerian criminal code. It's a variant of the classic Spanish prisoner scam, which dates back centuries.In the 419 scam, the criminal contacts his mark via email, instant message, social network or even snail mail. He asks the mark to help move millions of dollars out of a foreign country into a U.S. bank, on behalf of a person (often the criminal) who is being held prisoner, recently came into a large inheritance or otherwise can't access funds that rightfully belong to that individual.The mark is asked to pay a "fee" — at least several hundred dollars — upfront so that the larger sum can be transferred, and the mark is promised a sizable percentage of the total funds once the transfer is completed. But the big money never materializes, even though victims may be asked to cough up even more cash to cover supposedly unforeseen obstacles and fees as the con artist draws out the process.The best thing to do if you receive such correspondence is ignore it. Of course, don't send money, and don't give anyone your banking information.
2. Remote-impersonation scams
Some scammers victimize people who are only trying to help someone they think they know. That's when you get the email from that old acquaintance, stuck overseas without a passport or wallet. Or when a retirement-home resident gets a call from someone claiming to be his or her nephew or grandchild, asking for help in posting bail.Don't believe it. If you're truly concerned — and who wouldn't be? — tell the caller or emailer you need to check a few things first. Then contact everyone who knows that person better than you do, and see if the story is true. In a common twist, con artists cultivate fake online romances with their victims, then ask for money for travel or medical emergencies. If you begin a relationship with someone you've only encountered online, and that person suddenly asks you to wire money, purchase that person an airline ticket or cash a check, it's time to break off contact.MORE: Best Identity Theft Protection Services
3. Disaster relief/charity/dying baby scams
Scammers often piggyback on natural disasters, or a tragedy of a more personal nature, to fleece unsuspecting victims.One email scam was run by crooks who borrowed the legitimate #BringBackOurGirls social media campaign, which aimed to free 200 Nigerian schoolgirls kidnapped by Islamist rebels. The email writer claimed to be the mother of two of the girls, but it was just an old-fashioned con.Another case involved a young couple who solicited donations online for a baby who wasn't sick after all. Following a devastating typhoon in Southeast Asia in 2013, scammers sent typhoon-related emails asking for donations.To protect yourself, don't respond to unsolicited email requests from supposed disaster victims. Be wary of donation requests or videos posted on social media by alleged victims. If the solicitation comes from a charity, look up the organization to see if it's legit — and then donate through its website or by calling its telephone number. Never give out personal information to strangers via phone, text or email.
4. Sextortion scams
Sextortion, or sexual extortion, begins when an attacker gets hold of, or even surreptitiously takes, sexually explicit photos or videos of someone, and threatens to release them if that person doesn't give in to the blackmailer's demands.Crooks have used Skype to trick victims into performing online sexual indiscretions, which were recorded and used for blackmail. Creeps have broken into victims' Facebook accounts, found nude photos, then threatened to post the photos online unless the victims sent more nude photos. In one famous case, a hacker turned on computers' webcams while victims were nude, then showed them the recordings and forced them to send more images.To avoid becoming a victim of sextortion, never text or email explicit photos of yourself or post them online. Once an image leaves your computer or smartphone, you lose control of it forever. Be sure to have a strong, unique password on social media accounts, preferably with two-factor authentication. And run robust antivirus software to stop webcam malware.
5. Account-verification phishing scams
In this type of scam, victims receive legitimate-looking emails, text messages or pop-up windows that purport to be from Apple, Netflix, Facebook, PayPal, LastPass or a bank.The emails ask the victims to verify their usernames, passwords, credit-card numbers and/or account numbers with the services, and so on. The messages look legitimate, but they're meant to trick users into divulging important personal information so that criminals can steal their identities, hijack accounts or commit other kinds of fraud.To protect yourself from phishing scams, don't click on Web links, especially shortened ones, in email messages or pop-up windows. Phishing emails often have links that don't go where they're supposed to (hover your mouse over the link to check), or have links that are slightly misspelled (mail.gooogle.com) or that have the wrong domain suffix (facebook.cc).If you get an email, for example, from your bank regarding your account, don't click the included link. Instead, manually type in your bank's URL in your Web browser and access your account that way.Phishing scams can also happen over the telephone, in which case they're called voice phishing or vishing. Don't provide information to anyone who calls or texts out of the blue. If a caller claims to represent a specific company, ask for his or her name, then call the company using the phone number on your billing statement or on the company's website. Never call the number provided by the caller.MORE: Best Antivirus Software and Apps
6. Legal fee/fine/lawsuit settlement scams
In this type of scam, which often begins over the telephone, the criminals impersonate police, the FBI, lawyers or the IRS and demand immediate payment of fines. Sometimes the caller says the victims or their family members have active arrest warrants.In one case cited by the U.S. Marshals Service, a fake cop told his mark how to pay the "fine" with a prepaid money card. Otherwise, the caller said, the victim would be arrested.If you get such a call, or receive a similar email message, don't believe it. Instead, check with the agency in question by calling it independently. If there's no such outstanding warrant, overdue payment or fine, report the phony call to your local police. And remember — government agencies normally take only checks or money orders, not credit-card or prepaid-card payments.
7. Unexpected email attachment scam
Some scams trick you into installing malware, which may itself steal money or information. In the email-attachment scam, online criminals send unsolicited emails with infected attachments masquerading as unpaid invoices, resumes from job applicants or meeting-preparation notes.Such scams can be very effective. The 2011 database breach at RSA, a security token maker, which led to the theft of secret technology from U.S. defense contractors, began with an infected spreadsheet sent to a handful of RSA employees. Always beware unsolicited emails, and never open attachments from senders you don't know.
8. Hacked/pirated games/software
When a new PC game is hot, cybercriminals distribute pirated copies. But in fact, the activation-code, or "key," generators required to run bootleg games are often malware. In other cases, "cracked" games that don't require an activation code are themselves infected, as are the ads on the pages where links to such games can be found. Bitcoin-mining software has been found on pirated games, and even mobile games are not immune from malware.To avoid this type of scam, you could buy a legitimate copy of the game. But that won't protect you from malware that targets honest gamers, such as the botnet that infected a Twitch chatroom, or the ransomware that locked up PC gamers' files. To stop those, you'll need to run serious antivirus software.
9. Fake antivirus scam
Some scams use the threat of malware infection to con victims out of cash. In the fake-antivirus scam, users see pop-up messages in their Web browsers that tell them their computers are infected. The only way to clean the machines, the message says, is to immediately buy and install a specific brand of antivirus software by clicking a handy link.Sometimes the antivirus software seems to be free, but it will pause midway through the "cleaning" and demand that you pay to finish the job. Even some semi-reputable brands use this marketing tactic.Don't fall for it. Not only is the software likely useless, but any credit-card number used to buy it may also be passed on to criminals. The fake antivirus software may itself be malware, and since you've just installed it, it can do whatever it wants on your computer.If a pop-up window says your computer is infected, close your Web browser. If the pop-up disappears, it was fake. If it's still there, make sure it's from the antivirus software you already use. If not, then leave it alone. Open your Windows Task Manager by pressing the Control, Alt and Delete keys at the same time, and scan the list of running programs. If you see one that shouldn't be there, right-click it to "end" the "task."Once that's done, have your real antivirus software perform a full system scan. If you don't have antivirus software, go to our antivirus recommendations page and select a product.
You, or someone you know, has probably experienced this one. You'll get a phone call from a person, often with a thick Indian accent, claiming to be a computer technician working for Microsoft. Or you might get a pop-up window telling you that your machine has been infected and to call a toll-free number, or to click a link to start a live chat with a technician.The "technician" explains that he or she has detected malware on your computer — it's usually a Windows machine, but it happens with Macs and Android devices too — and that you'll need to download software that gives the technician remote access so that the "problem" can be "fixed."At this point, you should just hang up. If you're worried, call the company yourself, using a phone number you know is genuine.But if you let the fake technicians in, they'll show you all the "infections" on your machine, often by displaying the event logs of routine Windows processes. They may install more software designed to display lots of "error" messages. Sometimes, the fake technicians will present harmless browser-tracking cookies as evidence of infection.Then, of course, the caller will want to sell you something — either fake antivirus software, or a cleaning "service" that you absolutely, immediately need to buy to clean your machine.At this point, you can try to end the call or chat, but remember — you've already given this person access to your computer. We've heard anecdotes of tech-support scammers installing ransomware on the PCs of people who've refused to pay for phony tech support.It might be better to keep the "technician" on the line while pretending to have computer problems — and then suddenly shut down the machine. Hang up, restart the computer and do a thorough malware scan with real antivirus software.Remember, a caller who calls you out of the blue, then tells you there's an urgent situation that you need to resolve immediately by buying something, is probably a scam artist. Never give an unsolicited caller your credit-card number or allow him or her to install software on your PC.