Have you ever received an email from an acquaintance or relative who claims to be stuck in London, and asks for $2,000 to settle up his or her hotel bill because the person has been robbed? Or maybe you've received a text message from a customer-service agent, congratulating you because you've just won a free cruise to Jamaica. All you have to do is pay a $200 processing fee to claim your prize.
While you might think you're way too smart to ever fall for these and the myriad other Internet scams out there, the crooks think otherwise. Swindling you out of your hard-earned cash is very lucrative for cybercriminals, which is why these scams continue to proliferate. Here are the 10 most common Internet and telephone scams and how to avoid them. (Caveat: If you think you've fallen for any of these, contact the FBI's Internet Crime Complaint Center.)
A criminal who perpetrates an advance-fee fraud promises you money, products or services if you'll only pay a small fee. The crook could offer you a chance to benefit from a special opportunity, tell you that you've got lottery winnings you didn't know about, ask you to help him or her get money out of a country experiencing unrest or, ironically, even help the authorities catch thieves. But no matter what the criminal calls this fee, that person and your money will be long gone before you even know you've been scammed.
The best-known such scheme is the Nigerian-prince con, also known as the "419 scam" because of the corresponding section in the Nigerian criminal code. It's a variant of the classic Spanish prisoner scam, which dates back centuries.
In the 419 scam, the criminal contacts his mark via email, instant message, social network or even snail mail. He asks the mark to help move millions of dollars out of a foreign country into a U.S. bank, on behalf of a person (often the criminal) who is being held prisoner, recently came into a large inheritance or otherwise can't access funds that rightfully belong to that individual.
The mark is asked to pay a "fee" — at least several hundred dollars — upfront so that the larger sum can be transferred, and the mark is promised a sizable percentage of the total funds once the transfer is completed. But the big money never materializes, even though victims may be asked to cough up even more cash to cover supposedly unforeseen obstacles and fees as the con artist draws out the process.
The best thing to do if you receive such correspondence is ignore it. Of course, don't send money, and don't give anyone your banking information.
Some scammers victimize people who are only trying to help someone they think they know. That's when you get the email from that old acquaintance, stuck overseas without a passport or wallet. Or when a retirement-home resident gets a call from someone claiming to be his or her nephew or grandchild, asking for help in posting bail.
Don't believe it. If you're truly concerned — and who wouldn't be? — tell the caller or emailer you need to check a few things first. Then contact everyone who knows that person better than you do, and see if the story is true.
In a common twist, con artists cultivate fake online romances with their victims, then ask for money for travel or medical emergencies. If you begin a relationship with someone you've only encountered online, and that person suddenly asks you to wire money, purchase that person an airline ticket or cash a check, it's time to break off contact.
MORE: Best Identity Theft Protection Services
Scammers often piggyback on natural disasters, or a tragedy of a more personal nature, to fleece unsuspecting victims.
One email scam was run by crooks who borrowed the legitimate #BringBackOurGirls social media campaign, which aimed to free 200 Nigerian schoolgirls kidnapped by Islamist rebels. The email writer claimed to be the mother of two of the girls, but it was just an old-fashioned con.
Another case involved a young couple who solicited donations online for a baby who wasn't sick after all. Following a devastating typhoon in Southeast Asia in 2013, scammers sent typhoon-related emails asking for donations.
To protect yourself, don't respond to unsolicited email requests from supposed disaster victims. Be wary of donation requests or videos posted on social media by alleged victims. If the solicitation comes from a charity, look up the organization to see if it's legit — and then donate through its website or by calling its telephone number. Never give out personal information to strangers via phone, text or email.
Sextortion, or sexual extortion, begins when an attacker gets hold of, or even surreptitiously takes, sexually explicit photos or videos of someone, and threatens to release them if that person doesn't give in to the blackmailer's demands.
Crooks have used Skype to trick victims into performing online sexual indiscretions, which were recorded and used for blackmail. Creeps have broken into victims' Facebook accounts, found nude photos, then threatened to post the photos online unless the victims sent more nude photos. In one famous case, a hacker turned on computers' webcams while victims were nude, then showed them the recordings and forced them to send more images.
To avoid becoming a victim of sextortion, never text or email explicit photos of yourself or post them online. Once an image leaves your computer or smartphone, you lose control of it forever. Be sure to have a strong, unique password on social media accounts, preferably with two-factor authentication. And run robust antivirus software to stop webcam malware.
In this type of scam, victims receive legitimate-looking emails, text messages or pop-up windows that purport to be from Apple, Netflix, Facebook, PayPal, LastPass or a bank.
The emails ask the victims to verify their usernames, passwords, credit-card numbers and/or account numbers with the services, and so on. The messages look legitimate, but they're meant to trick users into divulging important personal information so that criminals can steal their identities, hijack accounts or commit other kinds of fraud.
To protect yourself from phishing scams, don't click on Web links, especially shortened ones, in email messages or pop-up windows. Phishing emails often have links that don't go where they're supposed to (hover your mouse over the link to check), or have links that are slightly misspelled (mail.gooogle.com) or that have the wrong domain suffix (facebook.cc).
If you get an email, for example, from your bank regarding your account, don't click the included link. Instead, manually type in your bank's URL in your Web browser and access your account that way.
Phishing scams can also happen over the telephone, in which case they're called voice phishing or vishing. Don't provide information to anyone who calls or texts out of the blue. If a caller claims to represent a specific company, ask for his or her name, then call the company using the phone number on your billing statement or on the company's website. Never call the number provided by the caller.
MORE: Best Antivirus Software and Apps
In this type of scam, which often begins over the telephone, the criminals impersonate police, the FBI, lawyers or the IRS and demand immediate payment of fines. Sometimes the caller says the victims or their family members have active arrest warrants.
In one case cited by the U.S. Marshals Service, a fake cop told his mark how to pay the "fine" with a prepaid money card. Otherwise, the caller said, the victim would be arrested.
If you get such a call, or receive a similar email message, don't believe it. Instead, check with the agency in question by calling it independently. If there's no such outstanding warrant, overdue payment or fine, report the phony call to your local police. And remember — government agencies normally take only checks or money orders, not credit-card or prepaid-card payments.
Some scams trick you into installing malware, which may itself steal money or information. In the email-attachment scam, online criminals send unsolicited emails with infected attachments masquerading as unpaid invoices, resumes from job applicants or meeting-preparation notes.
Such scams can be very effective. The 2011 database breach at RSA, a security token maker, which led to the theft of secret technology from U.S. defense contractors, began with an infected spreadsheet sent to a handful of RSA employees. Always beware unsolicited emails, and never open attachments from senders you don't know.