Online Scams are Everywhere, But You Can Beat Them
“There’s a sucker born every minute” that’s the quote widely misattributed to PT Barnum. Whoever did actually say it wasn’t wrong. For every person out there, someone has a scam that will pass their defenses and hit them where it hurts.
By now, most of us who have managed to survive in the digital world thus far have become immune to the poorly-written attempts at making us believe the unlikely. Still, the scams keep coming and that’s mainly because scammers don’t need us all to fall for their tricks. As long as there’s a consistent minority of vulnerable people, it’s worth it for scammers to keep going.
There are lots of scams, and new ones are being invented every day, but some have become more successful than the rest. These are some of the worst scams people continue to fall for today.
Ransomware
Ransomware is one of the most insidious ways criminals can extort money from innocent users. Worst of all, often the victim hasn’t even done anything wrong. Many forms of ransomware can spread over networks or through local storage. Which means that even if you didn’t open a suspicious email, you might still find that your machine is infected.
The way ransomware works are that the software quietly encrypts the information on your hard drive, locking it away so that only those with the decryption key can bring it back.
Once enough of your files are encrypted the program announces itself and demands that you pay a ransom (usually in Bitcoin) in order to decrypt the files. I wouldn’t recommend that you actually do that since the scammers are only interested in getting your untraceable one-way payment. Sometime decryption keys are actually provided, but there is no guarantee.
Instead, you should make peace with your data loss, format the computer and move on.
How to Defend Against Ransomware
Obviously having up to date anti-virus and malware protection is a given, but it’s a good idea to keep a periodic backup of your most important data on a separate drive. Cloud drives like those from DropBox are a good choice too. They offer rollback functions so you can recover any damage that has been synced to the cloud from an infected machine.
The basic practice of not opening unknown email attachments still applies here too.
Identity Theft
Identity theft is not new, but the internet has given it a terrifying new life. It happens when a scammer gathers information about someone with the goal of impersonating them. The reasons for doing so are varied. They might want access to bank accounts or other services that verify your identity using personal information. Identity thieves could even apply for jobs, credit cards or loans in your name.
Truly personal information is usually lost during data breaches at companies where you have no control. However, scammers can also gain info by tricking you into revealing it via email or chat. It’s also possible to become a victim thanks to the info you post on social media. Pictures, details about your life and more can be pieced together in such a way that someone could pose as you in a convincing way.
How to Defend Against Identity Theft
While it’s often out of your hands, you can make it less likely that your identity will be stolen by being much more selective when it comes to what information you share online. Before you post something, consider how it could be used against you in identity theft.
When you choose security questions on sites you use or for banking, don’t pick things that can be Googled. If you’ve spoken about your first car on Facebook or complained about your mother in law then using those as recovery questions is a bad idea.
If you want to know whether you have been the victim of a data breach, Have I Been Pwned is a great resource that maintains databases of breaches that are now public.
The 419 Scam
The 419 scam, names for the relevant Nigerian penal code, is probably the most famous of all internet scams and is one of the variants for the so-called “advance fee” scam.
The point of a 419 scam is to convince the target they should pay an amount of money over to the scammer. The fee is an “advance” that the scammer claims they need to access or transfer a much larger sum. Of course, you’ll get a commission on the larger amount just as soon as it clears.
That’s the promise anyway. In reality, as soon as you pay the first amount the scammer will either disappear or try to press their luck. They’ll try to invent new reasons for more small amounts of money to be needed. This way they can nickel and dime hundreds or thousands of dollars from people who believe they are about to have the payday of their lives.
In this TED Talk by Ze Frank, he recites a typical 419 scam email at the two minute, seven-second mark.
It’s almost always a slightly nonsensical letter in mildly broken English. A sad story of dead parents and war-torn countries. Sometimes it can sound downright romantic! Invariably the writer will want you to use some low-security transfer method such as the Western Union. It’s a little sad at this point.
How to Defend Against 419 Scams
And yet, millions of people still fall for 419 scams. It’s disappointing given how easy these scams are to avoid. It’s simple: if you get an unsolicited email from someone you’ve never heard of promising you money be very suspicious!
There is no reason to respond to such communication, and you should simply ignore them. These scams work because the targets honestly want them to be true. Wishful thinking is not a productive way to deal with security threats. Remember one simple rule: if it seems too good to be true, it is.
Phishing and Spear Phishing
Phishing is a term derived from (obviously) the word “fishing.” It takes this name because in this scam the scammer is “fishing” for information. The idea is to trick the victim into divulging sensitive information about themselves. These can include direct attempts at getting usernames and passwords. Credit card details are also a common target.
Phishing is distinct from 419 scams in that the scammers aren’t trying to get money from you directly. The usual modus operandi is to pose as a legitimate organization. A bank, Google or some other similar institution. Local tax authorities are also prime targets.
The email will often be “spoofed,” which means that the actual origin of the message is disguised to look more legitimate.
Usually, there is some sort of urgent, yet plausible message. Google says you need to reset your password because (ironically) you’ve been hacked. The bank says you just got a big deposit and then provides a link you can click on to log in.
An in-line hyperlink is a key feature of these sorts of emails. Clicking on it will take you to a website meant to look like the real deal. If you type in your username and password (or credit card details) through this site, it goes straight to the scammer.
If a scammer has access to your email account, they can reset your passwords on other services such as Paypal or online banking.
So What’s Spear Phishing
SPear Phishing is a subtype of phishing that’s far more targeted. The attacker knows who you are and so can use that information to make the correspondence more convincing. They might address you by name and pose as someone that you are waiting to hear from.
Even more frightening, the email may actually come from someone you know! This two-stage phishing is rarer, but it does happen. The first person gets their email hijacked through regular phishing. Once the scammer has access to that account they use it to contact people in the address book that look like they might comply based on old communications. Sometimes the whole thing is planned in advance, usually within a business. For example, posing as a CFO and then ordering someone to transfer money.
How to Defend Against Phishing
The rules of phishing defense are pretty simple. Never click email links. That’s step one. Only log into a site where you have manually put in the correct address. Check the address carefully or navigate to it through a Google search if you aren't 100% sure.
If someone you know writes an email to you, that seems fishy, phone or Skype them to double check that they really sent it to you. It's usually not hard to spot a weird change in tone or a request that's out of the ordinary.
Fake Online Stores
This is the best era for shopping history. With just a computer and a credit card, you can buy anything your heart desires and have it delivered straight to your door.
One of the main reasons that we have this wonderful luxury is the creation of digital certification and other security systems which ensure our credit card details are safe.
Except, sometimes the entire online store is a big fat phony. Fake online stores pop up everywhere and try to entice you by offering products at impossibly low prices. If you order and pay for something on one of these sites, you'll never get your product because it never existed in the first place.
How to Defend Against Fake Online Stores
If you see something advertised that seems way cheaper than it possibly could be, then the first red flags need to be raised.
A site that's sloppy with bad English and a complex URL also tends to indicate something bad is going on. If the site doesn't take credit cards or other mainstream payment methods (with buyer protection) you're also in dangerous territory.
Before you spend a dime, take the time to Google the name of the store and see if there is any record or user feedback for it. If you can't find conclusive evidence that the shops are on the level, it's better just to move on.
The Fake Hitman Scam
Personally, I find this scam to be one of the most reprehensible ones. While the other scams are almost a little comical, the hitman scam is tasteless and can cause real anguish to people.
In this horrible ploy, the scammer sends you a message stating that they have been hired to kill you. However, they are giving you a chance to outbid the person who wants you dead. If you don't pay the specified amount by the deadline, the hitman is coming for you.
How to Defend Against
It's understandable that receiving an email threatening your life is scary. Usually, the message also warns that if you call the police or tell anyone else the hitman is coming to finish the job.
As you might expect, there is no hitman. It's all just a sick attempt at making you pay.The best thing to do is delete the message and forget about it.
Responding to the message (which is sent out as spam) exposes you to the scammer and is a pretty bad idea.
The only time you should ever be concerned about such a message is if there is specific personal information about you in it. Things like your address, phone number of other specifics. In that case, it's best to contact the police and follow their advice.
Scareware
An anti-virus package is a necessary evil, but sometimes they cause so many issues that you could almost think of them as a form of malware. But what if some supposed anti-virus software was in fact malware.
That's what scareware is all about. You'll just be browsing the web when suddenly you see a popup that appears to be running some sort of scan on your computer. It's just an animation, but to the untrained eye, it can look real. At the end of the "scan", you 're informed that your PC (or smartphone) is absolutely ingested with evil software. Luckily. for just a few dollars, they'll sell you software that will "fix" the problem. Not too hard when there's nothing wrong with your machine in the first place.
If you do pay for and download the program, it might do nothing at best or actively be malware itself at worst.
How to Defend Against
Only use one of the known, verified anti-virus packages. Only believe the scan results that program gives you. Don't just install random software from the internet. These are all simple things, and you can do them champ.
Looking for Romance
We all get a little lonely sometimes. Especially if you're browsing the internet on a Friday night. So it can be an exciting surprise when someone pops up in your Skype or sends you an email asking if you're single.
It's the oldest scam in the book. The scammer poses as a cute guy or girl, lonely and looking for love. It just so happens that they "found your profile" or some other story.
These days the platform of choice might be Facebook or Twitter, but the deal is the same.
If you go down the road of starting an online relationship with this person, you may soon find that your new friends have lots of life problems. Problems that can be solved with just a little monetary help from you. Over time the payments become more frequent and larger. Until one day, your online romantic friends just disappear.
How to Defend Against Romance Scams
The first sign of a fake is that the pictures are stolen from other sources. Either from adult sites or from the social media profile of real people. Doing a reverse image search will usually quickly take you back to where the pictures were stolen from.
Apart from that, think about the way the person conducts themselves and how realistic their behavior can be. Most importantly, real or not, never give money to people you have never met. Set boundaries for yourself and insist on an in-person meeting in a safe place.
A Never-ending Parade of Scams
These are just some of the scams you are likely to run in to on a daily basis. Even if you think no one is sending these to you, just go check your spam folders. Odds are that at least one of these scams is there.
For each scam, there is a defense, but you should also be generally savvy about internet safety. So why not check out our internet safety guide and safe browsing methods.
If you have kids that are using the net, you should know that they can be vulnerable too, so bone up on internet child safety while you're at it.
It's not just scammers that are out there either. There are also nefarious hackers who are trying to make a dime using criminal means. You can read more about it in our list of the 10 worst cyber crimes.
Remember, as long as you stay cool and think critically about what you encounter on the web; you'll be as safe as houses.