Online Scams

Internet scams: What they are and how to avoid them

Cyberthieves can use the internet as a tool to rip off unsuspecting victims. Internet scams come in many forms, including emails that attempt to trick you into handing out financial information, pop-ups loaded with malware, and social media messages crafted to spark fake romantic relationships.

The number of complaints of internet crimes jumped 17 percent from 2017 to 2018, according to the FBI’s Internet Crime Complaint Center.

What can you do to lower your potential exposure to internet scams? It helps to learn what to look for. Here’s what you need to know about internet scams and some steps you can take to help protect yourself.

What are internet scams?

Internet scams continue to evolve, and can vary widely. The term generally refers to someone using internet services or software to defraud or take advantage of victims, typically for financial gain.

Cybercriminals may contact potential victims through personal or work email accounts, social networking sites, dating apps, or other methods in attempts to obtain financial or other valuable personal information.

Many successful internet scams have similar endings: Victims either lose their own money or fail to receive funds the fraudster promised.

Internet scam stats to consider

As noted in the agency’s Internet Crime Report, the FBI Internet Crime Complaint Center received 351,936 complaints of internet crimes in 2018, with losses exceeding $2.7 billion.

Anyone who uses an internet-enabled device could fall prey to an internet scam, but millennials may be more vulnerable to losing money, according to a 2017 Federal Trade Commission report.

Among people aged 20-29 who reported fraud, nearly 40 percent reported losing money. That compares with 18 percent of people 70 or older who reported losing money due to fraud. But people 80 and over tended to lose more money — the median reported loss was $1,092 compared to $400 for 20- to 29-year-olds.

11 internet scam types

Criminals have devised dozens of ways to deceive victims through the internet. Here are 11 of the more common types of scams.

Romance scam

Online dating can be a good way to connect with potential romantic partners, but cybercriminals have started using this method in attempts to defraud unsuspecting victims. Here’s how the scam works.

The fraudster usually strikes up a conversation on an online dating site and begins an online relationship — but always comes up with reasons why he or she can’t meet up in person.

Once the fraudster has gained the victim’s trust, they’ll ask for money or details about the victim’s financial life. Victims of romance scams collectively lost more than $362 million in 2018.

What to do? If you start an online relationship with someone, help protect yourself by asking a lot of questions. Take the relationship slowly and never give financial information or money to someone you don’t know personally.

The overpayment scam

The transaction might seem legitimate at first. Someone responds to your online advertisement and arranges to pay for an item you’re selling.

But the buyer invents a reason for sending you much more than the purchase price, then asks you to wire back the difference before the money clears your bank account.

After you’ve paid back the difference, it becomes clear the transferred money was fake — and you’re out the cash you gave the scammer.

Be cautious. If someone sends you a lot more money than you’re owed, it may be a scam. Don’t refund any money until the transfer is in your account. If you’re truly suspicious, you can also cancel the whole transaction and report this issue to the platform where you’ve listed the online advertisement.

Quick-money promise

This scam might start out as a phone call, LinkedIn message, or unsolicited email that advertises a job requiring little to no real work, but offering lots of fast cash.

Criminals who practice this scam often target people looking for a new job or wanting to work from home. But once you secure the job, you’re asked to fill out routine paperwork to provide your Social Security number, address, and bank information, seemingly for direct deposit of your paycheck. The fraudsters can use this personal information to access your financial accounts.

But there’s more. In some cases, you may unknowingly take part in a money-laundering scheme in your new role.

The lesson? When job hunting, use well-known, reputable job sites, research the employer, and avoid applying for positions that seem too good to be true.

Facebook impersonation scam

Facebook users may sometimes encounter scams. In one of the more recent examples, a fraudster copies the name, profile picture, and basic information from a real account to create a second, nearly identical account on Facebook.

Next, the scammer sends friend requests to the original account’s friend list in an attempt to access the personal information of the unsuspecting friends who grant access to their profiles.

If you get a friend request from someone who should already be on your friend list, search for their account. If you find two nearly identical accounts, it’s likely a sign that one of the accounts is fake.

Report the cloned account to Facebook, and consider alerting your friend in real life or on the phone so it’s clear who you’re talking to.

Tip: In cases where you believe your account was hacked, first change your password or contact Facebook to investigate.

Fake shopping websites

Using sophisticated designs and layouts, cyberthieves may create and publish fake retailer websites that either look genuine or that replicate existing retailer websites.

The bogus shopping sites might offer deals that are too good to be true, For instance, you might find popular brands of clothing and expensive electronics at extra-low prices.

And what if you buy? You may either receive the item and find out it’s fake, or you may receive nothing at all.

If you think you’ve found a fake shopping website, don’t spend money there. Instead, report the website to the the FBI’s Internet Crime Complaint Center.

Phishing scams

Phishing is a common scam, and one that collectively cost victims over $48 million in 2018, according to the FBI’s Internet Crime Complaint Center Report. Here’s how it works.

A fraudster will send you an email message that appears to be from a legitimate source, such as a bank, social networking site, or online store, for example. The message attempts to deceive you into providing valuable and sensitive personal data, such as passwords, credit card numbers and bank account information.

For instance, you might be directed to a website that looks legitimate, but was set up only to capture your information.

The fraudulent emails are usually written in an urgent tone. Often, they contain red flags such as misspellings, poor grammar, making urgent demands with threats of financial consequences, and logos that don’t quite look right.

If you’re unsure whether an email is legitimate or not, go directly to the company’s official website in a different tab — without clicking on links within the suspicious email.

As a rule, never click on links from these emails, reply to the emails, attempt to unsubscribe, or give out personal information.

Unexpected prize scam

This type of scam falls under the phishing category. The email may claim you’ve won a large chunk of cash, a free trip to an exotic destination, or some other fantastic prize. In order to claim your trip or winnings, the message will say, you only need to pay a few small fees.

After you pay those fees, you never hear from the organization again.

Some travel scams may send you to the destination, but they’ve hidden a lot of important expenses such as visa fees, transportation costs, or meals.

The adage applies: If something seems too good to be true, it probably is. Don’t respond to the message.

The Nigerian letter scam

In this scam, perhaps one of the longest-running internet frauds, you’ll receive an emotional message from someone claiming to be an official government employee, businessman, or member of a abundantly wealthy foreign family asking you to help them retrieve a large sum of money from an overseas bank.

In exchange, the person promises to give you some of the money. They may even produce fake paperwork that makes the deal look legitimate.

It’s best to ignore these messages or report them to the FBI’s Internet Crime Complaint Center.

Exortion or threat or “hitman” scam

In another type of scam, the cybercriminal may threaten to embarrass or injure you or a family member unless a ransom is paid.

The scammer may have gathered details about your life from social media profiles, which could make the claim seem more legitimate or urgent.

If you receive one of these messages, report it to the FBI’s Internet Crime Complaint Center and your local law enforcement.

Malware and ransomware scams

For cybercriminals, the first step in several types of scams is installing malware — short for “malicious software” — on a victim’s device. How? Criminals have a variety of deceptive ways to do this.

For instance, the perpetrator may send you a pop-up message for fake antivirus software, a link to a news article, or an email that looks like it’s from your bank.

Clicking on the message or the embedded link triggers the installation of malware, which can be designed to scan your device for personal and banking information, log your keystrokes, lock you out of your device, access your webcam, or even destroy your files in the process.

Ransomware is a related form of malware that’s delivered through phishing emails. Once the malware is installed on a device, the victim’s files are encrypted, and the cybercriminal demands a ransom payment, typically in a virtual currency such as bitcoin.

The criminal promises to release the victim’s files once the money is received, but often that doesn’t happen.

The tech support online scam

These types of scams can be related to or stem from malware infections. Fraudsters use urgent pop-up messages or fake online ads to promote software services.

When you contact them, they’ll say you have a serious problem with your computer and will offer tech support services you don’t need (because the problem doesn’t exist). They may also install malware on your device to gain access to your financial details.

You may be able to tell it’s a scam from the company’s choice of payment methods. For example, money sent via wire transfer, loaded on gift cards and prepaid cards, or transferred through an app like PayPal are hard to reverse.

If the company seems suspicious and only takes these types of payments, don’t do business with them and consider reporting the company to the FBI’s Internet Crime Complaint Center.

How can I protect myself against internet scams?

File a complaint

You can file a complaint with the FBI’s Internet Crime Complaint Center, which is the central point for tracking patterns of fraud and abuse related to internet crimes.

The center reviews complaints, analyzes data, and creates intelligence reports that highlight emerging threats and new trends. Knowing how internet crimes work helps people understand the dangers involved and identify the fraud before falling prey to it.

The center may forward certain investigations to appropriate law enforcement agencies, which may bring legal action against the perpetrators.

After you file the report, the Center recommends keeping any copies of evidence related to your complaint, such as canceled checks, receipts, emails or chat transcriptions. These may help the FBI investigate widespread crimes.

Set up multilayered security features

Some online accounts offer an extra layer of security known as multifactor authentication (also called two-factor authentication). This requires two or more credentials when you log in to an account.

For instance, this can be a combination of a password plus something you have (such as an additional passcode sent to your phone) or something you are (such as fingerprint or facial recognition).

So if a scammer does get your username and password, multifactor authentication makes it harder to log in to your accounts.

Don’t respond to scam messages

A response could lead to various consequences, such as triggering a malware installation or confirming your phone number or email address are working.

Instead, make a copy of records that may help investigators and delete other emails, texts and social media messages that look and sound like a scam.

Don’t click on links, open attachments, reply to the message, attempt to unsubscribe, or call any telephone number listed in suspicious messages. And don’t give out any money, credit card details, or other personal details.

Install antivirus software

Antivirus, or security software is designed to prevent malware from embedding on your computer or device. If the software detects malicious code, like a virus or a worm, it works to disarm or remove it.

This could help protect your devices if you accidentally click a dangerous link. The antivirus software can fight the malware and safeguard your files.

Always be sure you download software apps and services only from official vendor sites.

Back up your data

It’s a good idea to regularly make copies of your data in case it’s compromised in a malware attack. The backups should be copied to an external hard drive or cloud storage and not your home network.

Back up the data on all your devices, including your smartphone.

Don’t trust unsolicited phone calls or emails

If someone calls or emails claiming to be a tech expert, don’t accept help, give out personal or financial information, or allow them to remotely access your computer.

Instead, ask for proof of identity and research the company.

Victim of a data breach? LifeLock monitors for identity theft and threats.

Norton joined forces with LifeLock, we offer a comprehensive digital safety solution that helps protect your devices, connections and identity.


Editorial note: Our articles provide educational information for you. Norton LifeLock offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about cyber safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses.

Norton by Symantec is now Norton LifeLock. LifeLock™ identity theft protection is not available in all countries.

Copyright © 2019 Symantec Corporation. All rights reserved. Symantec, the Symantec logo, the Checkmark logo, Norton, Norton by Symantec, LifeLock and the LockMan logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Android, Google Chrome, Google Play and the Google Play logo are trademarks of Google, LLC. Mac, iPhone, iPad, Apple and the Apple logo are trademarks of Apple Inc., registered in the United States and other countries. App Store is a service mark of Apple Inc. Microsoft and the Windows logo are trademarks of Microsoft Corporation in the United States and/or other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution Licence. Other names may be trademarks of their respective owners.