Scams run rampant in the digital world. We’re good at recognizing many of them. An email claiming you won a lottery you never entered clearly isn’t real. However, scammers excel at thinking up new ways to trick the unsuspecting masses out of their money and private information. Their tricks can come from emails, social media, by phone, and more. Take a look at these seven types of scams and the ways you can protect yourself:
- Spear phishing
- Quid pro quo
- Contact spamming
- Other ways to stay safe
Phishing is a form of scam that fools its victim into thinking the source is trustworthy. They most commonly pretend to originate from banks, governments, and other trustworthy organizations. In general, the goal of a phishing scam is to convince you to open an email and either click a link or start a download. From there, your computer may be infected with malware, or you may be directed to a page designed to collect your personal information. Personal information includes your credit card number, login credentials, or even SSN. There are a few tips you can use to recognize phishing scams:
- Check the Display Name: At first glance, a phishing email looks official. However, if you look at the display name (the email address), it probably won’t look quite right. For example, instead of saying firstname.lastname@example.org, the email might look like email@example.com.
- Preview Links: Many scammers want you to click a link within their emails. Before clicking it, right click and paste it into your search bar to ensure it’s real. If you’re still unsure, don’t click the link at all and instead visit the real website of the organization behind the email.
- Beware of Attachments: If you receive an email with an attachment you didn’t expect, do your best to feel out whether or not it’s suspicious. Draft a new email to the sender (if it’s real) to confirm that you were meant to receive the email. Or, if the attachment isn’t vital, simply don’t open it.
Phishing scams target large batches of victims at a time. Spear phishing uses many of the same tactics but targets fewer people because this scam requires more work. Rather than pretending to be an organization, scammers using spear phishing pretend to be an individual trusted by their victims. Their success comes from conducting extensive research about their victims, usually through social media. By the time they have gathered the names of your friends and coworkers, your interests, and more, they have the ability to create a compelling email that is more likely to trick many victims. A few ways to recognize spear phishing include:
- Checking the Source: Just like with regular phishing, if the source of the email doesn’t seem right, consider it to be a scam.
- Questioning the Motive: If the request is an odd one, for example a friend asking for access to your Facebook account, question whether or not it’s real. In addition, if you know the person would be more inclined to text or call you rather than email, that might be another sign of a scam.
- Asking the Source: If you aren’t sure if the email is real or not, contact the source through a different channel (ie. by phone or in-person). They can confirm its validity.
Not all phishing comes via email. Vishing is one of those examples because this scam takes place over the phone. Sometimes also called neighbour spoofing, vishing takes place when a scammer alters their phone number to appear as if it belongs to an official organization. From there, they can use pre-recorded messages, texts, or even real humans to try to convince the listener to surrender personal information. You can check for vishing with these tips:
- Ask Questions: Ask why the “organization” is calling you. If you’ve never done business with them or their request is unusual, treat the conversation with suspicion.
- Be Suspicious of Offers: If they’re making you offers about contests you’ve never heard of, debts you don’t have, or purchases you never made, that should raise some warning signs.
- Avoid Pressure: If the person on the other end is being aggressive and trying to pressure you into giving them your information, don’t give in.
Remember, you can always hang up the phone if you’re suspicious. This allows you to call the supposed company from a phone number you find independently.
Most phishing techniques try to scare or bully the victim into taking action. They claim your accounts are insecure or you’ve lost money. Pretexting does the opposite by attempting to build trust with their victims. Like with spear phishing, pretexting scammers take time to research their victims thoroughly. Then they build a viable scenario to email you about. For example, they might pretend to be your boss informing you about a new product campaign and asking for information to sign in to a particular account. The right lingo and a well-placed logo increases the odds of victims falling for it. You can help yourself avoid pretexting scams by:
- Verifying the Source: Like with any email, verify that the originating address is legitimate.
- Checking the Language: If the writing is a little bit too friendly or seems strange, try to check with the real sender through a different method, whether with a phone call or in-person conversation.
- Calling Them Out: By tactfully questioning the person sending the email, you may root out a scammer by asking questions they can’t answer.
Most people are familiar with the practice of catfishing. These scams occur when a person creates a fake online profile pretending to be someone they aren’t. The people behind these profiles may bully other users, strike up false relationships, or ask for money after building rapport with the victim. Warning signs of catfishing include the person refusing to talk in person (or even via video chat) and refusal to share personal information. Other catfishing scenarios include:
- Excuses: If they try to use technological failure or other excuses in order to explain why they can’t video chat or meet in person, that may be catfishing.
- Privacy: If they do agree to meet you but insist on that first meeting being in a private place with no one else around, that can be cause for concern.
- Asking for Money: Some catfishers will immediately ask for money and craft an elaborate, sad story about why they need it.
Quid Pro Quo
These types of scams have been around for years. Do you remember those Nigerian princes you “inherited” all that money from? All you had to do to get it was send over a small processing fee. Although the early scams are ridiculous by today’s standards, modern quid pro quo attacks are more subtle. For example, a person may call you pretending to be from an IT company and ask for access to your computer to install a software update. Frequently, the victim does have an update to be done and may allow access without thinking about it. Then the scammer can install malware or steal sensitive files. To avoid quid pro quo attacks, you can:
- Do a Search: Often these attacks target hundreds or thousands of people at a time. It may have hit the news circuit or been picked up by privacy-focused websites which can warn you that you’re dealing with a scammer.
- Don’t Give Them Access: In most cases, a person should not call you and ask for access to your device. Unless you’re expecting the call, just say no.
If you’ve ever received a Facebook message from a friend who is allegedly “selling” Ray-Bans, Prada, or other weird products, you’ve probably encountered contact spamming. This attack occurs when someone you know has fallen victim to a hack or malware. The scammer then uses that person to send links to people in their contact lists. The more people click those links, the further the attack spreads because each person who clicks them then becomes a source for sharing content with their contacts, and so on. Get around contact spamming by:
- Inspecting the Message: If the message or link within the message are out of character for the person sending it, it may be safe to assume that it’s spam.
- Questioning the Sender: If you never get messages from the person who just sent you a link, spam might also be likely.
- Not Clicking the Link: If you’re suspicious, simply don’t click the link.
Other Ways to Stay Safe
Recognizing different scams is a great step towards keeping yourself protected online but it’s not always possible. Here are some other ways to stay safe:
- Look for Mistakes: Normally, messages from official companies have been vetted and edited for correct grammar and spelling. Scammers may have emails full of mistakes that can be a warning sign.
- Ask Questions: A lot of scammers are successful because they craft a story that users don’t question. Once challenged, their story may fall apart.
- Share Carefully: If your accounts are public or you share a lot of personal information online, that can help scammers study and target you. Lock your accounts down and never share anything sensitive.
- Update Your Devices: Keeping your device software updated ensures that you have the latest security updates to protect against malware, viruses, and other malicious content.
- Use a VPN: For increased privacy and safety online, use a VPN. This will help protect your activities so scammers can’t intercept them and use them against you.