Top Online Scams Used by Cyber Criminals to Trick You
Here’s how to avoid falling even in their best designed trap
Cyber criminals affected the online businesses and individuals since the internet networks first appeared and spread all over the world.
Internet services and websites make it easy for us to pay bills, shop, make online reservations and even work. And you can do any of these actions from any place in the world. Old boundaries and human limitations were dropped, in order for us to have access to almost any information. Our lives became so much easier.
But the same thing is true for CRIME.
Our freedom to navigate and access a wide number of online locations represents in the same time a main vulnerability, because an open door always allows access in both directions.
Criminal minds can reach these days further than before, into our private lives, our homes and work offices. And there is little we can do about it.
Attack methods and tools vary from traditional attack vectors, which use malicious software and vulnerabilities present in almost all the programs and apps (even in the popular Windows operating systems), to ingenious phishing scams deployed from unexpected regions of the world, where justice can’t easily reach out to catch the eventual perpetrators.
The most common ways for you to become vulnerable to a malware attack or phishing scam usually happen when you:
- shop online
- check your email
- access social media networks
For this reason, we need to know what are the most popular schemes and techniques used by cyber criminals in order to obtain our private information and financial data.
We must not forget their final target is always our money and there is nothing they won’t do to accomplish their mission.
Here’s the list of online scams to stay away from:
Phishing email scams
The Nigerian scam
Greeting card scams
A guaranteed bank loan or credit card scam
Fake antivirus software
Facebook impersonation scam (hijacked profile scam)
Make money fast scams (Economic scams)
Fake news scam
Stock market scams
Job offer scams
SMS Scams (Smishing)
1. Phishing email scams
According to a recent report released by Wombat Security, the number of phishing emails sent this year was bigger, with a 155% increase compared to 2016. The effects of phishing attacks can be devastating to both organizations and individuals, so it’s essential to stay safe and raise a security awareness. This report has proven that people know and understand what phishing is, because 65% of US and 72% of UK respondents answered correctly to question: “What is phishing?”
Phishing scams are based on communication made via email or on social networks. Cyber criminals will send you messages and try to trick you into giving them your login credentials – from your bank account, social network, work account, cloud storage or any other personal data that can prove to be valuable for them.
In order to do that, the phishing emails will seem to come from an official source – it can be bank authorities or other financial institutes, but also delivery companies or social networks representatives.
This way, they’ll persuade you to click on the links contained by their messages and access a website that looks legit, looks like the real one, but it’s actually controlled by them. You will be sent to a fake login access page that resembles the real website. If you’re not paying attention, you might end up giving your login credentials and other personal information.
In order for their success rate to grow, scammers create a sense of urgency. They’ll tell you a frightening story of how your bank account is under threat and how you really need to access as soon as possible a web page where your must insert your credentials in order to confirm your identity or your account.
After you fill in your online banking credentials, cyber criminals use them to breach your real bank account or to sell them on the dark web to other interested parties.
It’s one of the main scamming techniques used to spread financial and data stealing malware. There isn’t any reason why you shouldn’t be very well prepared for this attempt. However, even if you install a good antivirus program, there is no better way to stay safe from this threat but to avoid the initial infection phase.
Here’s a complete guide on how to detect and prevent phishing attacks – filled with screenshots and actionable tips.
2. The Nigerian scam
Source: Wikimedia Commons
Nigerian scam is one of the oldest and most popular online scamming technique used mostly by a member of a Nigerian family with wealth to trick different people. Also known as “Nigerian 419”, the number 419 comes from the section of Nigeria’s Criminal Code which banned the practice.r.
A typical Nigerian scam involves an emotional email, letter, text message or social networking message coming from a scammer (which can be an official government member, a businessman or a member of a very wealthy family member – usually a woman) who asks you to give help in retrieving a large sum of money from a bank, paying initially small fees for papers and legal matters. In exchange for your help, they promise you a very large sum of money.
This is just the beginning, as they will continue to ask you to pay more and more money for additional services, such as transactions or transfer costs. You even receive papers that are supposed to make you believe that it’s all for real. In the end, you are left broke and without any of the promised money. There were also cases where not only money was lost in the scam, but people were kidnapped or even worse.
In this blog post we exposed more examples of scams carried on social media networks (tips on how to stay safe from them included).
3. Greeting card scams
This is another old scam: the greeting cards that you receive in your email inbox and seem to be coming from a friend.
If you open such an email and click on the card, you usually end up with malicious software that is being downloaded and installed on your operating system. The malware may be an annoying program that will launch pop-ups with ads, unexpected windows all over the screen. However, it can also be ransomware or one of the worst financial malware that’s been around, part of the infamous Zeus family.
If your system becomes infected with such dangerous malware, you will become one of the bots which are part of a larger network of affected computers. In this unfortunate event, your computer will start sending private data and financial information to a fraudulent server controlled by IT criminals.
To find out more information about financial malware, read this article. And here’s how you can tell if your computer was infected with malware.
4. A guaranteed bank loan or credit card scam
Difficult times push people into getting trapped by “too good to be true” bank offers that guarantee you large amounts of money and have already been pre-approved by the bank. If such an incredible pre-approved loan is offered to you, simply use your common sense to judge if it’s for real or not.
How is it possible for a bank to offer you such a large sum of money without even knowing your financial situation?
Though it may seem unlikely for people to get trapped by this scam, there’s still a big number of people who lost money by paying the “mandatory” processing fees required by the scammers.
5. Lottery scam
One more classic scam which never seems to get old. The lottery scam comes as an email message informing you that you won a huge amount of money and all you need to do to collect your fortune is to pay some small fees.
Lucky you! It doesn’t even matter that you don’t recall ever purchasing lottery tickets.
Since it addresses some of our wildest fantasies, such as quitting our jobs and living off the fortune for the rest of our lives, without ever having to work again, our imagination falls prey easily to images of a dreamhouse, endless summer vacations or expensive items that a normal man can only dream of.
But the dream ends as soon as you realize you have been just another scam victim. DO NOT fall for this online scam.
6. Hitman scam
One of the most frequent scams you can meet online is the “hitman” extortion attempt. Cyber criminals will send you an email threatening you in order to obtain money. This type of scam may come in various forms, such as the one threatening that they will kidnap a family member unless a ransom is paid in a time frame provided by the scammers.
To create the appearance of a real danger, the message is filled with details from the victim’s life, collected from an online account, a personal blog or, more and more frequently, from a social network account.
That’s why it’s not wise to offer sensitive, personal information about you on social media. It might seem like a safe and private place, where you’re only surrounded by friends, but in reality you can never know for sure who’s watching you.
That’s why sometimes it’s better to be a little bit paranoid.
7. Romance scams
How many of us have already been fooled by this one? Since this one addresses our subjective self and not our rational side, we tend to drop our guard and leave aside any logical analysis.
This scam takes place on social dating networks, like Facebook, or by sending a simple email to the potential target.
The male scammers are often located in West Africa, while the female scammers are mostly from the eastern parts of Europe.
Cyber criminals have abused this scamming method for years by using the online dating services. They improved their approach just by testing the potential victims’ reactions.
This scheme may take place for several months or more in order to gain the trust of that person. In many cases, it even goes to the moment when a meeting is arranged.
When this happens, two things may take place:
- an “unpredictable” event occurs and the scammer needs money as soon as possible for his/her passport or other details.
- if the victim comes from a rich family, he/she may be kidnapped and a large sum of money could be requested from the family.
Our recommendation is to read these real stories and learn from them, so you don’t become a victim of a romance scam:
- A woman lost £1.6 million after she met two conmen on a dating site
- A Perth woman has lost $300,000 after falling in love with a fake Facebook profile
- US woman lost her $50.000 life savings by becoming victim of a cyber-dating scam artist
Knowing that hundreds of women and men from all over the globe are victims of this type of online scam, we also recommend reading these tips to protect yourself and avoid being scammed.
8. Fake antivirus software
We all saw at least once this message on our screens: “You have been infected! Download antivirus X right now to protect your computer!”.
Many of these pop-ups were very well created to resemble actual messages that you might get from Windows or from a normal security product.
If you are lucky, there is nothing more than an innocent hoax that will bother you by displaying unwanted pop-ups on your screen while you browse online. In this case, to get rid of the annoying pop-ups, we recommend scanning your system using a good antivirus product.
If you are not so lucky, you can end up with malware on your system, such as a Trojan or a keylogger. This kind of message could also come from one of the most dangerous ransomware threats around, such as CryptoLocker, which is capable of blocking and encrypting your operating system and requesting you a sum of money in exchange for the decryption key.
To avoid this situation, we recommend using a specialized security product against this kind of financial malware, besides your traditional antivirus program.
9. Facebook impersonation scam (hijacked profile scam)
Without doubt, Facebook is the most popular social media platform, hitting two billion of active users per month. It’s also the channel where most of the brands and companies communicate with customers and users, and promote their products. Facebook represents a trustworthy channel for many users that they rarely check whether a company page is trustworthy or not.
If most friends, colleagues and social connections are on Facebook, it is perfectly normal for such a place to also attract the unwanted attention of online scammers. Just imagine your account being hacked by a cyber criminal and gaining access to your close friends and family.
Since it is so important for your privacy and online security, you should be very careful in protecting your personal online accounts just the way you protect your banking or email account. Set a double authentication method as soon as possible. This will act as an additional layer of security, besides your password.
10. Make money fast scams (Economic scams)
The following common online scam is extremely popular: cyber criminals will lure you into believing you can make easy money on the internet. They’ll promise you non-existent jobs, plans and methods of getting rich quickly and money from official government sources.
It is a quite simple and effective approach, because it simply addresses one’s basic need for money, especially when that person is in a difficult financial situation.
From this point of view, this scamming method is similar to the romance scam mentioned above, where the cyber attackers address the romantic needs of the victim.
The fraudulent posting of non-existent jobs for a variety of positions is part of the online criminals’ arsenal.
Using various job types, such as work-at-home scams, the victim is lured into giving away personal information and financial data with the promise of a well paid job that will bring lots of money in a very short period of time.
11. Travel scams
These scams usually appear in the hot summer months or before the short winter vacations, for Christmas or New Year’s Day.
The scenario is usually like this: you receive an email containing an amazing offer for an extraordinary hard to get to destination (usually an exotic place) that expires in a short period of time and you must not miss. If it sounds too good to be true, it might be a travel scam, so don’t fall for it!
The problem is that some of these offers actually hide some necessary costs until you pay for the initial offer. Others simply take your money without sending you anywhere.
In such cases, we suggest that you study very well the travel offer and look for hidden costs, such as: airport taxes, tickets that you need to pay to access a local attraction, check if the meals are included or not, other local transportation fees between your airport and the hotel or between the hotel and the main attractions mentioned in the initial offer, etc.
As a general rule, we suggest that you go with the trustworthy, well known travel agencies. You can also check if by paying individually for plane tickets and for accommodation you receive the same results as in the received offer.
12. Delivery scams
Here’s another online scam happening frequently which infects users’ PCs with malicious emails. A deliver scam is a spam email sent by attackers having a link with a dynamically generated folder on the compromised server to provide the content.
Hackers are real experts and can customize a message according to a specific targeted country, so they can convince users to click the malicious link. The folder usually contains a Cryptolocker infection which is a virus payload hiding in an attachment (zip files) to a phishing mail.
13. Fake news scam
The spread of fake news on the Internet is a danger to all of us, because it has an impact on the way we interpret and react to information we found on social media. It’s a serious problem that should concern our society, mostly for the misleading resources found online, making it impossible for people to distinguish between what’s real and what’s not.
This is why it’s recommended to access reliable sources of information coming from friends or people you know read regular feeds from trusted sources: bloggers, industry experts, in order to avoid fake news.
This type of scam could come in the form of a trustworthy website you know and often visit, but being a fake one created by scammers with the main purpose to rip you off. This could be a spoofing attack which is also involved in fake news, and refers to fake websites that might link you to a buy page for a specific product, where you can place an order using your credit card.
The problem is that once you click on such website, you could access a malicious URL exposing you to online threats and trying to infect your computer. A fake news scam could lead to a malicious payload aimed at infecting your computer and accessing your sensitive data.
To avoid falling for fake news scams, you can use tech tools such as Fact Check from Google or Facebook’s tool aimed at detecting whether a site is legitimate or not, analyzing its reputation and information.
Cyber security experts say that these fake news scams represent a threat for both organizations and employees, exposing and infecting their computers with potential malware, so they need to take preventive measures “to remove administrative rights from the endpoint and increase awareness at the layer of proxy control for employees”.
14. Fake shopping websites
Everybody loves shopping and now it’s easier and more convenient to do this on the Internet with a few clicks. But for your online privacy, you need to be very careful about the sites you’re constantly accessing. There are thousands of websites out there that provide false information, and might redirect you to malicious links, giving hackers access to your most important data: credit card, name and/or address.
If you see a great online offer which is “too good to be true”, it might be tempting to take it right away, but you should stay safe against various methods used by cybercriminals to exploit online shoppers by knowing how to spot a fake shopping site.
We strongly recommend reading these online shopping security tips to keep yourself free from data breaches, phishing attacks or identity theft operations.
15. Loyalty points phishing scam
Source: G Data Security Blog
Many websites have a loyalty program to reward their customers for making different purchases, by offering points or coupons. This is subject to another online scam, because cyber criminals can target them and steal your sensitive data. If you think anyone wouldn’t want to access them, think again.
The most common attack is a phishing scam that looks like a real email coming from your loyalty program, but it’s not. Malicious hackers are everywhere, and it takes only one click for malware to be installed on your PC and for hackers to have access to your data.
As it might be difficult to detect these phishing scams, you may find useful this example of a current phishing campaign targets holders of Payback couponing cards, as well as some useful tips and tricks to avoid being phished.
16. Stock market scams
Here’s another online scam to stay away from: stock market fraud. Whether it’s an email you receive promising a huge amount of money, or callers who make you tempting and “too good to be true” investments, there are enough stock market scams out there and you can easily become a target. Don’t fall for them!
We know it’s not an easy job to spot a stock market scam, but you can always be proactive, vigilant of these scams and avoid getting fooled. To keep yourself safe and prevent these things to happen, you should read this on how to avoid stock market scams and some of the most common financial scams.
17. Job offer scams
Sadly, there are scammers everywhere – even when you are looking for a job – posing as recruiters or employers and using fake and “attractive” job opportunities to trick people. This is why, you need to watch out for those job offers you are getting from potential employers.
The approach is quite simple. It begins with a phone call (or a direct message on LinkedIn) from someone claiming to be a recruiter from a well-known company who saw your online CV and saying they are interested in hiring you. Whether you’ve applied or not, the offer might be very appealing, but don’t fall into this trap.
To protect yourself from job offer scams, it’s very important to:
- Do a thorough research about the company and see what information you can find about it;
- Check the person who’s been contacted you on social media channels;
- Ask for many information and references and check them out;
- Ask your friends or trustworthy people if they know or interacted with the potential employer.
To avoid these types of online job scams, check this article.
18. SMS Scams (Smishing)
Source: Malwarebytes Labs
There’s no doubt that smartphone has become vital for our daily activities, as we use it for online shopping, banking or communicating with our friends and family.
Needless to say the amount of data we store on our personal devices which make them vulnerable to cyber criminals, always prepared to steal our online identities or empty our bank accounts.
According to Panda Security, hackers are trying methods to attack and the most recent one is called smishing (using SMS text messages), a very similar technique to phishing, but, instead of sending emails, malicious hackers send text messages to their potential victims.
The scenario is usually simple: you receive an urgent text message on your smartphone with a link included saying it’s from your bank and you need to access it to update your bank information, or other about your online bank account that will be blocked, promotional offers about new products and services and more.
Be careful about these SMS you receive and don’t click on suspicious links that could redirect to malicious sites trying to steal your valuable data.
Online scams developed using increasingly sophisticated means of deceiving users, especially in the rich Western countries.
According to FBI, online scams have increased over the last 10 years and the total losses doubled in the recent years, affecting both private individuals and large scale businesses. For this reason, cyber criminal activities are now subject to federal investigations and are treated as a very serious problem that affects us all.
For an extended list of common fraud schemes discovered and analyzed by FBI, you can check this article.
You may think that you can’t be fooled by these online scams, since some of them are quite hilarious, such as the one promising to send you money or the one where the scammers pretend to be FBI agents.
Since some scams are so well organized and convincing, and the people behind so difficult to catch, we need to always keep our guard up. Stay informed about the latest scamming strategies.
Have you met some of the above scams while browsing or in your email inbox? What were the most convincing ones?