Protect yourself against scams and online threats with Avast One
A scam is a fraudulent attempt to obtain something of value from you, typically money but not always. In this article, we break down the most common types of online scams while giving you the tools and know-how you need to detect and fight against scammers. Then, keep your digital life safe with a reliable cybersecurity tool.
This article contains:
Before we continue, let’s quickly define scams and a few other relevant terms:
Scam: a dishonest scheme intended to trick you into giving up something of value. Also known as a “confidence trick” or “con”.
Scammer: a person who tries to scam someone else. Also known as a “conman” or, more romantically, a “con artist”.
Mark: the target of the scam. If the scam succeeds, the mark becomes a victim.
Grifter: a specific type of scammer who cultivates marks through skillful manipulation and personal charisma. Their scams are referred to as “grifts”.
Scheme: a plan, or the act of making such a plan, to achieve a goal, such as acquiring money from a mark.
Back in the analog era, scams were conducted in-person. Scammers, often working in pairs or teams, would carry out scams on the street or in busy public places such as restaurants and pubs. As technology advanced, so did scamming techniques. Train travel, postal systems and telephones all granted scammers access to larger pools of marks, as did the widespread emergence of a middle class in the 20th century. More people had more money to steal, and it was easier for scammers to contact them.
As the internet developed and expanded into what it is today, scamming entered a whole new world of opportunity. Read on to discover the most prevalent online scams and learn how to avoid them.
The increased connectivity of the internet has enabled scammers to reach more potential marks than ever before. Scammers were quick to develop new scams while updating traditional approaches. Let’s take a look at several types of online scams and explore how they work:
A phishing scam involves a scammer (or in this case, the “phisher”) masquerading as a legitimate organization or trusted person and contacting marks in order to solicit sensitive personal information such as account numbers, user credentials, or credit card data.
Afterwards, the scammer will use this information to steal money, commit identity or credit card fraud, engage in corporate espionage, or other such illicit activities. The majority of phishing scams are perpetrated via email.
What is a phishing scam when compared to regular email spam? The difference is that phishing scams, and other scams, are actively seeking to hurt you. Plain old spam is just annoying.
An example of a phishing email that attempts to trick you into providing sensitive personal info.
Usually conducted via a dating website, dating app, or social media, these involve the scammer cultivating a long-distance relationship with a mark over a period of time. The scammer will have created a convincing profile, complete with photos and background information, but none of it is authentic.
These relationships progress quickly, with many promises made about upcoming visits. After obtaining the mark’s trust, the scammer will cite some sort of emergency — medical or legal expenses, travel hiccups, a family crisis — and request money. Some romance scams can persist for months or even years, with multiple financial transfers from the mark to the scammer, before the mark realizes they’ve been catfished.
Crowdsourcing platforms like Kickstarter, GoFundMe and Indiegogo allow people to solicit donations from anyone on the internet who finds their cause to be a worthwhile one. People use crowdsourcing to fund inventions, business ideas, creative projects, or more depressingly, to cover medical and legal expenses.
Scammers abuse crowdsourcing platforms by whipping up fake campaigns designed to somehow excite or tug at the heartstrings of their target audience. After collecting a sizable amount of donations, the scammer disappears.
Apartment hunting is frequently stressful and never fun. Scammers take advantage of this pressure-filled process by posting fraudulent apartment listings online. Some may depict actual apartments that exist, but that the scammer has no authority to rent, while others are entirely fictitious. The scam apartments tend to offer far more value, in terms of quality, space and location, than is typical in the area for the proposed rent.
The mark will be asked to transfer a deposit before visiting the apartment or meeting the landlord. Once the scammer has the money, they’ll cut off contact and vanish, leaving the mark somewhat poorer and still without a home.
This is where we find one of the internet's most infamous scams: the Nigerian Prince. The advance-fee scam is an evolution of a classic scam known as the Spanish Prisoner. In it, the scammer would pretend to be in touch with a wealthy aristocrat, currently imprisoned and in need of money to secure their release. The mark would be assured repayment many times over once the prisoner obtained their freedom, but of course, this would never happen.
Today’s versions, of which the Nigerian Prince is but one, all involve the scammer asking for a comparatively minor bit of money up-front in order to enable a much larger transfer of money or goods to the mark. The promised transfer is often less-than-legal, which discourages marks from reporting these scams to the relevant authorities. Other times, advance-fee scams take the form of sweepstakes or lottery winnings. No matter the setup, you’re not going to get any money.
A straightforward example of an advance-fee scam.
Working from home certainly has its benefits. No office hours, no commute, no colleagues, and best of all, no dress code. Scammers know this all too well. In the work-from-home scam, you’ll be pitched a “job offer” that, at first glance, sounds amazing. They’ll promise quick earnings and flexible hours with roles that don’t require any specialized training or education.
Once you’re on the hook, the scammer triggers the next stage: before you can begin, you need to purchase a startup kit, proprietary software, training course, or even a subscription service. Others will trick new hires into laundering money, cashing bad checks, or forwarding shipments purchased with stolen credit cards.
If you’ve ever seen one of those pop-ups telling you that your computer is in dire need of antivirus rescue, you’ve come across this scam. Also known as scareware, these fake antivirus ads want you to panic and pay up in order to secure what you believe to be the solution to your malware woes. There’s no gold at the end of this rainbow, though, and your money will simply disappear into the internet.
Some creators of fake antivirus apps manage to list their scam software in legitimate download portals. When you install them on your device, they’ll appear as though they’re performing virus scans, but they don’t actually have any antivirus capabilities. Instead, they’re adware in disguise, created solely for the purpose of showing you ads when you use them. Real antivirus software will protect you against the adware and other malware that often comes with these fake apps.
An example of a scareware pop-up that attempts to convince you that there is malware on your computer.
Multi-level marketing (MLM) or “network marketing” scams present themselves as opportunities to “be your own boss” or “start your own business” by purchasing inventory to sell from someone already involved in the company.
When the majority of participants’ earnings come from sales, an MLM can be considered legitimate. However, some are built on a model that prioritizes the recruitment of new members over sales, so that a recruiter’s income is primarily derived from inventory purchases by junior members. Members lower in the hierarchy may end up spending more on inventory purchases than they ever recover in sales, while higher-ranking members reap the rewards.
With social media playing an increasingly greater role in recruitment, many people are drawn into MLMs by trusted friends or family members. The recruiter doesn’t have to spend time cultivating a relationship as they would with a catfishing scam, since their targets are people they already know.
No matter the type of scam, you should make sure to protect yourself. One great way to defend yourself against getting scammed through malware and internet vulnerabilities is to use a strong cybersecurity tool. Avast One features a suite of privacy and security safeguards to keep you protected online and keep your personal data secure.
The golden rule of scam detection is this: If it sounds too good to be true, it probably is.
Scammers love to ply marks with big promises of quick and easy money, seemingly requiring little to no effort on your part other than sitting back and raking in the profits. They know that greed, fear, vanity, and even loneliness are powerful motivators, and they are skilled when it comes to manipulating these emotional vulnerabilities. Trust your instincts and don’t buy the hype.
The next time you come across an unbelievable offer, ask yourself the following questions:
Do I know this person? Many online scams are sent from or operated by contacts you won’t recognize. The advance-fee scam, work-from-home scam, crowdsourcing scams, and many phishing scams all work this way. However, others rely on trust as a key motivator. A long-distance romantic partner may not be all that they claim to be.
Is this a realistic deal? Go with your gut on this one. Does an apartment look way too nice to be rented at such a low rate? Is this vacation package reasonably priced? Are you being promised an easy job that pays well with minimal effort? Has someone claimed that you’ll be rewarded handsomely if you can transfer a quick deposit? Remember the anti-scam mantra: if something feels too good to be true, that’s likely because it is.
Is this financial transaction safe? If asked to send payment, look out for unprotected payment platforms such as wire transfers, Western Union, or gift cards. These cannot be reversed, which is ideal for a scammer’s needs. Also be wary of offers that propose payment via bank check. Legitimate offers should accept standard and regulated methods of payment, such as a credit card or Paypal.
What am I being asked to share? Phishing scams go after personal details that can later be used against you. No legitimate company should be asking you to confirm your login credentials, financial accounts, credit card numbers, or detailed personal information.
Am I being rushed? Scammers create artificial urgency to force you through a rushed decision. Some use FOMO, or “fear of missing out,” to encourage you to bite on a tempting offer, while others will threaten you with steep penalties for missing a deadline. Either way, ultra-urgency is a big warning sign for scams.
Does this person’s story hold up? If you suspect that you’re being conned by a catfisher or a grifter, dig into their backstory. Scope them out on social media and confirm any claims they’ve made through your own research. Consider any inconsistencies to be major red flags, then respond accordingly.
Are they taking the conversation off-platform? You’re protected on many legitimate commerce, booking, and dating sites if you keep all your conversations on-record through the site’s messaging service. People requesting that you communicate privately via email or IM may have something to hide.
The realization that you’ve been scammed is never easy to handle, and it’s OK to feel upset about it. If the scammer is someone you thought you could trust, it’s natural to feel betrayed, angry, sad, and even depressed. While you might not be able to get your money back or mitigate all the consequences, here are some ways you can be proactive in the wake of a successful scam:
Cut the scammer off. You aren’t going to convince them to return your money, so don’t even bother. Continuing the relationship leaves the door open to additional scams in the future. Block their email address or social profiles and ignore any further attempts on their part to reach you. And definitely do not send them any more money.
Contact your financial institutions. You won’t always be able to recover the money you sent to a scammer, but you can try. Contact your bank or credit card provider and see what they can do. The same goes for any third-party services you may have used to facilitate the transfer. At the very least, they’ll be aware that you were scammed, and you can discuss security options for the future.
Freeze your credit. If you’ve been scammed, freeze your credit immediately to prevent scammers from opening new lines of credit in your name.
Change your passwords. If you disclose any sensitive personal info to the scammer, be proactive and change up your login credentials online with a strong password. This is especially important for financial sites like banks or Paypal. You can prevent additional losses by locking scammers out.
Report the scam. Scamming is a criminal act, and here’s how to report a scam: Contact the relevant authorities in your area and inform them about the scam. If you were scammed via a website or app, let them know as well. Your reports can go a long way towards preventing others from being scammed.
Share your experience. You may feel embarrassed for having fallen for a scam. This is natural, understandable, and acceptable. Talking about your experience can help you process your feelings, especially after a romance scam or other long-term grift. You can also help educate your friends and family about the scam that affected you.
Reach out for professional support. It hurts to get scammed, and you don’t have to bear the burden alone. Contact a trained professional in your area if you’re experiencing any strong negative feelings in the wake of your experience.
Now that you know the warning signs of scams to look out for, you’re all the better equipped to avoid them. Practice the following anti-scam safety habits to steer clear of scammers anytime you’re online.
If you have one, pay with a credit card. Compared to debit cards and bank transfers, credit cards are far more secure. Your credit card company is on your side when it comes to fraud, since it’s their money on the line and not yours. When you’ve been ripped off, chargebacks are your friend.
Never download attachments or click links from unknown contacts. Scammers can use attachments and websites to infect your computer with malware. For example, Trojans often slip onto your device while disguised as harmless attachments, and those Trojans can then bring rootkits, spyware or adware with them. Some malware will just show you ads, while others can be far more damaging. As a general rule, don’t click things you don’t trust.
Keep personal info to yourself. You know how lots of websites ask you to answer a series of security questions in case you need to recover your password? Remember which info you’ve set as security measures, and don’t share it. Otherwise, scammers can answer your security questions with ease. Of course, this also applies to things like login credentials and account numbers.
Secure yourself online. If a website offers two-factor authentication, use it. It’s not bulletproof, but it’s better than nothing. Use strong, unique passwords on the websites you frequent, and store them securely with a dependable password manager.
When it comes to avoiding scams, a little bit of vigilance goes a long way. But no matter how much you’ve sharpened your scam-detection instincts, there’s always someone waiting for you to let your guard down. That’s where a strong and comprehensive cybersecurity tool comes into play.
Avast One protects you against scammers and the malware they love to use on multiple fronts. It continually monitors your device and internet environment for any vulnerabilities, defending you in real-time against even the most current hacking practices. Keep scammers off your machine with a security solution and antivirus protection trusted by over 400 million users around the world.