Identifying Online Scams and Fraud
Quick answer
- Be wary of unsolicited offers that seem too good to be true.
- Never share personal or financial information with unverified sources.
- Look for poor grammar, spelling, and unprofessional communication.
- Research companies or individuals before engaging or sending money.
- Trust your gut feeling; if something feels off, it probably is.
- Be skeptical of urgent requests for money or personal data.
What to check first (before you act)
Unsolicited Contact
This includes emails, texts, social media messages, or phone calls you didn’t initiate. Scammers often reach out unexpectedly, claiming you’ve won a prize, owe money, or need to verify account information.
Suspicious Links and Attachments
Be cautious of links in emails or messages, especially if they are shortened or come from an unknown sender. Similarly, avoid opening attachments from unverified sources, as they could contain malware.
Urgency and Pressure Tactics
Scammers frequently try to rush you into making decisions. They might claim there’s a limited-time offer, an immediate threat, or a legal issue that requires swift action to avoid consequences.
Requests for Personal Information
Legitimate organizations rarely ask for sensitive data like your Social Security number, bank account details, or passwords via email or text. Always verify the identity of the requester through a separate, trusted channel.
Unrealistic Promises
If an offer sounds too good to be true, it almost certainly is. This applies to investment opportunities, job offers, lottery winnings, or romance scams.
Step-by-step (scam identification workflow)
1. Scrutinize the Sender’s Identity:
- What to do: Examine the email address, social media profile, or phone number. Look for subtle misspellings, unusual domain names, or generic profile pictures.
- What “good” looks like: A professional email address (e.g., `[email protected]`), a verified social media profile, or a direct, recognizable phone number.
- Common mistake: Assuming an email is legitimate just because it has a company logo or a familiar name.
- How to avoid it: Hover over links without clicking to see the actual destination URL. Manually type known website addresses into your browser instead of clicking links.
2. Analyze the Message Content:
- What to do: Read the message carefully for poor grammar, spelling errors, awkward phrasing, or overly aggressive language.
- What “good” looks like: Clear, professional language, correct grammar, and a polite tone.
- Common mistake: Overlooking typos and grammatical errors in the belief that everyone communicates perfectly.
- How to avoid it: Treat any message with multiple errors with suspicion. Legitimate businesses usually have proofreaders.
3. Evaluate the Offer or Request:
- What to do: Assess if the offer or request is reasonable and aligns with what you expect. Does it ask for money upfront for a service or prize? Does it demand personal information?
- What “good” looks like: A clear, straightforward request for a legitimate service or product that you sought out.
- Common mistake: Focusing only on the potential reward and ignoring red flags in the request itself.
- How to avoid it: Ask yourself: “Would a reputable company ever ask me to do this?”
4. Verify the “Urgency”:
- What to do: Recognize when a message creates a false sense of urgency to pressure you into acting quickly.
- What “good” looks like: A reasonable timeframe for decisions or transactions.
- Common mistake: Panicking and acting impulsively because a scammer claimed there was an immediate problem.
- How to avoid it: Take a deep breath. If there’s a supposed problem with a legitimate company, you can always contact them directly through their official channels.
5. Check for Unsolicited Attachments or Downloads:
- What to do: Never open attachments or download files from unknown or suspicious sources.
- What “good” looks like: Receiving attachments only from trusted contacts for expected documents.
- Common mistake: Clicking on an attachment out of curiosity or because it’s presented as an invoice or important document.
- How to avoid it: If you’re unsure, contact the sender via a different, verified method to confirm they sent the attachment.
6. Research the Entity:
- What to do: Search online for the company name, individual, or offer. Look for reviews, complaints, or news articles.
- What “good” looks like: A well-established company with a verifiable online presence, positive reviews, and contact information.
- Common mistake: Believing everything you see on a website or social media profile without independent verification.
- How to avoid it: Use search engines to find the company’s official website (don’t click their links), look for their presence on the Better Business Bureau (BBB) website, and search for “[company name] scam” or “[company name] reviews.”
7. Guard Your Personal Information:
- What to do: Be extremely reluctant to share sensitive data like your Social Security number, bank account details, credit card numbers, or passwords.
- What “good” looks like: Only providing personal information when you have initiated the transaction and are on a secure, verified website or speaking to a trusted representative.
- Common mistake: Giving out information because the scammer claims to be from a known company or government agency.
- How to avoid it: If asked for information, disconnect and call the company or agency directly using a number you know is legitimate.
8. Analyze Payment Methods:
- What to do: Be suspicious of requests for payment via gift cards, wire transfers, cryptocurrency, or peer-to-peer payment apps, especially for unexpected transactions.
- What “good” looks like: Paying for goods or services using secure methods like credit cards (which offer fraud protection) or checks from a reputable source.
- Common mistake: Sending money via untraceable methods because the scammer insisted it was the “only” or “fastest” way.
- How to avoid it: Understand that these payment methods are often favored by scammers because they are difficult to trace and recover.
9. Trust Your Intuition:
- What to do: Pay attention to your gut feeling. If something feels “off,” “too good to be true,” or makes you uncomfortable, it’s a strong signal to stop.
- What “good” looks like: A calm, confident feeling about a legitimate interaction.
- Common mistake: Dismissing your own unease because you don’t want to seem rude or miss out on an opportunity.
- How to avoid it: Acknowledge your feelings. It’s better to be overly cautious than to lose money or personal data.
What affects your score (plain language)
- Unsolicited Offers: Scammers often promise incredible returns on investments or unbelievable deals on products. If it sounds too good to be true, it almost certainly is.
- Phishing Attempts: These are scams designed to trick you into revealing personal information like passwords, credit card numbers, or Social Security numbers, often by impersonating legitimate companies or government agencies.
- Fake Charities: Scammers create fraudulent charities to solicit donations, especially after natural disasters or during holiday seasons.
- Romance Scams: Individuals build fake online relationships to gain trust and then ask for money for fabricated emergencies or travel expenses.
- Tech Support Scams: Scammers pose as tech support from well-known companies, claiming your computer has a virus and asking for remote access or payment for unnecessary services.
- Lottery or Prize Scams: You’re told you’ve won a large sum of money or a prize, but you must pay a fee or taxes upfront to claim it.
- Fake Job Offers: Scammers post enticing job ads, often requiring you to pay for training materials or equipment, or asking for personal information for “payroll.”
- Impersonation: Scammers pretend to be someone you know, like a friend, family member, or colleague, to ask for money or information in a moment of perceived crisis.
- Malware and Spyware: Clicking on malicious links or downloading infected files can install software that steals your information or allows scammers to control your device.
What NOT to do while identifying online scams:
Do not click on suspicious links, download unexpected attachments, share personal information without verification, send money to unverified individuals or entities, or fall for high-pressure tactics. Always verify independently before acting.
Common mistakes (and what happens if you ignore them)
| Mistake | What it causes | Fix |
|---|---|---|
| Clicking on suspicious links | Malware infection, identity theft, redirection to fake websites | Never click links from unknown or untrusted sources. Hover over links to preview the URL. Manually type website addresses. |
| Downloading unknown attachments | Malware, viruses, ransomware, data theft | Do not open attachments from unknown senders. If you’re expecting an attachment, verify with the sender through a separate channel. |
| Sharing personal information unsolicited | Identity theft, financial fraud, unauthorized account access | Never give out your Social Security number, bank account details, credit card numbers, or passwords to unverified individuals or via unsecure communication. |
| Falling for “too good to be true” offers | Financial loss, disappointment, wasted time | Be skeptical of deals, prizes, or investment opportunities that seem unrealistic. Research thoroughly and trust your instincts. |
| Sending money via untraceable methods | Inability to recover lost funds, enabling further scamming | Avoid paying with gift cards, wire transfers, cryptocurrency, or peer-to-peer apps for unexpected transactions. Use credit cards for better protection. |
| Ignoring grammar and spelling errors | Missing clear indicators of a scam | Treat messages with poor grammar or spelling with extreme suspicion. Legitimate businesses usually have professional communication. |
| Acting under pressure or urgency | Poor decision-making, falling for the scam without thinking | Take your time. If a message creates urgency, disconnect and verify the situation through official channels. Legitimate issues rarely require immediate, unverified action. |
| Believing impersonations without verification | Giving money or information to criminals, unauthorized access to accounts | Always verify the identity of the person or organization contacting you. Call them back using a known, legitimate phone number. |
| Not researching the entity | Engaging with fraudulent companies or individuals | Before sending money or providing information, search online for reviews, complaints, and the company’s official website and contact details. |
| Trusting unsolicited tech support calls | Paying for fake services, granting remote access to your computer for theft | Never accept unsolicited tech support. If you have a tech issue, contact the company directly through their official website or customer service number. |
Decision rules (simple if/then)
- If an email claims you’ve won a lottery you didn’t enter, then do not respond because it’s a common lottery scam.
- If a message asks for payment via gift cards, then do not proceed because gift cards are a favored payment method for scammers due to their untraceability.
- If you receive an unsolicited attachment from an unknown sender, then do not open it because it could contain malware or viruses.
- If an offer promises extremely high returns on investment with little to no risk, then be highly skeptical because such returns are rarely legitimate.
- If a website asks for personal information but the URL doesn’t start with “https://” or doesn’t look like the official company site, then do not enter your data because the site may be a fake designed to steal information.
- If someone claiming to be from a government agency (like the IRS) threatens immediate arrest for unpaid taxes and demands payment, then hang up and verify with the agency directly because this is a common tactic for impersonation scams.
- If a person you met online asks for money for an emergency, then do not send it because it is likely a romance scam.
- If a pop-up on your computer claims it’s infected and tells you to call a number, then close the pop-up and run your antivirus software because these are usually fake warnings to trick you into calling a scammer.
- If a job offer seems too good to be true and requires you to pay for training or equipment upfront, then it is likely a fake job scam.
- If a company asks you to pay a fee to receive a prize or refund, then refuse because legitimate organizations do not charge fees for these.
FAQ
Q: How can I tell if an email is a phishing attempt?
A: Look for generic greetings, poor grammar, suspicious links, and requests for personal information. Legitimate companies rarely ask for sensitive data via email.
Q: What should I do if I receive a suspicious text message?
A: Do not click on any links or reply. Delete the message and consider blocking the number. If it claims to be from a company you do business with, contact them directly through a trusted channel.
Q: Is it safe to buy from unknown online sellers?
A: It can be risky. Research the seller thoroughly, check reviews, and look for secure payment options. If something feels off, it’s best to avoid the transaction.
Q: What are common signs of a romance scam?
A: Scammers build emotional connections quickly, then invent emergencies or travel plans to ask for money. They will often avoid meeting in person or video calls.
Q: What if a website asks me to download software to view content?
A: Be very cautious. Legitimate websites rarely require you to download software to access their content. This could be a tactic to install malware.
Q: How can I verify if a charity is legitimate?
A: Check with organizations like Charity Navigator or GuideStar, or visit the charity’s official website directly. Be wary of charities that solicit donations via unsolicited calls or emails.
Q: What if someone claims I owe money to a company I’ve never heard of?
A: Do not pay. Contact the company they claim to represent directly using information from their official website to verify the debt.
Q: Can I trust unsolicited calls from “tech support”?
A: No. Legitimate tech support will not call you out of the blue to tell you your computer has a problem. Hang up immediately.
What this page does NOT cover (and where to go next)
- Detailed instructions on how to report specific types of fraud to law enforcement agencies.
- Information on how to recover funds after being scammed.
- In-depth guidance on cybersecurity best practices for businesses.
- Legal advice regarding consumer protection laws.
Where to go next:
- Information on reporting fraud to federal agencies like the Federal Trade Commission (FTC) or the FBI’s Internet Crime Complaint Center (IC3).
- Resources for identity theft protection and recovery.
- Guides on strengthening your online security and privacy.
- Consumer protection resources from your state’s Attorney General’s office.