Fraudsters and con artists take full advantage of all the Internet has to offer. Waves of online fraud, from phishing emails to attempts at blackmail, have become a steady fixture of the online landscape. This guide from online comparison service moneyland.ch explains the most common scams and tells you how to protect yourself from them.
Phishing
Phishing has been around for a long time, and today it comes in countless guises – often in combination with other scams listed here. Phishing typically follows one of three goals: To encourage you to share information (credit card details, for example) by email, messaging service, or over the phone; to get you to click on a link (to a fake website, for example); to get you to download a harmful attached file (spyware, for example).
The fraudsters behind phishing often set up emails or messages to look like they have been sent by well-known companies, or even service providers you personally use. For example, they may disguise a phishing email to look like it is from you bank, and claim that the bank’s IT system is being upgraded and you need to confirm your login data. Phishing scams may add pressure by claiming that you must reply by a given deadline to avoid consequences (a penalty fee or account closure, for example). By putting you under pressure, fraudsters encourage you to act without thinking it through.
How to protect yourself: Do not let yourself be put under pressure. Always take time to look over the message carefully and to ask yourself whether it could actually be legitimate. Never share sensitive information by email. Avoid clicking on links in unsolicited emails and messages. Visiting the official website of the service provider in question directly is more secure. Do not download attachments and do not open them unless you are completely sure that the sender is trustworthy. If you suspect that a message may be fraudulent, delete the message immediately so that there is no chance of your accidentally clicking on the link or downloading attachments in the future.
Fake websites
Some scammers go to the extent of creating a fake website to trick their victims. The URL is often very similar to that of the site it is copying (e.g., credisuisse.ch). It is not uncommon for scammers to run Google ads which appear when you search for legitimate service providers. In this case, ending up on a fraudulent website when you search for your bank or other service provider can happen easily.
Fake websites may include login forms which mimic those of the site they are copying. The goal in this case is to collect your login information. The login will generally fail because the website is a fake. But the fraudsters will keep the login information you entered and may try to use it to log in to access your actual account.
How to protect yourself: Instead of using search engines to find the online services you use, create a bookmark to the actual URL so that you always go directly to the genuine website. If you receive an email or other communication prompting you to log into a web portal, go to the site in question through your direct URL instead of using the link.
Fake online stores
Fake shops are generally a more sophisticated variant of fake websites. Scammers often use advertisements on social media to lure users. Fake online stores do not necessarily mimic real, established companies. In many cases, the strategy is simply to convince potential “customers” that they are genuine online stores. Typically, fake stores advertise popular merchandise at exceptionally good prices.
You generally have to pay in advance, but in most cases, you never receive the items you paid for. Some fake online shops require payment methods which do not give you the option of disputing payments (such as cryptocurrencies). There are also fake stores which are simply used to steal your credit card information, but are not set up to actually charge your card.
How to protect yourself: Do not shop at online stores which you do not know and trust. If an offer seems too good to be true, it probably is. Take a moment to look for store reviews and ratings online. If you do not find any, or if you only find complaints, consider avoiding that online store altogether. Look over the websites of online stores carefully before you buy. Fake shops often will not have detailed information such as a returns policy or offline contact information.
Tech support scam
Scammers love to get access to your computer or mobile devices. One way they do this is by contacting you – often by phone – and claiming to be from a company which you likely use, like Microsoft or your bank. They offer “technical support” by which they instruct you to install remote software on your computer. This software gives them access to your computer or device.
The typical aim of these tech support scams is to get access to your bank accounts. The scammers then try to transfer money out of your account – sometimes using the excuse that they need to test a new function. Sometimes they claim that you received a payment due to a bank error, and the money must be repaid. Alternatively, fraudsters who gain control of your devices may block your access and demand a ransom.
How to protect yourself: Always be suspicious when a company asks to install remote software on your computer. You can rest assured that reputable companies would never do that. Never let unknown individuals access your computer or devices. Even when using remote desktop software yourself, you should avoid accessing online banking or any other sensitive websites or services while doing so.
Credit card theft
A common scam used to harvest credit card information involves sending potential victims a message pertaining to be from a delivery service. The message typically explains that a parcel is waiting to be delivered to you, but in order to receive it you must first cover a fee or tax – usually a very small amount.
While the exact story may change, the goal is always the same: To get you share your credit card information. The size of the fee is irrelevant. Once you’ve shared your card information, the fraudsters will likely attempt to make fraudulent card-not-present purchases which do not require multi-factor authentication. In the worst case, you will only notice these charges when you receive your credit card statement, assuming you look over it carefully. A common tactic used by credit card information thieves is to charge or spend just a small amount, but on a recurring basis, because small charges are likely to go unnoticed.
How to protect yourself: Only share your credit card information if you are absolutely sure that you are dealing with a trusted merchant. Never click on links in suspicious emails. Credit and debit cards which you can freeze when you are not using them (via an app, for example) help protect against fraudulent transactions. Keeping your line of credit or card limit to the minimum necessary for your card spending will help prevent larger-scale fraudulent transactions. Carefully reviewing your transaction history or card statements is an effective way of discovering fraudulent transactions.
Code requests
The multi-factor authentication now used by many online services is a challenge for scammers. For example, two-factor authentication may be required for online credit card transactions. So even if a fraudster gets your card information, they may not be able to use it without an additional authentication code. In many cases this code is only sent to you during the online checkout process.
In order to access this code, fraudsters will sometimes pretend to be acquaintances, or in some cases representatives of your credit card issuer or bank. In their communications (by email or over the phone, for example), they usually say that they just sent you a code, and ask you to please confirm the code you received. In fact, they have just tried to charge your card, which is why you received an authentication code from your card issuer – a code which the fraudster needs to complete the transaction.
How to protect yourself: Never share authentication codes with other parties. If you unexpectedly receive an authentication code by SMS, contact your service provider directly by phone and ask them why. Only use your card issuer’s official contact information as provided in card documents or on their website. Most payment cards have a customer support hotline printed on the card itself, and this is the number you should call. Never use contact information included in suspicious emails.
More on this topic:
Tips for protecting yourself against phishing
Tips for avoiding credit card theft
How to safeguard yourself against skimming
How to recognize fraudulent loans on social media