Among the fun of Facebook, the delight of YouTube, the convenience of the news, and the thrill of online shopping, there are dangers lurking on the Internet. From nasty viruses to email scams designed to steal your personal information, the Internet is where users can often get duped, tricked, or played. Think it can’t happen to you? In 2017, Australians lost a collective $340 million as a result of scams.
With a myriad of ways to be fooled in all corners of the web, it can be hard to know how to keep yourself safe. Fortunately, online scams are largely avoidable, so long as you know what to look for.
Today, we’re examining 5 of the most common Internet scams. Some you may have heard of; some will be new to you. And the pervasive scams sometimes tend to change as the years go by. We dive deep to discover exactly how these scams play out, helping you know how to avoid them---or figure out if you’re being scammed right now.
The Nigerian Scam or ‘419’ Scam
In many ways, the Nigerian Scam is one of the oldest, original scams of the Internet. Practically everyone has either received or has heard of an email arriving in their inbox from a down-and-out ‘Nigerian prince.’
Although the scam seems to have originated in Nigeria, this same basic scam structure can come from virtually anywhere in the world. It’s alternate name, the 419 Scam, originates from Nigerian legal code 419, which scammers are violating in this type of scam.
How this scam works: You will receive an unexpected email from someone you do not know. In the email, this person will claim to be a member of a wealthy family, a noble, or the ubiquitous “Nigerian prince.” What follows next is a lengthy, heart-wrenching tale. They will explain in a detailed and emotional email message how various events have conspired to leave them in a difficult situation. Usually, this situation involves needing money for an important purpose, such as a medical treatment, but it may simply be a case of needing assistance moving their millions out of their home country. The individual claims they are unable to access their funds (although they are apparently very wealthy) citing reasons such as political unrest, or government taxes or limitations on their funds. The sender will then ask you to aid them in this situation, perhaps helping to transfer funds out of their country into yours or requesting a modest amount of money and promising to richly reward you in the future. Often, these “rewards” may be significant sums of money.
No matter what the scam, if something seems too good to be true, it probably is.
The Nigerian Scam is a type of advance-fee scam because it asks you to put up your own money initially the expectation of receiving an eventual (and larger) repayment or reward. If you fall for a Nigerian Scam, the next step typically involves providing your baking details to the sender. This is ostensibly to enable the transfer of funds from their account to yours. In other versions of this scam, the scammer says there are transfer fees that need to be paid or government agency fees they need help with. These can even be fairly small amounts, but if you are conned into the scam, these requested ‘fees’ are likely to grow increasingly expensive.
It’s not hard to guess what happens next. The scammer vanishes into thin air, absconding with the funds you’ve already sent, or drains your bank account of its money.
Email Phishing Scam
Email phishing scams are perhaps the most common because they come in so many different forms. The essential structure looks like this:
You receive an email that appears to be from a known party. Generally, this will be a business or organisation you deal with regularly. Perhaps you shop with the company often or you have an account with them. Common examples include Netflix, Amazon, PayPal and even your banking institution. These type of emails can be especially nefarious because you’re more likely to place trust in a big brand or familiar company and not be suspicious of unusual requests via email.
In phishing scams, criminals are ‘phishing’ for information from you. Ultimately, this is usually of a financial nature, such as acquiring your bank account numbers and credit card details. The scam email usually looks quite like a regular email from a business or organisation. Scammers spent time crafting emails that appear legitimate at first glance, often including a brand’s logo. The email address will be relevant to the business in question and there is likely to be an email signature with the brand’s genuine mailing address, etc.
Your email might reference a recent purchase, and ask you to log in and confirm your credit card details. Or it might be a note from your bank, telling you to download their new app. All you’ll need to do is fill out your account number and login information. The links you click on or forms you fill out may be mocked up to look like the site you expect. In reality, you’re placing your personal details right into the hands of scammers.
There are subtle signs that you’re dealing with an email phishing scam:
- Something seems off about the email address. Perhaps it looks similar to, but not quite like an official email address for that company should.
- Alarming email language. Inflammatory language such as “Must Act Now!” or “Warning!” can be a red flag. Businesses tend to communicate with users in a far more reasonable tone. Poor spelling and grammar is also a sign of a problem.
- A suspicious link. Don’t click what you don’t recognise. Even if the domain name contains a familiar business name, there are plenty of tricks scammers use to create misleading domain names. When is doubt, don’t click.
- Keep in mind, even the most genuine-looking emails may be fraudulent. Reputable companies will never ask for identifying, personal information such as your credit card number to be entered via an email form or instant message.
Another common type of phishing scam deals not with directly requesting information from you, but instead employs ransomware. In this type of phishing email, you are sent a link which you will be invited to click on. The content of these emails can vary tremendously. In some instances, you might receive a fake greeting card from someone posing as a friend or family member. Of course you want to see the nice card your Aunt Brenda sent you! You click on the link and a download begins. In one type of phishing scam, this could be an infection of ransomware.
Ransomware is a type of malware that infiltrates your device and essentially holds your data ‘hostage.’ The scammer will contact you and inform you that your personal data, including photos, files, etc., will be kept inaccessible to you until you pay. It’s easy to imagine how someone could fall victim to a scam like this---and be willing to pay to get their valuable files back. For a business, being targeted by a cybercriminal for ransomware could have near catastrophic consequences, particularly because so much vital data is stored online. Hopefully, once you’ve paid you’ll get your files returned to you, but it’s quite possible that a hacker could continue to extort money out of you. And as you might expect, the demanded ransoms for major companies and organisations could be gigantic.
In 2018, ransomware scams are still alive and well, with 39% of malware-related data breaches arising from ransomware attacks.
Facebook Profile Scams
Internet scams don’t just arrive in our email inboxes, they’ve made a home for themselves on our social networks, too. In many ways, social media is rife territory for scammers. On Facebook, in particular, users share a remarkable amount of their everyday lives. From photos to status updates to crafting a personal bio, social media is a place where we reveal a great deal about ourselves---and not always to a good end.
A popular way for scammers to target Facebook users is via Facebook profile scams, which are essentially a type of social media identity theft. Scammers create a fake profile using real photos and details of a user. These faux profiles can look completely genuine to other users, and the scammer may use the profile to ‘friend request’ many of your real friends. Once such a profile has been established, the scammer can post on this fake profile whatever they choose. In impersonating you, they could create immense problems, particularly with regards to public reputation. For individuals with some status or standing, including government officials, celebrities, and well-known community members, this type of identity theft could be especially lethal.
There are other ways in which these fake Facebook profiles can be used for ill. You could receive a message from a fake profile impersonating one of your friends. That friend might ask you to borrow money or to do some other favour. Believing it to be your mate, you might go along with it and forfeit some of your hard-earned dollars. Potentially, this scammer could also obtain valuable personal information from you about the friend.
Want to evade these types of problems? Here are some best practises when using Facebook:
- As a general rule, don’t accept friend requests from people you don’t know.
- If you receive a duplicate friend request from someone you do know, check with them personally before accepting. Few users create brand new accounts from scratch, so this is likely a scam.
- Limit what you share on Facebook, even with friends. You don’t need to share your complete date of birth on your profile, nor do you need to geotag your photos or “check-in” to every restaurant you visit. These are small things, but they add up to larger clues about who you are---making a perfect target for scammers.
Here are some other useful tips for avoiding Facebook identity theft.
Catfishing and Dating Scams
Those who perpetrate dating scams may be among the most despicable of cybercriminals. These hackers are not just going after anonymous financial details or other information, but are directly toying with people’s emotions.
Catfishing is perhaps the most well-known of the online relationship scams. It’s such a problem that even popular dating site eHarmony offers guidance on how to avoid it. In catfishing, a scammer creates a fake online profile with the purpose of luring their victim. The scammer creates an entirely fictional persona, and in the world of online dating, this is surprisingly easy to get away with. Catfishing is a lengthy process, with the catfisher earning the trust of their victim over a time period that can be months or even years in the making.
Why dating sites? The primary reason that a scammer would choose this method is that users of dating sites and apps can be likely targets. Users may be especially vulnerable because they are actively seeking human connections and relationships.
The majority of catfishers are seeking financial gain. After interacting solely online for a period of time, ingratiating themselves into the lives of their victim, the catfisher proposes meeting up in person. The victim eagerly anticipates this meeting, and can’t wait to meet the object of their affection. Yet before the catfisher can travel, they tell their victim that they’ve met with some obstacles. Perhaps they have visa processing fees to be paid before they can depart their home country. They may have lost a job and be stuck with no money for travel. They ask the victim to help them out, and because they are a trusted romantic partner, the victim frequently obliges without question. You can envision how the story ends: with the victim both bankrupt and heartbroken.
A few rules to avoid being catfished:
- Be wary of a person who won’t interact with you on video. Nothing screams catfish louder than the person who won’t reveal themselves.
- Proceed with caution in any online dating situation. Don’t hesitate to investigate your new-found partner with a bit of Google research.
- Don’t send money to a partner you have never met in person.
- The “it’s too good to be true” rule definitely applies.
Charity Scams
The world can be a dark place at times. Large-scale natural disasters, human tragedy, war, famine. Most of us want to be helpful to the others we share the planet with. Unfortunately, scammers can take advantage of this aspect of human nature for their own sordid gain.
Another of the most common Internet scams is the charity scam. While these can also occur offline, charity scams can be perpetrated online quite easily. You might receive an email asking for a donation to a worthy cause. This is especially true in the wake of a recent disaster, like a flood, earthquake, or bushfire. The message will ask you to donate money to their cause. This could be anything, but the most effective charity scams are for common causes or familiar incidents. Opportunistic websites can also surface. Following 2005’s Hurricane Katrina, dozens of false relief websites appeared. These cybercriminals were preying on the emotions of a shocked community and using the tragedy for their own personal gain.
You might find that email charity scams have a lot in common with phishing scams. Some of the same guidelines may apply for scammers posing as authentic charities.
Here’s what else you can do:
- Check to see if a charity is registered in Australia. This will remove any doubts as to whether or not you’re donating to a proper organisation.
- Always donate directly. You can avoid charity scams almost completely if you make your donations only through an organisation’s official website. And again, be sure it’s a trusted, genuine organisation.
- Don’t send money or give out personal information, credit card details or online account details via email or to anyone you don’t know.
For more advice on avoiding scams and staying secure online, check out our article on steering clear of identity fraud.
Do you think you’ve been scammed? If you’ve divulged any personal information or details and believe you’ve been the victim of an online scam, you can report the scam to the Australian Competition and Consumer Commission.