Need help?

Chat with a Tech Pro or call us
at1-833-202-2695.

Special Offer: All students, parents, & educators get 50% off tech support for the entire school year. Select the Support - Annual plan and enter code “EdTech50” during checkout.

How to Avoid Online Scams

Authored by:
Support.com Tech Pro Team
This Guided Path® was written and reviewed by Support.com’s Tech Pro team. With decades of experience, our Tech Pros are passionate about making technology work for you. We love feedback! Let us know what you think about this Guided Path by rating it at the end.

We are all connected to the Internet in some fashion. We have it on our phones, game consoles, and computers. What many people don't realize is this constant connection has turned the Internet into a hunting ground for scammers and fraudsters.

Keyboard with security key

Types of Online Scams

There are loads of different types of scams. They range from pop-ups that lock up your browser to phone calls from people claiming to be Microsoft. The scammers target people who aren't aware of these malicious acts. Staying informed of how they work is one way you can avoid them.

Fake Ads

The Internet is covered in ads. So much so that it is its own industry. Most ads you'll find are legitimate, but some are malicious. Ads can be placed with the sole purpose of delivering malware or getting you to call a fraudulent number.

Luckily, these ads are pretty easy to ignore. For most of them, you have to choose to click. Clicking on them will either run the malware script or bring you to their fraudulent site where they will continue to scam you. Some of the more malicious ads run injectors. This means the site itself is hijacked and will run a script as soon as the ad loads. This script could be pushing malware or a pop up meant to scare you into action.

The best way to avoid these ads is keeping your ad-blocker extension and anti-virus software up to date.

Phishing Sites and Emails

Phishing

The combined use of those fake ads and social engineering to gain your data for fraudulent purposes is known as phishing. It'll often come in the form of an email that appears legitimate.

Phishing attacks will:

  • Ask you to send information back in that email
  • Demand you go to a fake website
  • Or even claim to have information you need to check

When inputting any of your personal information make sure you are using the legitimate site. If an email asked you to click a link and you're unsure if it's real, navigate to the site itself without clicking the link. Sites with the correct security will tell you in the browser bar. This may be a closed lock, green text, or even both as seen below.
Paypal url showing the security info

Avoid opening any emails from strange addresses. Never click on links within emails if you aren't aware of exactly where they go. Phishing emails will never come from legitimate addresses. If you receive an email claiming to have a good deal that you want to use, navigate to the website yourself. Avoid clicking the link in the email. It's a good rule of thumb on the Internet to be aware whether something sounds too good to be true. If it sounds too good to be true, it most likely is.

Example of a Phishing email amazon.com@freephish.com


Always remember that no legitimate company will ask you for your password in email.

Fake Sweepstakes

There are a number of scammers on Facebook, Twitter, and other community sites that will run fake sweepstakes and giveaways. They may pose as a celebrity and offer to give you a million dollars. They may even say you won! This is all to get your information, normally in a private message. They'll need your bank account details or your address to send you the check. Once you do what they want, you'll find your bank drained and many of your accounts locked because they changed your passwords.

The safest way to deal with these is to not interact with them at all. Don't worry, you won't miss out on your million dollars. They were never going to give it to you anyways.

Pop-Ups

Fake Advertisement

Pop-ups have always been the bane of the Internet. At first they were just annoying but now as scammers have gotten craftier the pop-ups can be considered dangerous. Some of them will yell at you and many will refuse to close at all. While what the pop-ups themselves are doing is annoying; what they try to get you to do is worse. They may ask you to download a file that puts malware on your system. Or, they'll claim you need to call them and tie you up with an abusive scammer who tries to take your money.

Luckily there are ways to prevent these pop-ups on Google Chrome, Internet Explorer, Mozilla Firefox, and Microsoft Edge, but with a little knowledge you can avoid them all together. When entering the URL or address of a website, double-check to make sure it's the right website. Make sure there are no typos. Scammers are known to buy up domains of frequently misspelled websites and place malware, ads, and pop-ups on them. Scammers will also send you these malicious sites in links. Never click on a link if you're not totally sure about where it goes.

Scam Phone Calls

A growing branch of the scam tree is the telephone scam. These are particularly insidious because they prey on your security fears and our expectation that certain groups are always safe.

Telephone scammers like to pose as:

  • The IRS
  • Police officers and the FBI
  • Technical and customer support
  • Even your neighbors

The telephone numbers they use are often "spoofed". Spoofing a phone number covers an unknown source by using a trusted number. That way you never really know where the call comes from.

If you've ever received a call from someone claiming you've won a prize but you can't remember entering a competition; don't worry. The only thing you won was a scammer hoping you were gullible enough to take his bait and give him your personal information.

Scammers will often pretend to be IRS or police officials. They'll claim you haven't paid your taxes or maybe you paid too much and you get an extra refund. The police scammer will threaten you with a warrant that you need to pay off. Most of these scammers will want access to your computer to further scare you. Then they'll demand Google Play Cards as their choice of currency. Legitimate police agencies and the IRS will never call you in this fashion and they definitely will not ask for a gift card.

One of the more recent additions to the telephone scam library is the refund or subscription scam. These scammers call to ask you to renew a subscription or claim they have a refund for you. They demand access to your computer and your banking website. Once you give them access they may black out your monitor to hide as they edit the html of the website. This makes it look like they gave you money. They will then claim you took too much money and now owe them whatever was originally in your account. If you refuse at any of these steps they may become abusive. They may even try to tug on your heartstrings by claiming they'll lose their job.

Have you received a phone call about a subscription you don't remember having? Has a caller tried to tell you they're Amazon and they want to give you a refund? Remember that companies such as Amazon are not going to call you about renewing a subscription. Legitimate companies are not going to call you about refunds either. If you ever receive physical mail claiming to have a refund, go the safe route and check it with the actual company or bank it is from.

Another recent scam phone call claims to be local or national health services. They demand money in order to reserve your Coronavirus vaccine. The vaccine doesn't exist and you're definitely not going to have a random text inform you about it.

Coronavirus and COVID Scams

With the frightening rise of the Coronavirus pandemic there has been a rise in scams related to health and the virus itself. These scams may text your phone and warn you that you've been in contact with an infected person. Many of them appear to come from legitimate organizations like WHO and the CDC. These real organizations will never text you asking for a phone call or money.

Unfortunately, the scammers are still using the pandemic to their advantage and are trying every trick they know to get your information and money. The only real way to combat this menace is to learn about it.

Cat-fishing

With all of us so heavily connected to the web, it's no wonder we're also looking for love there too. A literal connection to another person whether by chatting, phone calls, or online dating is what so many of us are after. Unfortunately, it's just what the scammer wants as well.

Cat-fishing is the act of posing as someone else for either romantic, sinister, or monetary gain. Being cat-fished is what happens to the victims of these "pranksters". In 2019 alone the FBI IC3 reported that cat-fishing or "confidence fraud" resulted in a loss of $475,014,032.

These scammers gain your trust, even your love. They're in it for the long con and are experts in manipulation. Always be careful who you're speaking to online. You aren't likely to suddenly get to know a celebrity online; let alone one that wants your credit card.

How to Keep Safe Online

Now that we've gone over several types of scams and how to avoid and protect against them; let's review!

Keep the following best practices in mind when using your computer or mobile device:

  • Always think before you click! Be wary of what websites you visit and what you click on when browsing the web.
  • Keep in mind that certain types of sites such as social networking sites, adult sites and file sharing sites are more prone to have malicious content.
    Facebook Twitter Google Plus
  • Never click on any unexpected pop-ups. If you receive an unexpected pop-up, regardless of what it may say or prompt you to do, just click the X in the upper right hand corner to close it.
  • Be extremely cautious clicking on advertisements. Sometimes even legitimate websites will have a malicious or hijacked advertiser.
  • If you receive a call from a number you don't remember, let it go to voicemail. If it's important you can always call back. Most scammers won't leave a voicemail but if they do, you have time to verify them.
  • Do not open or download email attachments from people you don't know.
  • Do not open or download email attachments even from people you do know if they seem out of place or not ordinary for that sender.
  • Only install or run software from reputable sources.
  • When downloading software, always check the URL in the address bar to verify that you are actually on the company's website. For example; if you intend to download program X from company Y make sure the URL in the address bar is on company Y's domain. If it isn't on the correct domain the download might not be legitimate.
  • If a website ever prompts you to install software to access a certain feature or function of the site, do additional research. Never click install unless you are certain that the site is legitimate. Even in those cases where the site is okay it is always a best practice to note the software. Then check to see if you really do need it. If you do need it, download it directly from the publisher's website.
  • Never shop from public WiFi or a public computer. Publicly used computers can save your private information and it can be used by others.
  • Frequently scan your Windows PC or Mac for malware using legitimate programs.
  • Learn how to create a strong and secure password.
  • Use 2-factor authentication.
  • Use a credit card with fraud protection.

According to the FBI's Internet Crime Complaint Center (IC3), a total of $3.5 billion was reported stolen by scammers in 2019 alone. Compromised emails, cat-fishing, and spoofed phone calls are among the highest amounts stolen from victims. With a little knowledge you can avoid these scams. If you're aware of a scam, warn your friends and family about it. Together, we can protect ourselves and others. The scammers are getting more sophisticated despite how hard we fight against them. We need to work together to fight them.

We're here to help!

chat
Connect to a Tech Pro

Call or chat with a Tech Pro 24/7.

We are all connected to the Internet in some fashion. We have it on our phones, game consoles, and computers. What many people don't realize is this constant connection has turned the Internet into a hunting ground for scammers and fraudsters.

Keyboard with security key

Types of Online Scams

There are loads of different types of scams. They range from pop-ups that lock up your browser to phone calls from people claiming to be Microsoft. The scammers target people who aren't aware of these malicious acts. Staying informed of how they work is one way you can avoid them.

Fake Ads

The Internet is covered in ads. So much so that it is its own industry. Most ads you'll find are legitimate, but some are malicious. Ads can be placed with the sole purpose of delivering malware or getting you to call a fraudulent number.

Luckily, these ads are pretty easy to ignore. For most of them, you have to choose to click. Clicking on them will either run the malware script or bring you to their fraudulent site where they will continue to scam you. Some of the more malicious ads run injectors. This means the site itself is hijacked and will run a script as soon as the ad loads. This script could be pushing malware or a pop up meant to scare you into action.

The best way to avoid these ads is keeping your ad-blocker extension and anti-virus software up to date.

Phishing Sites and Emails

Phishing

The combined use of those fake ads and social engineering to gain your data for fraudulent purposes is known as phishing. It'll often come in the form of an email that appears legitimate.

Phishing attacks will:

  • Ask you to send information back in that email
  • Demand you go to a fake website
  • Or even claim to have information you need to check

When inputting any of your personal information make sure you are using the legitimate site. If an email asked you to click a link and you're unsure if it's real, navigate to the site itself without clicking the link. Sites with the correct security will tell you in the browser bar. This may be a closed lock, green text, or even both as seen below.
Paypal url showing the security info

Avoid opening any emails from strange addresses. Never click on links within emails if you aren't aware of exactly where they go. Phishing emails will never come from legitimate addresses. If you receive an email claiming to have a good deal that you want to use, navigate to the website yourself. Avoid clicking the link in the email. It's a good rule of thumb on the Internet to be aware whether something sounds too good to be true. If it sounds too good to be true, it most likely is.

Example of a Phishing email amazon.com@freephish.com


Always remember that no legitimate company will ask you for your password in email.

Fake Sweepstakes

There are a number of scammers on Facebook, Twitter, and other community sites that will run fake sweepstakes and giveaways. They may pose as a celebrity and offer to give you a million dollars. They may even say you won! This is all to get your information, normally in a private message. They'll need your bank account details or your address to send you the check. Once you do what they want, you'll find your bank drained and many of your accounts locked because they changed your passwords.

The safest way to deal with these is to not interact with them at all. Don't worry, you won't miss out on your million dollars. They were never going to give it to you anyways.

Pop-Ups

Fake Advertisement

Pop-ups have always been the bane of the Internet. At first they were just annoying but now as scammers have gotten craftier the pop-ups can be considered dangerous. Some of them will yell at you and many will refuse to close at all. While what the pop-ups themselves are doing is annoying; what they try to get you to do is worse. They may ask you to download a file that puts malware on your system. Or, they'll claim you need to call them and tie you up with an abusive scammer who tries to take your money.

Luckily there are ways to prevent these pop-ups on Google Chrome, Internet Explorer, Mozilla Firefox, and Microsoft Edge, but with a little knowledge you can avoid them all together. When entering the URL or address of a website, double-check to make sure it's the right website. Make sure there are no typos. Scammers are known to buy up domains of frequently misspelled websites and place malware, ads, and pop-ups on them. Scammers will also send you these malicious sites in links. Never click on a link if you're not totally sure about where it goes.

Scam Phone Calls

A growing branch of the scam tree is the telephone scam. These are particularly insidious because they prey on your security fears and our expectation that certain groups are always safe.

Telephone scammers like to pose as:

  • The IRS
  • Police officers and the FBI
  • Technical and customer support
  • Even your neighbors

The telephone numbers they use are often "spoofed". Spoofing a phone number covers an unknown source by using a trusted number. That way you never really know where the call comes from.

If you've ever received a call from someone claiming you've won a prize but you can't remember entering a competition; don't worry. The only thing you won was a scammer hoping you were gullible enough to take his bait and give him your personal information.

Scammers will often pretend to be IRS or police officials. They'll claim you haven't paid your taxes or maybe you paid too much and you get an extra refund. The police scammer will threaten you with a warrant that you need to pay off. Most of these scammers will want access to your computer to further scare you. Then they'll demand Google Play Cards as their choice of currency. Legitimate police agencies and the IRS will never call you in this fashion and they definitely will not ask for a gift card.

One of the more recent additions to the telephone scam library is the refund or subscription scam. These scammers call to ask you to renew a subscription or claim they have a refund for you. They demand access to your computer and your banking website. Once you give them access they may black out your monitor to hide as they edit the html of the website. This makes it look like they gave you money. They will then claim you took too much money and now owe them whatever was originally in your account. If you refuse at any of these steps they may become abusive. They may even try to tug on your heartstrings by claiming they'll lose their job.

Have you received a phone call about a subscription you don't remember having? Has a caller tried to tell you they're Amazon and they want to give you a refund? Remember that companies such as Amazon are not going to call you about renewing a subscription. Legitimate companies are not going to call you about refunds either. If you ever receive physical mail claiming to have a refund, go the safe route and check it with the actual company or bank it is from.

Another recent scam phone call claims to be local or national health services. They demand money in order to reserve your Coronavirus vaccine. The vaccine doesn't exist and you're definitely not going to have a random text inform you about it.

Coronavirus and COVID Scams

With the frightening rise of the Coronavirus pandemic there has been a rise in scams related to health and the virus itself. These scams may text your phone and warn you that you've been in contact with an infected person. Many of them appear to come from legitimate organizations like WHO and the CDC. These real organizations will never text you asking for a phone call or money.

Unfortunately, the scammers are still using the pandemic to their advantage and are trying every trick they know to get your information and money. The only real way to combat this menace is to learn about it.

Cat-fishing

With all of us so heavily connected to the web, it's no wonder we're also looking for love there too. A literal connection to another person whether by chatting, phone calls, or online dating is what so many of us are after. Unfortunately, it's just what the scammer wants as well.

Cat-fishing is the act of posing as someone else for either romantic, sinister, or monetary gain. Being cat-fished is what happens to the victims of these "pranksters". In 2019 alone the FBI IC3 reported that cat-fishing or "confidence fraud" resulted in a loss of $475,014,032.

These scammers gain your trust, even your love. They're in it for the long con and are experts in manipulation. Always be careful who you're speaking to online. You aren't likely to suddenly get to know a celebrity online; let alone one that wants your credit card.

How to Keep Safe Online

Now that we've gone over several types of scams and how to avoid and protect against them; let's review!

Keep the following best practices in mind when using your computer or mobile device:

  • Always think before you click! Be wary of what websites you visit and what you click on when browsing the web.
  • Keep in mind that certain types of sites such as social networking sites, adult sites and file sharing sites are more prone to have malicious content.
    Facebook Twitter Google Plus
  • Never click on any unexpected pop-ups. If you receive an unexpected pop-up, regardless of what it may say or prompt you to do, just click the X in the upper right hand corner to close it.
  • Be extremely cautious clicking on advertisements. Sometimes even legitimate websites will have a malicious or hijacked advertiser.
  • If you receive a call from a number you don't remember, let it go to voicemail. If it's important you can always call back. Most scammers won't leave a voicemail but if they do, you have time to verify them.
  • Do not open or download email attachments from people you don't know.
  • Do not open or download email attachments even from people you do know if they seem out of place or not ordinary for that sender.
  • Only install or run software from reputable sources.
  • When downloading software, always check the URL in the address bar to verify that you are actually on the company's website. For example; if you intend to download program X from company Y make sure the URL in the address bar is on company Y's domain. If it isn't on the correct domain the download might not be legitimate.
  • If a website ever prompts you to install software to access a certain feature or function of the site, do additional research. Never click install unless you are certain that the site is legitimate. Even in those cases where the site is okay it is always a best practice to note the software. Then check to see if you really do need it. If you do need it, download it directly from the publisher's website.
  • Never shop from public WiFi or a public computer. Publicly used computers can save your private information and it can be used by others.
  • Frequently scan your Windows PC or Mac for malware using legitimate programs.
  • Learn how to create a strong and secure password.
  • Use 2-factor authentication.
  • Use a credit card with fraud protection.

According to the FBI's Internet Crime Complaint Center (IC3), a total of $3.5 billion was reported stolen by scammers in 2019 alone. Compromised emails, cat-fishing, and spoofed phone calls are among the highest amounts stolen from victims. With a little knowledge you can avoid these scams. If you're aware of a scam, warn your friends and family about it. Together, we can protect ourselves and others. The scammers are getting more sophisticated despite how hard we fight against them. We need to work together to fight them.