Online Scams

Through our everyday interactions online, whether in business or our personal lives, we have the potential to interact with approximately one half of the world’s population, putting the overall count of internet users at approximately 3.5 billion. While most online users share the same purposes – business, learning, and pleasure – there are still other online users who take far-reaching advantage of the freedom and ease afforded to all by our shared online infrastructure, and stealthily manipulate it to perpetrate a variety of internet crimes. We call these nefarious marauders cybercriminals, and the online scams they keep in their virtual quivers internet fraud.

While the methodologies utilized by cybercriminals to perpetrate internet fraud via the vehicle of online scams vary in scope and execution, their overall objective is generally the same: to gain access to funds and identities of others and exploit these precious assets to the fullest extent possible. Knowing this, we cannot help but wonder how cybercriminals manage to lift funds and identities out from under us, and, of course, what we can and should do today to protect ourselves from attacks and theft.

Top Online Scams

Much like crimes perpetrated offline, online scams typically seek to take advantage of already present vulnerabilities in the security surrounding our online lives. These vulnerabilities may not always be apparent to the vast majority of users for the simple fact that we do not understand the narrowing gaps between offline assets – our known identities, and physical currency – and how those assets exist and are used, even legitimately by us, online

To help us better understand the inherent vulnerabilities in our online lives, and the online scams that seek to capitalize on them, we can turn to the FBI’s shortlist of most common online scams, which breaks down the seven most common types of online scams. We’ve included some of the most common among these seven below, along with ways you can protect yourself and your assets from becoming vulnerable to internet fraud.

Phishing/Spoofing

Both phishing and spoofing as tactics for committing internet fraud rely on the trust that users have with people and institutions who regularly communicate with them, including their employers, financial managers, business partners, and banks. When we receive a spoofed email from a cybercriminal, we may think that we are receiving an email from a trusted person or institution because the spoofed email will appear to us just as a legitimate email from one of these sources would on any other day. Within a spoofed email is often a request for pieces of our confidential information, including passwords, credit card numbers, or bank account information. The email may even prompt us to follow a link out to a different website to enter that information, at which point, it can be stolen and used fraudulently.

Malware/Scareware

Malware and scareware are viral, malicious, computer programs that can be installed remotely by cyber criminals when we download content or other software from websites. Cybercriminals can then use this software to steal our information or control our devices while holding the threat of stealing and using our information over our heads to elicit funds from us.

Email Account Compromise

Much like phishing and spoofing, email account compromise is carried out by compromising legitimate business email accounts and utilizing them to send out mass requests to users for confidential information that can then be used to commit internet fraud. Email account compromise can happen to users outside of the business world but tends to be target financial institutions, lending institutions, real estate companies, and law firms.

The best way to protect ourselves against all online scams is to make sure that our security software is updated regularly, monitor the addresses from which emails and other correspondence come to us, and implement multi-factor identification on all of our devices.

Reporting Online Scams

The single best and most important action we can take if we believe we have already become a victim of an online scam is to promptly report what has happened to the FBI, and FTC. Depending upon which sort of online scam we believe has happened to us specifically, and what of ours, if anything, has been stolen and possibly used for criminal purposes, we can report online scams and those who perpetrate them by taking the following steps:

Spoofing/Phishing

Step 1. If you got a phishing email, forward it to the Anti-Phishing Working Group at reportphishing@apwg.org. If you got a phishing text message, forward it to SPAM (7726).

Step 2. Report the phishing attack to the FTC.

If you believe you have been a victim of malware/scareware, email account compromise, phishing and/or spoofing, or any other online scam in which you believe your identity, or confidential financial or personal information may have been stolen, you can and should report what you believe has happened to the FBI, through Tips and Identify Theft.