9 internet scams we're still falling for in 2018
It just never ends. No matter how much publicity these scams get, no matter how many years old the internet is, people still hand over their money to scammers.
It doesnât matter how old you are; last year, in fact, more consumers age 20 to 29 reported losing money to fraud than the over-70 crowd did.
It doesnât matter how powerful or educated you are, either. Just ask Hillary Clinton campaign manager John Podesta, who exposed the campaignâs email stash by falling for a phishing scam.
Hackers stole $172 billion from consumers in 20 countries in 2017, according to Norton; 2.7 million Americans reported some form of fraud to the Federal Trade Commission. (Top states: Florida, Georgia, and Nevada.)
Most internet scams are fundamentally the same. They prey on one of two human weaknesses:
Greed. Someone offers you something you want for nothing. Itâs usually money, but it might also be male sexual prowess, weight loss, or a cureâfor baldness, herpes, cancer, cellulite, heart disease, diabetes, or deafness.
Fear. They email you about a problem with your computer, with your bank account, with your Apple (AAPL) or Amazon (AMZN) account. You click a link, you wind up on a fake login webpage, and boom â youâve just handed over your password.
Hereâs a shocker: Not everything you read on the internet is true. And so, for your own entertainment and education, here they are: 9 internet scams weâre still falling for.
1. The classic phishing scam
As of the first quarter 2018, phishing scams represent about half of all cyberattacks, according to the security firm RSA. Phishing scams were the third-most common type of internet crime reported in 2017, according to the FBI.
Why is it getting worse? Scammers are making their phishing attempts seem more plausible to suckers like us by addressing their scams to specific people and making it look like emails come from a trustworthy source â a more targeted approach known as spear phishing.
You get an email or a text message from Apple (or DropBox, Microsoft, Google, your bank, Amazon, eBay, PayPal, Yahoo, etc.) saying that thereâs a problem with your account. Or the come-on might be a âDelivery Issue,â âParking Ticket,â âCanceled Transaction,â or âRefund for Purchase.â
Youâre encouraged to click the link to pursue the issue ââor else your account will be suspended!â
If you do click the link, though, you go a fake version of the companyâs website. When you then âlog in,â youâre actually providing your name and password to those who are fishing for your login information, so they can steal your identity and make your life miserable. (This scam is called phishing because theyâre âfishingâ for your information.)
Examples of phishing include:
Whaling, or business email compromise (BEC). These scams often go after employees with access to a companyâs internal finances; last year, the FBIâs Internet Crime Complaint Center received nearly 16,000 BEC complaints with losses totaling $675 million.
W-2 phishing. In this scam, popular around tax time, employees in HR or payroll departments get emails asking for a list of employees and their W-2 forms. This is a type of BEC scam, which the IRSâs commissioner calls âone of the most dangerous email phishing scams weâve seen in a long time.â
Holiday gift card phishing. The FBI warned the public about this scam in December. Hey, someoneâs sent you a gift card! These scams often lure you into filling out a survey designed to steal your data, according to the FBI.
So how can you defend yourself? The usual advice goes like this: Whenever you get any kind of email from a financial or commercial institution, do not click the link in the email.
If the email comes from a company, open your web browser and type in the companyâs address yourself (www.citibank.com or whatever). Youâll discover, of course, that thereâs nothing wrong with your account.
Usually, though, you can tell at a glance that these emails are fake. Theyâre filled with misspellings, typos, and the wording of a non-native English speaker.
But hereâs my favorite trick of all: You can confirm that a phishing email is fake!
Computer: Point your cursor at the âclick hereâ link without clicking.
Phone: Hold your finger down on the link.
In either case, a pop-up bubble shows you the address of the website that will actually open, as you can see here.
And guess what? Itâs not actually Apple/the bank/PayPal/Amazon/your bosses! This time, you have the upper hand.
2. Ransomware
This kind of cyberattack has also grown explosively in the last couple of yearsâ2,500%, by one estimate by the security firm Carbon Black. You succumb by opening a file you shouldnât haveâan email attachment youâre tricked into double-clicking, for example, or a download from a piracy site.
You wind up with a virus or malware that locks you out of your PC, or encrypts all of your files. A message appears on the screen, letting you know that if you pay the bad guys $700 (or whatever), theyâll happily unlock your files for you. (Youâre often asked to pay the ransom in bitcoin, so that the recipient canât be traced.)
The FBI and security experts encourage you not to pay the ransom; youâll only encourage more ransomware attacks.
Unfortunately, if you donât have a backup, your options for getting your files back otherwise are slim. Best bet â yes, youâve heard this before â is to set up a continuous backup system, accept the latest Windows (MSFT) updates when they come, donât open emailed file attachments, and donât download pirated files.
3. The âmugged on vacationâ scam
âIâm writing this message to you with great sadness,â says an email from one of your friends. âI was mugged, and all my belongings including cell phone and credit card were all stolen at gunpoint. I need your help flying back home and paying my hotel bills!â
This oneâs especially confusing because the message comes from someone you know. (Sometimes, itâs even purporting to be a family member. It may even be a brief phone call instead of an email.)
Needless to say, your friend wasnât actually in London and hasnât been mugged.
Instead, the bad guys have planted software on your friendâs computer that sent this same sob-story email to everyone in his address book. (In a variation on this, a scammer takes over your friendâs Facebook profile and sends the message directly from there.)
If youâre even a tiny bit persuaded that this note might be legitimate, itâs easy to find out for sure: Ask a question that a scammer couldnât answer. Not something easy to find out, like your friendâs name or employer, but something harder to guess, like details of a family event.
4. The fake-check scam
Youâre trying to sell something on Craigslist, the free classified-ads site â a bicycle for $300, letâs say. You hit paydirt almost immediately:
âSend me your address, and I will mail you check right away for $1,500 to cover the bike and shipping to me in Germany. Deposit the check, and then send $450 by Western Union to my shipping company.â
Maybe your spider-sense is tingling. But sure enough, you actually do get a money order or certified check in the mail. Fantastic!
Problem is, itâs a forgery. Youâll deposit it, wire this guy $450 of your real moneyâand a couple of days later, your bank will let you know that the money order was a fake. Now youâve lost your bike and $450.
Three big clues that youâre being targeted: (a) The offer is for more than youâre asking; (b) youâre supposed to send your item to another country; and (câ) youâre asked to use the other guyâs shipping company.
Fraud.org says that internet-merchandise scams represent a third of all reports it gets. If youâre going to buy anything online, pay by credit card (because if itâs a ripoff, the bank pays instead of you). And compare the price with the same kind of thing on, for example, Amazon. That way youâll know if itâs too good to be true.
5. The youâve-won-the-sweepstakes scam
Hey, wow! You just won an overseas sweepstakes â one that you never even entered! How lucky can you be?
And get this â once you supply your mailing address, you actually do get a check for a huge amount of money! They tell you to deposit it, but in the meantime, send them a check for a couple hundred bucks to cover processing fees and taxes.
Only one problem, which you can probably see coming down Sixth Avenue: Their check was bogus. Your check is real. The only one who made money from this âsweepstakesâ is the scammer.
Similar cons: âYouâre pre-approved for a credit card!â âYouâve landed a great job!â âYouâre invited to a great investment!â âYou owe money on a debt you didnât know you had!â
All told, last year the FBI and the FTC received complaints about sweepstakes and lottery scams from 145,881 Americans with losses of nearly $112 million. The Better Business Bureau calls these tricks some of âmost serious and pervasive frauds operating today.â
6. The Nigerian email scam
Yes, people still fall for the Nigerian scam (also called the 419 scam, a reference to a Nigerian law code). A lot of people; 350,000 people reported this and other impostor scams to the FTC last year, losing $328 million. Commence mass forehead-slapping.
It comes to you by email:
âI am Mr. Paul Agabi,â it says. âI am the personal attorney to Mr. Harold Cooper, a national of your country, who used to work with Exxon Oil Company in Nigeria. On the 21st of April, my client, his wife and their only child were involved in a car accident. All occupants of the vehicle unfortunately lost their lives.â
Amazingly enough, rich dead guy left behind millions of dollars â and your correspondent wants you to have it! If youâll help Mr. Paul Agabi get those millions out of the country, using your bank account as a parking spot, heâll share the dough with you.
So you get excited. You write back.
But then a funny thing happens: Mr. Agabi asks you to send some money to him, to cover bribes to officials. Itâs only a couple hundred bucks, so you send it.
A week later, thereâs another problem â he needs another payment, this time to take care of taxes. You send it.
Then legal fees. Then other fees.
You will never get any money. You will be asked to send more, more, more money until you come to your senses and realize youâre being bilked. Though it has expanded beyond the country of Nigeria, it is still called the âNigerianâ or â419âł scam (named for the section of the Nigerian penal code it violates).
7. The soulmate scam
The FBI says that âconfidence/romance fraudâ was the second most-reported crime in 2017, after business email compromise crime. Youâre on a dating site, and you find The One: gorgeous, witty, and really into you. And this person really wants to meet you â and hints that your first date will be something youâll never forget. Youâre hooked, lined, and sunk.
Ohâbut your new love needs a little money for a ticket to come see you.
Oh, and can you help out with his/her rent?
And how does it go when the big night arrives? It doesnât. Your dream lover doesnât show up, because itâs not a real person. Itâs a stock photo and a con artist, usually in Nigeria or Russia, whoâs been playing you.
8. The âinfection detectedâ scam
This one, also known as the tech-support scam, is often run out of call centers in India, and itâs a doozie. âReports of computer tech support scams have exploded in recent years,â says the Better Business Bureau. The FBIâs Internet Crime Complaint Center and the FTC got a combined 41,000 complaints last year, from Americans bilked of $21 million.
Youâre on the web, when a pop-up message appears, claiming that your computer might be infected by a virus. Youâre invited to click a link that will scan your system for infections. Surprise, surprise â the scan discovers one!
And for the low, low price of $50 (or $300, or $500), this mysterious remote company will clean up your PC for you.
If you fall for it, youâll spend the money and not get a cleanup â in fact, you may wind up with a fresh installation of spyware. Of course, there was nothing wrong with your computer to begin with.
9. The bogus charity scam
Every time thereâs a disaster â a hurricane, an earthquake â millions of people, grateful to be safe and concerned for the victims, want to help.
And a few people want to cash in.
The IRS added the fake-charity scam to one of its âdirty dozenâ of the nastiest frauds last year, and no wonder: it punishes people who are trying to do good.
If, in the aftermath of a disaster, you get an email seeking money to help the victims, donât click. Instead, go directly to the website of a charity you know, and contribute there!
The IRS also offers this advice:
Be wary of charities with names that are similar to familiar or nationally known organizations.
Ask for the charityâs Employer Identification Numbers (EIN), and check it against the IRSâs list of legitimate Tax-Exempt Organizations list.
Donât give your Social Security number or any passwords! No legitimate charity needs that stuff.
Pay by check or credit card â never cash â so thereâs documentation of the gift.
Human, meet internet
None of this is new. None of this is surprising. The internet may be the latest conduit for scams, hoaxes, and frauds â but the greed, fear, and hope it exploits are as old as homo sapiens.
But hereâs the thing: homo sapiens means âwise person.â You have brains, too. Use them to steer clear of anything thatâs too good to be true.
Spread the word, will you?
This is an updated article from 2015.
David Pogue, tech columnist for Yahoo Finance, welcomes comments below. On the web, heâs davidpogue.com. On Twitter, heâs @pogue. On email, heâs poguester@yahoo.com. You can sign up to get his stuff by email, here.
Read more:
13 tiny surprises in the latest Windows Update
Google exec explains why its phone-calling AI wonât be evil