Skip to Content

Spot the Phish: How to Recognise Online Scams

 

What does it mean to get scammed?

Ever since humans began attributing value to objects and ideas, there have been attempts to deceive and defraud one another. A scam occurs when someone employs a deceitful scheme to deceive you into surrendering something valuable, typically money or assets.

Before we delve further, let's quickly define various terms associated with scams:

  • Scam: An underhanded scheme devised to dupe you into relinquishing something valuable, also known as a "fraud", "confidence trick" or "con."
  • Scammer: An individual attempting to scam someone else, also referred to as a "conman" or, more romantically, a "con artist."
  • Mark: The target of the scam, who becomes a victim if the scam succeeds.
  • Grifter: A specific type of scammer skilled in manipulating and using personal charisma to cultivate marks. Their scams are commonly referred to as "grifts."
  • Scheme: A plan or the act of devising such a plan to achieve a goal, often involving acquiring money from a mark.

In the past, scams were predominantly carried out in person, with scammers often working in pairs or groups, targeting individuals on the streets, in restaurants, or pubs. Advancements in technology, such as train travel, postal systems, and telephones, broadened the pool of potential marks as the middle class emerged in the 20th century, providing more targets for scammers.

With the development and expansion of the internet, scamming entered a new era of possibilities. The internet offered scammers access to a vast audience. This article explores the most prevalent online scams and provides guidance on how to avoid falling victim to them.

Types of scams

The increased connectivity of the internet has enabled scammers to reach a broader audience than ever before. They quickly adapted traditional scams and devised new ones. Let's explore various types of online scams and understand how they operate:

Phishing scams

A phishing scam involves a scammer (or in this case, the “phisher”) masquerading as a legitimate organization or trusted person and contacting marks in order to solicit sensitive personal information such as account numbers, user credentials, or credit card data.

Afterwards, the scammer will use this information to steal money, commit identity or credit card fraud, engage in corporate espionage, or other such illicit activities. While most phishing scams occur via email, SMS phishing schemes, like USPS scams, also pose a significant threat. 

What is a phishing scam when compared to regular email spam? The difference is that phishing scams, and other scams, are actively seeking to hurt you. Plain old spam is just annoying.

The real scam example

An example of a phishing email that attempts to trick you into providing sensitive personal info.

Catfishing & dating scams

Catfishing and dating scams typically occur on dating websites, apps, or social media platforms. The FBI says victims of romance fraud lost £1 billion in 2021 in USA alone. Scammers create fake profiles with convincing photos and background information to establish long-distance relationships with their marks. The scammer will have created a convincing profile, complete with photos and background information, but none of it is authentic.

When we’re falling in love or just attracted to someone, our defences are down. We don’t want to believe that a beautiful woman or charming man isn’t who they say they are.

These relationships progress quickly, with many promises made about future visits. After obtaining the mark’s trust, the scammer will cite some sort of emergency — medical or legal expenses, travel hiccups, a family crisis — and request money. Some romance scams can persist for months or even years, with multiple financial transfers from the mark to the scammer, before the mark realises, they’ve been deceived.

Crowdsourcing scams

Crowdsourcing platforms like Kickstarter, GoFundMe and Indiegogo allow people to solicit donations from anyone on the internet who finds their cause to be a worthwhile one. People use crowdsourcing to fund inventions, business ideas, creative projects, or more depressingly, to cover medical and legal expenses.

Scammers abuse crowdsourcing platforms by whipping up fake campaigns designed to somehow excite or tug at the heartstrings of their target audience. After collecting a sizable amount of donations, the scammer disappears.

Rental scams

Apartment hunting is frequently stressful and never fun. Scammers take advantage of this pressure-filled process by posting fraudulent apartment listings online. Some may depict actual apartments that exist, but that the scammer has no authority to rent, while others are entirely fictitious. The scam apartments tend to offer far more value, in terms of quality, space and location, than is typical in the area for the proposed rent.

The mark will be asked to transfer a deposit before visiting the apartment or meeting the landlord. Once the scammer has the money, they’ll cut off contact and vanish, leaving the mark somewhat poorer and still without a home.

Advance-fee scams

One of the most notorious internet scams is the advance-fee scam, epitomized by the "Nigerian Prince" scam. The advance-fee scam is an evolution of a classic scam known as the Spanish Prisoner. In it, the scammer would pretend to be in touch with a wealthy aristocrat, currently imprisoned and in need of money to secure their release. The mark would be assured repayment many times over once the prisoner obtained their freedom, but of course, this would never happen.

Today’s versions, of which the Nigerian Prince is but one, all involve the scammer asking for a comparatively minor bit of money up-front in order to enable a much larger transfer of money or goods to the mark. The promised transfer is often less-than-legal, which discourages marks from reporting these scams to the relevant authorities. Other times, advance-fee scams take the form of sweepstakes or lottery winnings. No matter the setup, you’re not going to get any money.

Example of advance fee scam

A straightforward example of an advance-fee scam.

Work-from-home scams

Working from home certainly has its benefits. No office hours, no commute, no colleagues, and best of all, no dress code. Scammers know this all too well. In the work-from-home scam, you’ll be pitched a “job offer” that, at first glance, sounds amazing. They’ll promise quick earnings and flexible hours with roles that don’t require any specialized training or education.

Once you’re on the hook, the scammer triggers the next stage: before you can begin, you need to purchase a startup kit, proprietary software, training course, or even a subscription service. Others will trick new hires into laundering money, cashing bad checks, or forwarding shipments purchased with stolen credit cards.

Fake antivirus software

If you’ve ever seen one of those pop-ups telling you that your computer is in dire need of antivirus rescue, you’ve come across this scam. Also known as scareware, these fake antivirus ads want you to panic and pay up in order to secure what you believe to be the solution to your malware woes. There’s no gold at the end of this rainbow, though, and your money will simply disappear into the internet.

Some creators of fake antivirus apps manage to list their scam software in legitimate download portals. When you install them on your device, they’ll appear as though they’re performing virus scans, but they don’t actually have any antivirus capabilities. Instead, they’re adware in disguise, created solely for the purpose of showing you ads when you use them. Real antivirus software will protect you against the adware and other malware that often comes with these fake apps.

Example of scareware

An example of a scareware pop-up that attempts to convince you that there is malware on your computer.

Multi-level marketing scams

Multi-level marketing (MLM) or “network marketing” scams present themselves as opportunities to “be your own boss” or “start your own business” by purchasing inventory to sell from someone already involved in the company.

When the majority of participants’ earnings come from sales, an MLM can be considered legitimate. However, some are built on a model that prioritizes the recruitment of new members over sales, so that a recruiter’s income is primarily derived from inventory purchases by junior members. Members lower in the hierarchy may end up spending more on inventory purchases than they ever recover in sales, while higher-ranking members reap the rewards.

With social media playing an increasingly greater role in recruitment, many people are drawn into MLMs by trusted friends or family members. The recruiter doesn’t have to spend time cultivating a relationship as they would with a catfishing scam, since their targets are people, they already know.

No matter the type of scam, you should make sure to protect yourself. One great way to defend yourself against getting scammed through malware and internet vulnerabilities is to use a strong cybersecurity tool.

Deepfake technology scams

Today's deepfake technology makes it easier than you'd believe in producing high-quality videos or audio clips of a public figure saying or doing something that never happened in real life.

There are plenty of examples of deepfakes available on-line. Microsoft's new AI engine VASA-1 only needs one picture plus speech audio to create real-like looking deepfakes.

In real world, deepfakes are already being used at scale to trick people into losing money. One of the most spectacular deepfakes happened in January 2024, when engineering firm Arup has lost HK$200 million after falling victim to a deepfake video, during which ​​a digitally cloned version of its chief financial officer demanded monetary transfers. The hyper-realistic video, which was generated using artificial intelligence in MS Teams call, targeted an employee at the Hong Kong office of the international firm that has worked on landmark structures including the Sagrada Familia, the world's longest sea crossing and the Sydney Opera House.

As you encounter videos of Russian President Vladimir Putin and other political figures on social media or YouTube, keep your guard up. If the video is designed to make you angry or act in some way, it very well may be a disinformation campaign at work. There are often wars in different parts of the world and disinformation is one of the ways to make money on or spread lies on social media, which can change history.

Remember, disinformation videos are designed to look natural. It's not uncommon for these videos to use computer-generated image technology and paid actors.

We need your support now more than ever scams

In times of crisis, we turn to others for help or step up to assist. You need to be extra-vigilant about donating money to GoFundMe pages or other relief efforts right now. Scammers use our kindest instincts against us to steal money through fake aid campaigns.

If you are donating money through an organization like the American Red Cross, for example, be sure you’re on the actual Red Cross site and not a cleverly disguised phishing site. It’s easy to copy the look of a website and steal official logos. The real tipoff is the URL. Don’t rely on a link you received from someone or clicked on social media; navigate to the official website yourself.

Help, help, I’m stuck here scams

Here’s an all-too-common trope: A scammer pretends to a family member or friend, claiming to be stuck somewhere and in need of money. One of the most common examples of this is the “grandparent scam,” in which a thief impersonates an older person’s grandchild and claims to be saddled with an expensive repair bill or even stuck in jail.

In this case, you may hear from a close contact who says they are stuck in Ukraine, Russia, Israel, Palestine etc. Maybe they need money for a plane ticket out or claim to have lost their passport. They’ll raise the stakes, too, telling you they got robbed or all the banks are closed. 

The scariest part is how easy it is to manipulate photos to back this up. A clever criminal can easily show your loved one in the Ukraine or Russia to make you believe it. Always check in with your loved one through another means of communication. For example, if they are texting, send an email or, better yet, give them a call.

 

How do you know if someone is scamming you?

The golden rule of scam detection is this: If it sounds too good to be true, it probably is.

Scammers love to ply marks with big promises of quick and easy money, seemingly requiring little to no effort on your part other than sitting back and raking in the profits. They know that greed, fear, vanity, and even loneliness are powerful motivators, and they are skilled when it comes to manipulating these emotional vulnerabilities. Trust your instincts and don’t buy the hype.

The next time you come across an unbelievable offer, ask yourself the following questions:

  • Do I know this person? Many online scams are sent from or operated by contacts you won’t recognize. The advance-fee scam, work-from-home scam, crowdsourcing scams, and many phishing scams all work this way. However, others rely on trust as a key motivator. A long-distance romantic partner may not be all that they claim to be.
  • Is this a realistic deal? Go with your gut on this one. Does an apartment look way too nice to be rented at such a low rate? Is this vacation package reasonably priced? Are you being promised an easy job that pays well with minimal effort? Has someone claimed that you’ll be rewarded handsomely if you can transfer a quick deposit? Remember the anti-fraud mantra: if something feels too good to be true, that’s likely because it is.
  • Is this financial transaction safe? If asked to send payment, look out for unprotected payment platforms such as wire transfers, Western Union, or gift cards. These cannot be reversed, which is ideal for a scammer’s needs. Also be wary of offers that propose payment via bank check. Legitimate offers should accept standard and regulated methods of payment, such as a credit card or PayPal.
  • What am I being asked to share? Phishing scams go after personal details that can later be used against you. No legitimate company should be asking you to confirm your login credentials, financial accounts, credit card numbers, or detailed personal information.
  • Am I being rushed? Scammers create artificial urgency to force you through a rushed decision. Some use FOMO, or “fear of missing out,” to encourage you to bite on a tempting offer, while others will threaten you with steep penalties for missing a deadline. Either way, ultra-urgency is a big warning sign for scams.
  • Does this person’s story hold up? If you suspect that you’re being conned by a catfisher or a grifter, dig into their backstory. Scope them out on social media and confirm any claims they’ve made through your own research. Consider any inconsistencies to be major red flags, then respond accordingly.
  • Are they taking the conversation off-platform? You’re protected on many legitimate commerce, booking, and dating sites if you keep all your conversations on-record through the site’s messaging service. People requesting that you communicate privately via email or IM may have something to hide.

What to do if you’ve been scammed online

The realization that you’ve been scammed is never easy to handle, and it’s OK to feel upset about it. If the scammer is someone you thought you could trust, it’s natural to feel betrayed, angry, sad, and even depressed. While you might not be able to get your money back or mitigate all the consequences, here are some ways you can be proactive in the wake of a successful scam:

  • Cut the scammer off. You aren’t going to convince them to return your money, so don’t even bother. Continuing the relationship leaves the door open to additional frauds in the future. Block their email address or social profiles and ignore any further attempts on their part to reach you. And definitely do not send them any more money.
  • Contact your financial institutions. You won’t always be able to recover the money you sent to a scammer, but you can try. Contact your bank or credit card provider and see what they can do. The same goes for any third-party services you may have used to facilitate the transfer. At the very least, they’ll be aware that you were scammed, and you can discuss security options for the future.
  • Freeze your credit. If you’ve been scammed, freeze your credit immediately to prevent scammers from opening new lines of credit in your name.
  • Change your passwords. If you disclose any sensitive personal info to the scammer, be proactive and change up your login credentials online with a strong password. This is especially important for financial sites like banks or PayPal. You can prevent additional losses by locking scammers out.
  • Report the fraud. Scamming is a criminal act, and here’s how to report a scam: Contact the relevant authorities in your area and inform them about the scam. If you were scammed via a website or app, let them know as well. Your reports can go a long way towards preventing others from being scammed. In Queen’s University you can report scams by forwarding suspected scam to abuse@qub.ac.uk
  • Share your experience. You may feel embarrassed for having fallen for a scam. This is natural, understandable, and acceptable. Talking about your experience can help you process your feelings, especially after a romance scam or other long-term grift. You can also help educate your friends and family about the scam that affected you.
  • Reach out for professional support. It hurts to get scammed, and you don’t have to bear the burden alone. Contact a trained professional in your area if you’re experiencing any strong negative feelings in the wake of your experience.

How to protect against scams

Now that you know the warning signs of scams to look out for, you’re all the better equipped to avoid them. Practice the following anti-scam safety habits to avoid scammers anytime you’re online.

  • Research companies and websites before buying. No matter how urgent the offer may seem, or how badly you want the item or service, do your research first. Read the website’s corporate info, terms of service, and privacy policy — lots of scam websites will have basic versions, if anything at all, so be sure to check if the website is safe before proceeding. Look up customer reviews and see what other people have to say. Get everything in order, and if everything lines up, go ahead and buy.
  • If you have one, pay with a credit card. Compared to debit cards and bank transfers, credit cards are far more secure. Your credit card company is on your side when it comes to fraud, since it’s their money on the line and not yours. When you’ve been ripped off, chargebacks are your friend.
  • Never download attachments or click links from unknown contacts. Scammers can use attachments and websites to infect your computer with malware. For example, Trojans often slip onto your device while disguised as harmless attachments, and those Trojans can then bring rootkits, spyware or adware with them. Some malware will just show you ads, while others can be far more damaging. As a general rule, don’t click things you don’t trust.
  • Keep personal info to yourself. You know how lots of websites ask you to answer a series of security questions in case you need to recover your password? Remember which info you’ve set as security measures, and don’t share it. Otherwise, scammers can answer your security questions with ease. Of course, this also applies to things like login credentials and account numbers.
  • Secure yourself online. If a website offers two-factor authentication, use it. It’s not bulletproof, but it’s better than nothing. Use strong, unique passwords on the websites you visit frequently, and store them securely with a dependable password manager.

ACE-CSE

Academic Centres of Excellence in Cyber Security Education (ACEs-CSE) - Gold Award

Queen’s holds an Academic Centre of Excellence in Cyber Security Education (ACE-CSE) Gold Award from the National Cyber Security Centre (NCSC) and the Department for Science, Innovation & Technology (DSIT).