Gaetano DiNardi is a growth advisor to software companies like Docebo, Cognism, and Workvivo. As the former head of organic growth at Aura, Gaetano helped launch the company's SEO program. He has also written for publications like HBR, Fast Company, and Nasdaq.
Alina Benny is an Aura authority on internet security, identity theft, and fraud. She holds a bachelor's degree in Electronics Engineering from the Cochin University of Science and Technology and has nearly a decade in content research. Twitter: @heyabenny
Whether you’re active on an online dating site, shopping on Facebook Marketplace, or applying for a job on LinkedIn, there's always a risk of falling victim to a scam.
But just how bad is it?
Imposter scams — where fraudsters pretend to be someone they’re not — made for over 193,000 fraud reports as of the third quarter of 2023 [*]. Imposters disappeared into the ether with $642.4 million in that period, according to the Federal Trade Commission (FTC).
5 Common Ways Scammers Target You Online
Online scams range from classics like advance fee scams — often referred to with the overused trope of the "Nigerian prince" scams — to more sophisticated schemes.
Here are some of the most common online scams be cautious of.
1. Romance scams and fake online dating profiles
Romance scams happen when criminals create fake profiles on online dating sites or dating apps with the hope of starting a relationship with you.
Online dating scams prey on your vulnerabilities to create a tenuous emotional connection they can profit off.
For example, in military romance scams, fraudsters pretend to be stationed far away and unable to meet in person. However, this won't deter them from swiftly establishing a connection and professing their affection for you.
Once a scammer has your trust, they start asking you to send them money, gift cards, or expensive gifts. Should you catch on, they delete their accounts and vanish.
⚠️ Take action: If you’ve been the victim of an online scam, your bank account, email, and other online accounts could be at risk. Try Aura’s identity theft protection free for 14 days to secure your identity.
2. Phishing emails, texts, calls, and websites
Phishing is a type of cyber attack where fraudsters send unsolicited emails, text messages (called “smishing”), or social media messages claiming to be someone you trust.
The scammer might even impersonate your bank and send you fake notification about a supposed recent purchase.
Any information you send — like account passwords or credit card numbers — will go directly to the scammer and can be used to steal your identity. If you click on a link, you’ll most likely download malware or ransomware onto your devices.
Shopping online isn’t inherently dangerous. But even sellers on major platforms like Amazon can engage in online scams. Sellers may pretend to sell luxury goods at a steep discount — usually over social media sites like Instagram or Snapchat— and even used hacked accounts to evade detection.
But even though you receive a confirmation email and payment is withdrawn from your account, no deliveries show up. Or if it does, it’s not what you thought you were paying for.
Plenty of people have become overnight millionaires by investing in cryptocurrencies like Bitcoin. However, scams are rampant in cryptocurrency, having stolen just over $1.0 billion as of June 2023 [*].
Cryptocurrency scams can happen when someone tricks you into giving them access to your online wallet and steals your coins. Even worse, recently there has been a surge in fraudulent crypto recovery services, where scammers claim to help you recover lost crypto but really steal even more from you.
In some cases, individuals may solicit you with insider information about a new Initial Coin Offering (ICO), only for the coin's value to plummet after an initial rise.
Be especially careful if you regularly use Telegram, as crypto scams have been running rife on the platform in the past years.
Nearly every type of online scam relies on a form of social engineering.
Social engineering attacks occur when scammers take advantage of your emotions to manipulate you into giving up money or sensitive information that can be used for identity theft and fraud.
One of the oldest examples on the internet is the Nigerian Prince scam. In this type of fraud, scammers send an unsolicited message with an emotional plea for help.
If you can help the Prince (or a government official) remove vast sums of money from the country, they’ll reward you with a percentage. All you need to do is wire them money to cover the legal costs or pay for bribes.
How To Spot a Scammer: 10 Warning Signs
Uses authority to build trust. Online scammers use organizations and names you trust to lower your guard. Beware of anyone who messages you out of the blue and claims to be from the IRS, government, or a well-known company.
Preys on your emotions. Online dating scams derive their notoriety for preying on your emotions. A scammer will quickly tell you they’re “falling in love” and get you to say it back. The same goes for charity scams (like veterans charity scams) where fraudsters claim to be victims in need.
Creates a sense of urgency. Online scammers need you to act quickly before you realize what they’re up to. They’ll often contrive a sense of urgency to stop you from first checking their claims.
Appears to be threatening or aggressive. Besides emotional appeals, threats are another way online scammers convince you to comply. Often, a scammer will pretend to be from the police or FBI and claim that a warrant will be put out for your arrest if you don’t oblige.
Contacts you unexpectedly. One of the easiest ways to spot a scammer is if they contact you first. If you receive any message, phone call, or email from someone you don’t know, verify they are who they say by contacting their agency or business directly.
Asks for sensitive information. Scammers impersonate your bank and ask for your PIN or online passwords to “secure” your account. But legitimate financial institutions will never do this.
Overpays for goods or services. Most online shopping scams feature an overpayment. In these cases, they’ll send a fake PayPal receipt and ask that you wire back the excess amount.
Overpromises on what they can deliver. If something or someone seems “too good to be true”, there’s a good chance they’re trying to scam you.
Tries to be personable. Online scammers pretend to be a friend or family member to quickly gain your trust. But they aren’t. Don’t trust a message just because it comes from an account you recognize.
Forces you to use unusual payment options. Most online payment options protect against scammers. If someone pushes you to pay them through an untraceable or non-reversible option, it could be a scam. This includes wire transfers, gift cards, and cryptocurrency.
⚠️ Take action: If you accidentally give scammers your personal data, they could take out loans in your name or empty your bank account. Try an identity theft protection service to monitor your finances and receive fraud alerts.
How To Identify a Fake Online Dating Account (Catfishing)
Their account is a “perfect match.” Be wary of profiles that use photos with magazine-like quality or supermodel-like appearances. Catfishers use attractive photos to try and snare you in their scam.
They don’t have an online footprint. If you Google their name and don’t find much, you could be dealing with a scammer.
Their social media accounts look suspicious. Look for anything that feels off, such as a low friend count, no recent posts, or only the same photos as on the dating site.
They may appear to have an overwhelming intensity. Dating scammers will try to quickly get you emotionally invested. If they tell you they love you within a week or two and try to get you to message them off the platform, it could be a scam.
They decline video chats with you. A fake online dating account will only message you. If you make plans to video chat, they’ll always have an excuse to fall back on (i.e., they can’t make it or their webcam is broken).
They live far away and are unable to visit. Scammers will often tell you they are in the military or working with an international organization. But not being able to meet in person is a huge warning sign. This is especially true if you can’t see them on a video call either.
They ask for money or help with family problems. Catfishing often evolves into financial fraud. If someone starts asking for expensive gifts or cash to help with unexpected expenses, they’re probably trying to scam you.
What to do if you think you’re being scammed on a dating site
The easiest way to avoid being scammed with a fake online date is to never send money, gifts, or sensitive information until you meet in person.
If you think you’re dealing with a scammer, stop communicating with them immediately. Go to Google and do a reverse image search of their profile picture. If it’s associated with other names or comes up on a stock image site, it’s a scam.
Once you know they’re fake, report their account to the dating site or app you’re using. If you sent them money or gave them access to your accounts, contact your bank immediately and talk to their fraud department. You might also want to sign up for identity theft and credit monitoring to alert you of any potential fraud.
You can also report the scam to the FTC at ReportFraud.ftc.gov.
Mangled grammar. Look for strange phrases or misspelled words in emails, texts, and on websites. On the other hand, if a text seems too stilted or repeats words, it could be AI-written [*].
Free email accounts (like Gmail). The IRS and other governmenT organizations have official email addresses. If the “From” email address is from Gmail, Outlook, or others, it’s a scam.
The “From” name and email address don’t tally. Hover over or click on the “From” name to see their email address. Scammers will often try to mask who they are by using an official name. But they can’t fake their email address or phone number as easily. Be especially cautious of whaling, where scammers impersonate an executive from your workplace.
They ask for sensitive information over email or text. An official business or organization will never ask for PINs or passwords over email, text, or on the phone.
Threatens legal action if you don’t comply. Again, legitimate companies will not threaten you. If legal action is imminent, they’ll contact you in an official manner (most likely through the mail).
Asks you to click on a link or download an attachment. Beware of any links, files, or QR codes in an email or text. Scammers will often disguise malware as fake invoices or other documents. Don’t click on them. Instead, ask where you can find the required documents on their website.
Isn’t using a “secure” website. Secure websites use “https://” not “http://” and will have a padlock near the URL. If a site is unsecured, that means a scammer could steal your financial information, Social Security number, or any other sensitive data you input. (Be especially cautious with your SSN as it's not always possible to change your Social Security number — even after identity theft.)
Poor website or email design. Bad design or poor functionality isn’t always a sign of a scam, but it should put you on alert.
You can’t find any contact information. Scam web pages won’t have any other way of contacting the company, such as phone numbers or support email addresses.
What to do if you think you’re being phished
Phishing attacks can be brutal, especially if the scammer manages to secrete malware or another virus onto your device.
Then, secure your accounts by changing your passwords, enabling two-factor authentication (2FA), and using a password manager. You might also want to install antivirus software that can scan for malware and protect you from phishing sites.
You can report phishing scams to the FTC. If you get an email, forward it to email@example.com. If you got a phishing text, forward it to SPAM (7726). You can also report the attack at ReportFraud.ftc.gov.
The deal is too good to be true. Items that are posted at highly discounted rates are usually scams. Or at the very least, not actually what’s listed.
The site is unsecured. Look for “https://” not “http://” and a padlock abutting the URL. Secured sites are safe to enter your financial information. If the site is unsecured, a scammer could access your bank account or other information.
They only accept wire transfers and other non-reversible payments. If a seller asks you to wire money or send a gift card, they could be trying to scam you.
Sellers won’t meet in person. When shopping on Craigslist or Facebook Marketplace, always try to meet in person and view the product. There are a variety of scams that rely on shipping products.
They send you low-quality photos. Some scammers doctor photos to trick you into paying more than you should. One example of this is a car title scam where fraudsters change the documentation for a used vehicle.
Buyers send you prepaid shipping labels. If you’re selling online and a buyer offers to send a prepaid shipping label, it’s a scam. They can change the shipping address after you send it out and then claim they never received it.
A buyer overpays for your product. If someone offers you extra money, they’re most likely trying to scam you. They’ll normally ask you to refund the extra with a gift card or wire transfer and then disappear. Later, you'll find out that the original payment was fraudulent.
Asking for a deposit or prepayment. Sellers who ask you to send them money to “hold” an item could be doing the same to tens or hundreds of other people. Don’t send money until you see the item and are picking it up.
What to do if you think you’re being scammed while shopping online
If you see any warning signs, break off contact with the seller (or buyer). If they’re on a platform like Facebook or Amazon, report them and try to get their account removed.
If you’ve already paid a scammer, you still have a few options:
If you paid with your credit card or debit card, contact the issuer and tell them it was fraud. If you wired a payment, contact the wire transfer company and they might be able to reverse the transfer.
If you paid them through PayPal, Cash App, Venmo, or a similar app, contact their fraud department.
✋ Take action: Protect yourself from the risks of identity theft and fraud with Aura’s $1,000,000 identity theft insurance. Try Aura free for 14 days and see if it’s right for you.
How To Report Online Scams
The best way to reduce your chances of getting scammed in the future is to report online scams when they happen to you.
The FTC offers an online complaint assistant you can use to report fraud and different types of identity theft. You can also escalate your complaint to the FBI’s Internet Crime Complaint Center at ic3.gov.
If you lost money or gave up sensitive information, file a police report and report the identity theft to the FTC at IdentityTheft.gov.
For added support, you might want to consider Aura’s identity theft protection and credit monitoring service. Aura actively monitors your accounts, bank, credit, and devices for signs of online scams and fraud.
Receive alerts in case of suspicious activity on your accounts, block malware and phishing sites, and know if your identity has been compromised in any way.
Should the worst happen, you’re covered by a $1,000,000 insurance policy for eligible losses due to identity theft.