Online scammers can be really creative. There are a variety of hacks and scams targeted at corporations, banks and institutions, although the greatest variety of them is targeted at unsuspecting individuals. Scams may be classified according to what the scammer wants to achieve, which could be:
- To take some of your money
- To steal your account details or identity
- To take control of your system
Let’s take a look at some examples to understand each of these.
Type 1: Scammer wants your money.
In this case the scammer wants to trick you into sending them money willingly. Such scams typically include an emotional message along with an offer of reward. Some examples are:
Bank loan/credit card scam
This classic trick starts with an email or text message telling you that you’ve been approved for a huge loan or for a credit card with a generous limit, which you can claim simply by paying a small “processing fee”.
This one starts as an email which says that you’ve won a lottery and that you must pay a small “transaction cost/fee” which is also used to verify the validity of your account, so that the funds can be transferred to you.
Get rich quick/work from home scam
This one comes in several flavors. It could be a pyramid scheme asking you to buy something to sell it on to other people, or an offer to work from home for outrageous sums of money in an incredibly short time doing next to nothing. The unifying thread is that you will be asked to send a small amount of money for “processing”, “verification”, “fees”, “initial/setup cost”, “initial/one-time purchase”, “training cost”, “learning material”, or some other excuse.
This one is hardly exclusive to E-bay and can come from any online shopping platform. Essentially the scammer will say that they can sell you something for less if you buy directly or transact through a medium other than that ecommerce platform. Once you send the money the scammer (posing as seller) vanishes.
Online love scam
A woman in a distant country or city claims to have fallen in love with you through your profile and pictures on a dating platform. She then asks for money to travel so that you can be together, (and subsequently for many other things).
The Nigerian heirloom scam
A member of the former Nigerian (could be from another neighboring country as well) family who is now an orphaned refugee contacts you for help with the transfer of several million US dollars worth of legitimately inherited funds from a foreign bank account to your country. In return you are offered ten percent or more of the funds. Before the transfer can be done however, you must pay the “verification”, “documentation”, and/or “transaction” fees.
Type 2: Scammer wants to hack your account.
Here the scammers don’t just want some of your money, they want to hack into your bank account or other personal accounts where they may get even more info to rob or leverage you.
You get a legitimate-looking email (or SMS/text) which may seem to be from your bank or an online platform or money transfer service that you use. The email asks you to click on a given link and log on. As soon as you type your password the scammer gets access to your real bank account. Sometimes the fake (phishing) email may ask you to input your personal information, bank/card details, answers to your security questions and so on. With this info the scammer can access your account even without a password.
Phishing is surprisingly common and creative. On a fairly popular ecommerce platform known as OLX a scammer posing as a buyer contacted a seller and offered an attractive price for a used laptop. Offering to pay through bank transfer once the goods were shipped, the scammer obtained the bank details of the seller and gave a shipping address. The seller received an email (phishing) from Barclays bank asking for a courier receipt before the “final step” of the bank transfer could be completed.
Typosquatting (fake URL)
This involves a seeming misspell of a commonly used site. Examples include amozon, e-buy, pasonic, nokla, yahao, and many more. Typosquatting also applies to domains, such as .con instead of .com. Typosquatting is more of a tool used by scammers to mislead people to fake sites and trick them into giving up their account details and personal info.
Text message scam
Nowadays you can also be scammed on your smartphone. This one starts with a text message typically alerting you of a service which is about to expire and must be renewed, for which the text message includes a link. Clicking on that link takes you to a fake site which asks you to download malicious software or provide your personal info. These texts may pose as coming from the likes of Amazon and Apple, or your network provider, or your bank. To avoid being scammed don’t click on any link in an untrusted text message. You are suggested to verify the validity of the text by contacting the bank or another sender before sharing any of your information or downloading anything on your device.
Typically found on Facebook and other social media sites, this one is exceptionally creative. In a chat or group you may be asked seemingly innocent and friendly sounding questions such as “what was your first automobile” and “who was your favorite teacher in primary school”. These are the same security questions that some online platforms and banks ask in the event that you forget your password.
Type 3: Scammer wants control of your system.
Hacker-scammers like to take control of hundreds and sometimes thousands of devices to orchestrate devastating attacks (such as DDOS) on banks, online service providers and e-commerce platforms for financial gains. To take control of your system the hacker-scammer usually requires you to click on a link or download a file with malicious code or software. Typically the notification to download the malicious code comes in the form of a phishing email, text, web popup, etc.
Fake software scam
You get an email, text or popup saying something to the tune of, “your virus definitions are out of date”, or “your system is at risk”, or “your device is performing sub optimally”. The call to action is to download software or a file to fix all of these issues.
Greeting card scam
You get a link in your mail to a greeting card which cannot be viewed without downloading additional software.
There are other forms of online fraud as well. Most of these scams combine two or more techniques outlined above to capitalize on multiple emotions such as greed, compassion and lust. They also utilize several media simultaneously to maximize reach and impact. Having an overview of what online scams look like and what signs you as an individual should watch for are necessary for protecting yourself and others from online fraud and identity theft.