10 Online Scams You Need to Be Aware of—And How to Avoid Them
Swindlers may be following your every tweet and post, looking for a chance to fleece you. Here’s how to confound 10 major online cons.
Free trial offer! (Just pay forever)
How it works: You see an Internet offer for a free one-month trial of some amazing product—often a teeth whitener or a weight-loss program. All you pay is $5.95 for shipping and handling.
What’s really going on: Buried in fine print, often in a color that washes into the background, are terms that obligate you to pay $79 to $99 a month in fees, forever.
The big picture: “These guys are really shrewd,” says Christine Durst, an Internet fraud expert who has consulted for the FBI and the FTC. “They know that most people don’t read all the fine print before clicking on ‘I agree,’ and even people who glance at it just look for numbers. So the companies spell out the numbers, with no dollar signs; anything that has to do with money or a time frame gets washed into the text.” That’s exactly what you’ll see in the terms for Xtreme Cleanse, a weight-loss pill that ends up costing “seventy-nine dollars ninety-five cents plus five dollars and ninety-five cents shipping and handling” every month once the 14-day free trial period ends or until you cancel.
Avoidance maneuver: Read the fine print on offers, and don’t believe every testimonial. Check TinEye.com, a search engine that scours the Web for identical photos. If that woman with perfect teeth shows up everywhere promoting different products, you can be fairly certain her “testimonial” is bogus. Reputable companies will allow you to cancel, but if you can’t get out of a “contract,” cancel your card immediately, then negotiate a refund; if that doesn’t work, appeal to your credit card company. Not all websites will lose you money–Youtube can make you a fortune.
The hot spot imposter (He’s close, real close)
How it works: You’re sitting in an airport or a coffee shop and you log into the local Wi-Fi zone. It could be free, or it could resemble a pay service like Boingo Wireless. You get connected, and everything seems fine.
What’s really going on: The site only looks legitimate. It’s actually run by a nearby criminal from a laptop. If it’s a “free” site, the crook is mining your computer for banking, credit card, and other password information. If it’s a fake pay site, he gets your purchase payment, then sells your card number to other crooks.
The big picture: Fake Wi-Fi hot spots are cropping up everywhere, and it can be difficult to tell them from the real thing. “It’s lucrative and easy to do,” says Brian Yoder, vice president of engineering at CyberDefender, a manufacturer of antivirus software. “Criminals duplicate the legitimate Web page of a Wi-Fi provider like Verizon or AT&T and tweak it so it sends your information to their laptop.”
Avoidance maneuver: Make sure you’re not set up to automatically connect to nonpreferred networks. (For PCs, go to the Network and Sharing Center in the Control Panel. Click on the link for the Wi-Fi network you're currently using. A box with a "General" tab should pop up. Click "Wireless Properties." Then, uncheck the box next to "Connect automatically when this network is in range," and click OK to enable. For Macs, click on the Wifi button in the upper right, click "Open Network Preferences," and check “Ask to join new networks.”) Before traveling, buy a $20 Visa or MasterCard gift card to purchase airport Wi-Fi access (enough for two days) so you won’t broadcast your credit or debit card information. Or set up an advance account with providers at airports you’ll be visiting. And don’t do any banking or Internet shopping from public hot spots unless you’re certain the network is secure. (Look for https in the URL, or check the lower right-hand corner of your browser for a small padlock icon.) Finally, always be on the lookout for these red flags someone is spying on your computer, whether you're in public or not.
The not-so-sweet tweet (It’s a real long shot)
How it works: You get a “tweet” from a Twitter follower, raving about a contest for a free iPad or some other expensive prize: “Just click on the link to learn more.”
What’s really going on: The link downloads a “bot” (software robot), adding your computer to a botnet of “zombies” that scammers use to send spam email.
The big picture: Scammers are taking advantage of URL-shortening services that allow Twitter users to share links that would otherwise be longer than the 140-character maximum for a tweet. These legitimate services break down a huge URL to ten or 15 characters. But when users can’t see the actual URL, it’s easy for bad guys to post malicious links.
Avoidance maneuver: Before clicking on a Twitter link from a follower you don’t know, check out his profile, says Josh George, a website entrepreneur in Vancouver, Washington, who follows online scams. “If he’s following hundreds of thousands of people and nobody is following him, it’s a bot,” he says—a good tip to keep in mind for how to protect yourself online and avoid being scammed.
Your computer is infected! (And we can help)
How it works: A window pops up about a legitimate-sounding antivirus software program like “Antivirus XP 2010” or “SecurityTool,” alerting you that your machine has been infected with a dangerous bug. You’re prompted to click on a link that will run a scan. Of course, the virus is found—and for a fee, typically about $50, the company promises to clean up your computer.
What’s really going on: When you click on the link, the bogus company installs malware—malicious software—on your computer. No surprise, there will be no cleanup. But the thieves have your credit card number, you’re out the money, and your computer is left on life support. Scams are everywhere–you can even become a "doctor" online with just $99.
The big picture: “Scareware” like this is predicted to be the most costly Internet scam of 2010, with over a million users affected daily, according to Dave Marcus, director of security and research for McAfee Labs, a producer of antivirus software. “This is a very clever trick,” says Marcus, “because people have been told for the past 20 years to watch out for computer viruses.” Even computer veterans fall prey. Stevie Wilson, a blogger and social-media business consultant in Los Angeles, got a pop-up from a company called Personal Antivirus. “It looked very Microsoft-ish, and it said I had downloaded a virus,” she recalls. “It did a scan and said it found 40 Trojan horses, worms, and viruses. I was concerned that they were infecting emails I was sending to clients, so I paid to upgrade my anti-virus software. Right after I rebooted, my computer stopped working.” Wilson had to wipe her computer hard drive clean and reinstall every-thing. Although most of her files were backed up, she lost personal photos and hundreds of iTunes files. “I felt powerless,” she says.
Avoidance maneuver: If you get a pop-up virus warning, close the window without clicking on any links. Then run a full system scan using legitimate, updated antivirus software like free editions of AVG Anti-Virus or ThreatFire AntiVirus. Tip: Your "private" browser may not be so private.
Dialing for dollars (With a ring of fraud)
How it works: You get a text message on your cell phone from your bank or credit card issuer: There’s been a problem, and you need to call right away with some account information. Or the message says you’ve won a gift certificate to a chain store—just call the toll-free number to get yours now.
What’s really going on: The “bank” is a scammer hoping you’ll reveal your account information. The gift certificate is equally bogus; when you call the number, you’ll be told you need to subscribe to magazines or pay shipping fees to collect your prize. If you bite, you will have surrendered your credit card information to “black hat” marketers who will ring up phony charges.
The big picture: Welcome to “smishing,” which stands for “SMS phishing,” the text-message version of the lucrative email scam. In this ploy, scammers take advantage of the smart-phone revolution—hoping that a text message to your cell will make it less likely you’ll investigate the source, as you might do while sitting at your desk. Since many banks and businesses do offer text-message notifications, the scam has the air of legitimacy. Shirena Parker, a 20-year-old newlywed in Sacramento, California, was thrilled when she got a text message announcing she’d won a $250 Wal-Mart gift card. When she called the number, a representative explained there would be a $2 shipping charge (later upped to $4 by another “representative”). Parker gave the scammer her debit card number and started getting round-the-clock calls from him, asking for the phone numbers and emails of friends and family. “It was turning into harassment,” she says. After two days, she contacted the Better Business Bureau, which told her that Wal-Mart was not giving away gift cards. Hearing that, Parker’s husband canceled their debit card before the con could empty the account but not before he had helped himself to the $4 “shipping” charge. “I don’t know how they got my name and phone number,” says Parker. “But I learned my lesson.” Scammers can even reach you by mail–beware of this new trick that targets pregnant women.
Avoidance maneuver: Real banks and stores might send you notices via text message (if you’ve signed up for the service), but they never ask for account information. If you’re unsure, call the bank or store directly. You can also try the Better Business Bureau, or Google the phone number to see if any scam reports turn up. Had Parker checked out the phone number, she would have learned this was a scam, and probably could avoid these phone call scams that can steal your money, too.
We are the world (The world of charity scams, that is)
How it works: You get an email with an image of a malnourished orphan—from Haiti or another developing nation. “Please give what you can today,” goes the charity’s plea, followed by a request for cash. To speed relief efforts, the email recommends you send a Western Union wire transfer as well as detailed personal information—your address and your Social Security and checking account numbers.
What’s really going on: The charity is a scam designed to harvest your cash and banking information. Nothing goes to helping disaster victims.
The big picture: The Internet, email, and text messaging have given new life to age-old charity scams. “These cons watch the headlines very closely,” says Durst, and they quickly set up websites and PayPal accounts to take advantage of people’s kindness and sympathy. Durst recalls seeing fake donation websites within days of Michael Jackson’s death, urging fans to contribute to his favorite charities. Natural disasters, too, tend to spawn all sorts of fake charities.
Avoidance maneuver: Donate to real charities on their own websites. Find the sites yourself instead of clicking on links in email solicitations; in the wake of the Haiti earthquake, scammers even set up fake Red Cross sites that looked real. Genuine aid organizations will accept donations by credit card or check; they won’t ask for wire transfers, bank account information, or Social Security numbers. Donations via text message are okay as long as you confirm the number with the organization.
Love for sale (The cruelest con)
How it works: You meet someone on a dating site, on Facebook, in a chat room, or while playing a virtual game. You exchange pictures, talk on the phone. It soon becomes obvious that you were meant for each other. But the love of your life lives in a foreign country and needs money to get away from a cruel father or to get medical care or to buy a plane ticket so you can finally be together.
What’s really going on: Your new love is a scam artist. There will be no tearful hug at the airport, no happily-ever-after. You will lose your money and possibly your faith in humankind.
The big picture: Online social networking has opened up bold new avenues for heartless scammers who specialize in luring lonely people into bogus friendships and love affairs, only to steal their money.
Cindy Dawson, a 39-year-old customer service representative for a manufacturing firm, fell for a Nigerian named Simon Peters whom she met on a dating site. “We started talking on the phone,” the divorced mother of three recalls. “He said his father lived in Bolingbrook, Illinois, not far from me.” They exchanged photos; Peters was a handsome man. Dawson sent him pictures of her kids, who also talked to him on the phone. “He kept saying how much he cared about me,” says Dawson, fighting back tears at the memory. “I was in love with him.”
Soon enough, Peters started asking for money—small amounts at first, to buy food. He always wanted the money wired by Western Union to someone named Adelwale Mazu. Peters said he couldn’t use his own name because he didn’t have the right documentation. “It started progressing to higher amounts of money,” says Dawson. “I sent him money for airfare from Nigeria. I drove to the airport, but he never showed.”
Peters continued working the scam, explaining that authorities in Lagos wouldn’t let him board the plane. Then he needed money for school. Then he was stuck in London. “Everybody told me he was scamming me,” says Dawson, “but I didn’t want to believe it. Finally my 12-year-old daughter said, ‘Stop sending him money; he’s never coming.’” After reading about these types of online scams, Dawson searched for the fake name and figured out that Peters’s photo was a stock image of a male model repurposed from the Web. “He got about $15,000 out of me,” she says. “I was angry, and I felt stupid.”
Avoidance maneuver: “On the Internet, it is almost impossible to be too paranoid,” says Durst. “But don’t be paralyzed; be smart.” Dating and social-networking sites can be a great way to meet new friends, even from foreign countries. But if someone you know only from the Web asks for money, sign off quickly and follow these other tips for keeping yourself safe from online dating scams.
A terrible scam-azon (Yes, that deal really is too good to be true)
How it works: You're doing some online shopping, as one does. You see what looks like a great deal on Amazon, a site you totally trust, and place an order.
What's really going on: The seller's a scammer; they're going to send you a counterfeit product, or nothing at all, and they'll still get your money.
The big picture: These scammers take advantage of Amazon's policies to profit. They post delivery dates that are three or four weeks from the date of purchase. Since Amazon pays its sellers every two weeks, the scammers will receive payment long before you discover that it was a scam. This scam technique hurts not just buyers, but other sellers as well. Rob Ridgeway, who sells board games through Amazon, complains that fake sellers are stealing his business. He's reported many of the scammers to Amazon, but more just keep coming. "I continue to play 'whack-a-mole,' trying to remove fake sellers," Ridgeway told BuzzFeed News.
Avoidance maneuver: Watch out for new sellers (also known as "just launched" sellers), and take a careful look at the seller's reviews before you buy from him or her. If you do fall victim to a scam, contact Amazon; their A-to-Z guarantee says that they have to refund you if you received a fake product (or none at all).
Hitman scam (This one's killer)
How it works: You get an email (or a text) from someone saying he's been hired to kill you, or to kidnap a family member. He'll insist you send a large amount of money to a certain email address in exchange for your safety. Usually, the email will also warn you against contacting the authorities.
What's really going on: There is no assassin. Somebody found your email address randomly (along with hundreds of others) and just wants your money.
The big picture: Your first thought might be to wonder how anyone could possibly fall for this. But keep in mind that the first response of anyone who's just been threatened with murder online is, most likely, to panic. Even scarier, many of these scams include the victim's personal information, which is all too easy to access through social media.
Avoidance maneuver: If you get one of these scary messages, the best thing to do is to ignore it. Responding to the scammer clues them in that they have reached a live account, and they'll probably respond with more aggressive threats. No one wants that. Also, go ahead and contact the authorities; the better to stop the scammer in his tracks. To avoid being scammed, be careful about what you share on social media—there are some pieces of information you should definitely not be posting.
Travel scams (Don't get wander-lost)
How it works: You get an email advertising an amazing deal on airline tickets to some exotic destination. Or, you see such a deal on the social media account of what appears to be a legitimate airline.
What's really going on: Like the "free trial" scam, these travel scams often have all sorts of extra costs hidden in the fine print behind that alluring cheap price. Most likely, you'll end up with a lighter wallet and no plane ticket.
The big picture: The peak time for these kinds of online scams is summertime, when people have vacation on the brain. They're also common right before holidays such as Christmas and New Years. Scammers intentionally choose exotic, remote places that would be difficult to get to without their "amazing offer." Finally, they throw in an expiration date, saying that you've only got so many weeks or months to take advantage of this offer, hoping that a sense of urgency will rope you in.
Avoidance maneuver: Scour the details of the offer before clicking any sort of confirmation button, and certainly before giving any payment information. Make sure that what you see really is what you get. And, even if you crave a solo trip, it can't hurt to get a second pair of eyes as well. Another good tip is just to stick to travel agencies you trust; there are plenty of legitimate sites that still offer good deals. Finally, learning these cyber security secrets hackers don't want you to know will help you stay one step ahead of scammers.