Online scams fool even the best of us. What to look out for (guide)

Online scams fool even tech-savvy people, so what hope do Joe and Jan Average have to avoid the minefield of email, SMS, phone call and website scams?

Consider a CyberShack reader John, who found himself fooled by online scams. At 80 years old and not particularly tech-savvy, he was enticed by an offer to remove annoying YouTube ads forever. Come in, sucker. Now, his credit card number, CVV, name, address, and more are in the hands of these scammers.

Our advice was to call the bank, cancel the credit card (and get a new one), and run a malware detector like Malwarebytes on his Android phone and tablet. Within 24 hours, the scammers had made several credit card purchases. At our recommendation, he purchased Malwarebytes, which revealed that the so-called ad blocker was a Trojan Horse that stole banking credentials.

“But the offer looked so real. A professional-looking website too.

Below is a Facebook link that takes you to Yahoo!Finance website – but its not!

We also ran a dark web search on John’s email address and Telephone number using Trend Micro ID Protection Advanced – no ID theft for you. His details are in multiple hacked databases, but the worst was a 2019 Facebook breach that had all his personal data.

“Jeeze, I just use it to keep tabs on the grandkids.”

John was lucky—a few hundred dollars lost, and now he will be more aware of the risks.

Online scams take many forms

Email scams

The internet is the primary attack vector, and email scams still account for the highest proportion of attacks. If your email is on a hacked database, expect several convincing scam emails a week. Worse, scammers are probably using your spoofed email address to send scams to your contacts.

Our advice is to ignore any unsolicited emails, especially those that look too good to be true, and never send money.

Solution: Stop using your email address for anything important and get another that is ‘clean’. If you have a clean email (check at, then get a junk email address to use for everything online.

SMS Scams

This means that scammers have your phone number. You can use the phone’s block and report spam instead of getting a new clean number (recommended). It is reactive rather than proactive but reduces SMS spam over time.

There are way too many SMS scams ranging from ‘non-delivery, go to our website’ to ‘your son/daughter/wife has been in an accident – send money now’.

Computer Virus Scams

Drive-by malware – You visit a website, and it secretly downloads malware. You may get a message that your computer has been infected, so call the number on the screen to get ‘Microsoft’ help.

Don’t do it. Run a scan if you already have paid anti-virus/malware software (Read Is Windows Security good enough to foil the bad guys?). In any case, it should have prevented the malware anyway, so you would not be infected.

If not, you can easily remove most malware using the free Trend Micro HouseCall or free Malwarebytes.  As with all trialware, you can use it briefly before it asks you to pay.

Warning: Do not download any app suggested by the virus notice – it will be malware.

Ransomware – You get a message that your computer is locked and you must pay a ransom.

Seek professional help, as there are tools that may assist in recovering your data. The best protection against Ransomware is to back up data to an external SSD pocket drive, but make sure you remove it after each backup, or it could be locked too. Trend Micro Device Security Ultimate – excellent broad-spectrum protection has ransomware folder protection (as do many other paid anti-virus/malware apps),

Website scams

Fake, professional-looking websites abound on Facebook and other social media platforms. Never click through; instead, do a Google Search for the real website. Read more about how to identify them here.

What else you can do

To protect yourself from falling victim to these scams, be vigilant (sceptical) and informed.

Be Wary of Unsolicited Emails and Messages

One of the most common ways scammers reach out to potential victims is through unsolicited emails, messages, or phone calls. Be cautious when interacting with such communications, especially if they ask for personal or financial information. Legitimate organisations typically won’t ask you to provide sensitive details out of the blue.

Verify the Authenticity of Websites

Before making any online transactions or providing personal information on a website, ensure that it is secure and legitimate. Look for HTTPS in the URL and a padlock symbol in the address bar, indicating a secure connection. Additionally, research the website and check for reviews or complaints from other users.

Double-check URLs and Domain Names

Scammers often create fake websites with URLs similar to legitimate ones. Before entering any login credentials or financial information, carefully examine the URL to ensure it matches the official website of the company or organisation you’re dealing with.

Exercise Extreme Caution on Social Media

While social media platforms are great for staying connected with friends and family, they can also be breeding grounds for scams. Be wary of friend requests or messages from unknown individuals, and avoid clicking on suspicious links or advertisements.

Use Strong, Unique Passwords

A strong password is your first defence against unauthorised access to your accounts. Avoid using easily guessable passwords like “123456” or “password”; instead, opt for complex combinations of letters, numbers, and symbols. Additionally, different passwords should be used for each online account to minimise the impact of an account compromise.

Enable Two-Factor Authentication (2FA)

Two-factor authentication can significantly reduce the risk of unauthorised access to your accounts by adding an extra layer of security. This typically involves receiving a one-time code on your phone or email that you must enter along with your password when logging in.

Stay Informed About Common Scams

Familiarize yourself with the various online scams prevalent today, such as phishing, identity theft, and romance scams. By staying informed, you’ll be better equipped to recognise warning signs and avoid falling victim to these schemes. Scamwatch is a good Government site.

Trust Your Instincts

If something seems too good to be true or feels suspicious, trust your instincts and proceed with caution. Scammers often manipulate their victims with enticing offers or fear tactics. Take time to assess the situation, and don’t feel pressured to act impulsively.

Keep Your Software Updated

Ensure that your operating system, antivirus software, and other applications are updated with the latest security patches. Software updates often include fixes for known vulnerabilities that hackers could exploit to gain unauthorised access to your device or data.

Report Suspicious Activity

If you encounter suspicious emails, websites, or messages, report them to the relevant authorities or organisations. Reporting scams not only helps protect yourself but also assists in preventing others from falling victim to similar schemes.

CyberShack’s view – Online scams are everywhere

I get between 10 and 20 scam emails, SMS, or phone calls a week. Yes, my personal email address, which I have had since 1992, has been involved in many data breaches. But some are so targeted, so true that I have to think twice – or more.

The message is simple. Don’t do it. The best way to stop online scams is to ignore them.