How to avoid online scams

Internet is a way to connect with anything you want. The downside is that criminals can do the same, too. Why wouldn’t they – it’s convenient and efficient for all purposes, including crime. That is why a notable part of crime happens online these days. There are some classic scams online you can avoid if you recognize that you are being fooled.

Phishing scams

Phishing is sending mail where the scammer pretends to be a trustworthy party to lure the recipients into giving out their passwords, credit card details or some other sensitive information. This information is used to gain access to the deceived person’s email, social media accounts, or at worst – money.

The scam is often initiated by an email that looks like it would be coming from a legitimate source. Don’t be fooled by the graphic design. Duplicating a legitimate email’s design is trivial and proves nothing. 

Take a close look at the sender and where the links are leading. Most email programs show the link destination when you hover over the link. Is the link really pointing to a legitimate site? legitimatebusinessaddress.com, leg1timatebusinessaddress.com, 1egitimatebusinessaddress.com look somewhat similar, don’t they? The differences can be even subtler. The characters  ⁄  and / look the same, but they’re two different characters. (Look closely!)

The scammers often use shock and sense of urgency to lure you into giving out your passwords. If your bank would send you a message saying that you’d need to identify yourself to stop a breach on your account, you’d be worried. Thinking more carefully, why would your bank do that? They wouldn’t, but the shock of your money being in danger and the urgency to react right away might deceive you into panicking and giving out your banking credentials.

A good internet security suite such as F-Secure SAFE will block known malicious sites, so it is your first line of defense. Nothing can replace good old-fashioned common sense, though.

Fradulent quizzes

There are a lot of harmless quizzes. Still, some quizzes should raise red flags. Maybe the quiz is asking something too personal or it wants access to something valuable. Think for a moment: would you want to give a completely unknown person access to your social media account to find out your full friend list, your email address, or even let the quiz post on social media on your behalf? That doesn’t sound appealing. Quite many do this anyway.

Some quizzes might even try to figure out your security questions. So if a quiz is trying to figure out your email and your pet’s name, mother’s maiden name and the street you grew up on, you might want to think twice.

Cryptojacking

Cryptocurrency has been on the rise in the recent years, so it’s no surprise that cybercriminals have taken interest in it. New currency is created by using computing power to “mine” cryptocurrency coins. To simplify a bit, if you have a lot of electricity and computing power at your disposal, you can turn it into cryptocurrency.

The way to get a lot of computing power and electricity powering it for free is to steal it. Getting unauthorized access to unsuspecting people’s computers is what cryptojacking essentially is. The criminal scams people into installing malware that mines cryptocurrency in the background, eating up resources and driving up the electricity bill.

The way to stay safe from cryptojacking malware is to have an up-to-date internet security suite that will protect you from all sorts of malicious software, including cryptojacking malware.

A less drastic version of cryptojacking is browser-based cryptojacking which is also called drive-by cryptomining. Some sites are mining cryptocurrency on a JavaScript while you are on that site. That alone is not producing a lot for the site’s owner, so some have resorted in even more sketchy tactics. They open up a hidden pop up window behind the current browser window and keep mining after the user leaves the site. Even that doesn’t add up to much with one site only, so some have taken it up a notch: hacked other sites to include that same window. Now they’re getting some scale.

Fortunately drive-by cryptomining is not persistent, so it stops as soon as you shut down your browser. If you notice your browser suddenly taking up your computer’s resources, restart it. (Note that there are numerous other valid reasons why your browser could do this, so 100% CPU load doesn’t mean somebody is mining on your computer.)

Online dating scams and sextortion

We humans are geared towards finding love. Whenever we’ve got a drive, there will be criminals abusing it. There are scammers preying on unsuspecting people on online dating sites. They try to gain their mark’s trust first and then they try to get their money – either by appealing to them or blackmailing them with compromising photo and video material they’ve seduced their mark to send.

Avoiding this kind of scam is easy – or hard, depending on your view. You just need to be skeptical of unknown people’s motives online, especially when money or compromising material is involved.

There’s also an alternative way of blackmailing online with fear of compromising material getting out, so-called sextortion. A typical sextortion scam doesn’t involve any actual photos or videos, just the fake premise that the scammer would have such material.

Often used variant of this tactic is that the scammer spams the victims by using databases of leaked email/password combinations. (By the way, don’t recycle passwords, because they will be leaked sooner or later. Use a password manager such as the one included in F-Secure TOTAL.)

This is where the scam stops being technical and gets psychological. The sextortion email is usually written in a convincing way. The trick they are using is the fact that they know one of your old passwords from an old password leak and let you believe that they have had access on your files and webcam through it. That is obviously not true. However, when you’re shocked, ashamed and scared it’s not that obvious.

They say that they will send the compromising material to your contacts (which they fraudulently also claim to have) unless you send them a notable sum of money in cryptocurrency. They trust that by spamming enough people a small percentage falls for this, because the emails are usually well written and they explain their threat in vivid detail, forcing you to imagine the consequences.

The solution to this kind of scam is easy. Ignore it. Don’t pay. They don’t have anything. Even if they actually did have something (which they don’t), why wouldn’t they blackmail you again and again after they’ve got the first payment? All this scam should lead you to do is to remember to not recycle your old passwords.

Avoiding online scams

To avoid these scams, you need to be smart and vigilant. Here’s a quick list of the simple steps you need to take: 

  • Don’t click on suspicious links.
  • Don’t give out personal information unless you need to
  • Don’t give out compromising material
  • Learn to recognize what’s real and what’s fake
  • Protect your computers, tablets and phones with an internet security suite to stay safe from malware and malicious links.

Choose F-Secure SAFE internet security suite for worry-free online life. You can try it 30 days for free. 

 

Try free for 30 days

Get started with SAFE  in just a few minutes – try it free for 30 days, no credit card required.