It’s tempting to assume the internet’s ubiquity and maturity has given most people enough knowledge to recognise and avoid internet scams.
Sadly, a battery of statistics suggests that’s not really the case.
The majority of all email sent around the world is classified as unwanted spam, rather than genuine communications.
Internet fraud is believed to have generated more than $1.5 trillion worth of profits in 2018 alone.
And although many victims don’t report what’s happened to them, demographic data reveals everyone is at risk regardless of age, location or gender.
Forewarned is forearmed
The only thing which cuts your risk of falling victim to online fraud is awareness.
Most scams begin with unsolicited contact, impersonating legitimate businesses and injecting a sense of urgency into subsequent actions.
However, staying safe involves more than trusting search engine links, or upgrading social media account logins to two-factor authentication.
It means developing an understanding of current internet scams, which can usually be apportioned to one of four main categories:
The internet is awash with requests for upfront fees or personal data in exchange for goods and services.
Low-quality or fictional products are advertised on community sites such as eBay or Gumtree, typically for high-value items like cars and jewellery.
Funds are politely requested in advance by wire transfer, outside normal platform payment channels so the website can’t investigate subsequent allegations of fraud.
Small businesses regularly receive bogus claims that an invoice hasn’t been settled, or get asked to pay for appearing in a ‘business directory’.
The best-known example of phishing is the Nigerian 419 scam, where victims are encouraged to supply money to unlock a large cash reward.
Other popular phishing scams include emails claiming a customer’s account has been suspended due to suspicious activity, asking people to click a link to ‘reset’ their data.
Most phishing attempts are mocked up to look like financial services communications, albeit lacking the recipient’s name, account number or other unique data.
Some phishing scams revolve around device security, claiming a virus has been detected and that clicking a hyperlink will install antivirus software, or activate remote access support.
Ironically, clicking that link often surrenders the very information victims believe they’re safeguarding.
Sextortion scams are on the rise, where emails claim to have compromising video footage of the victim watching online pornography.
Unless payment is made by untraceable Bitcoin, the non-existent footage will be distributed to email contacts and splashed across social media.
In February, hundreds of people in the UK received emails saying the sender had been paid to carry out an acid attack on them, but they would refrain if the potential victim paid them off.
It’s tempting to respond to a well-paid job opportunity which lands in your inbox, or to ‘accept’ a lottery windfall.
In reality, corporate logos and colour schemes are often pasted from authentic emails, while links lead to websites containing malware and spyware.
Dating scams are widespread, building a rapport with individuals before requesting funds to tackle a supposed illness or family emergency.
Promises of generous returns in exchange for paid memberships or up-front investments in get-rich-quick schemes are commonplace, while debt relief scams are also on the rise.
More ghoulishly, charity scams urge people to donate to bogus fundraising campaigns, in response to recent high-profile crises or natural disasters.
Many internet scams originate overseas, and are written by people whose grasp of the English language is limited.
Look for obvious spelling mistakes, odd sentence construction and confusion between similar words – including the infamous ‘there’, ‘their’ and ‘they’re’.
Don’t trust the From name displayed in emails. Hover your cursor over this field to see whether the actual sender address is a string of random characters.
Top level domains betray an email’s origins, since many scams originate from Russian .ru or Chinese .cn addresses.
Similar vigilance is recommended with website addresses. Mistyping an address can lead you into dubious places, and beware subtly misspelled addresses like amason or e8ay.
Always ask whether you were expecting to be contacted by a particular organisation. If their enquiry seems unexpected or unnecessarily urgent, be very cautious.
Finally, log into website accounts through your browser instead of clicking potentially dubious links, or phone the company to ask if an email is genuine.