It's more important than ever to recognize the signs.
Scams are on the rise, both online and off. AI makes it even more difficult to see through the misdirection.
Let's review some of the signs of online and telephone-based scams.
Become a Patron of Ask Leo! and go ad-free!
Scam signs
Scams are increasingly sophisticated. They often use urgency, fake links, offers too good to be true, and requests for personal or financial information. Beware of unsolicited contact, impersonations, and payment via irreversible methods like gift cards. Verify independently, stay cautious, and keep your technology secure to protect yourself.
Before we dive in, I need to point out that many of these signs are not absolute signs of a scam. Sadly, sometimes even legitimate contacts will have some of these characteristics.
But you should be aware of them. Be cautious, particularly when there is more than one warning sign.
Online scams
These days, when we think of scams we think first of the online world. Email, social media, messaging apps, and more have all become tools for scammers and others with malicious intent. Here are a few things to watch for online.
Contact out of the blue. Many online scams begin with a simple email or message from someone you don't know. Sometimes they'll fake having contacted the wrong person in order to engage you in a conversation. Sometimes the message will say you've won a prize of some sort.
Dodgy links. Particularly in email scams but possibly in any online form, you'll be asked to click on a link. Examining the link closely will show it to be to a website you've never heard of, or may be a URL you can't interpret.
Urgency. This is a hallmark of many scams. There's a sense of implied or explicit urgency. Sometimes it's a threat to close an account, sometimes it's some kind of legal action, and sometimes it's threatened harm to yourself or a loved one.
Too good to be true. Everyone understands this phrase, but surprisingly few take it to heart. Scammers know this. We want what is being offered even though a moment's thought would tell us that it can't be true or is very unlikely.
Personal information. Asking for personal info is another hallmark of many scams. A legitimate company will never (NEVER) ask you for your social security number, password, or PIN via email.
Bad English. (Or whatever your native language might be.) This used to be one of the clearest signs of bogus messages. You'll still see lots of it in your spam folder, I'm sure. But one thing AI allows scammers to do is create legitimate-sounding messages with nearly perfect grammar.
Crypto/gift cards/wire transfers. Each of these methods of money transfer is irreversible. Unlike credit cards, once you've sent money using these ways, you cannot get it back. Scammers love this.
Impersonation. Celebrities are getting impersonated right and left, but even friends and family are seeing fake accounts crop up. Celebrities will never reach out to you for any reason, but fake "family" and fake "friends" might contact you for any number of fake reasons.
Telephone Scams
The lowly telephone -- landline or mobile -- is another common way scammers try to reach out and scam someone.
In addition to the items listed for online scams, here are a few more things to watch for.
Unknown numbers. If you have caller ID, watch for numbers you don't recognize. (If you don't have caller ID, it's worth every penny.)
Authority figures. Scammers often pretend to be people in positions of authority, such as the police, government agencies, technical support, and others. For example, most government agencies won't call you, preferring the audit trail created by sending you physical letters in the mail.
Up-front payment. The so-called "advance fee" scam asks you to pay some amount of "fee" or "tax" in order to receive a larger amount in return. The larger amount never arrives.
Urgency. Very much like online scams, telephone scams often play this even more strongly, threatening dire consequences if you don't act immediately. Often this includes instructing you not to hang up the phone.
Personal information. Personal information is valuable to scammers, but another variant that can bypass two-factor authentication on your online accounts is a phone call impersonating an authority and asking for a PIN you're about to receive in an email or text.
Crypto/gift cards/wire transfers. Requests for any of these are almost always a sign of a scam, as your money transfer is irreversible. Once gone, it's gone.
Do this
Here are some tips to keep yourself safe.
Know the signs. I'm certain the list above isn't comprehensive, but it does represent some of the most common clues that something might be a scam. Pay attention to them. Never be afraid to take extra, independent steps to verify whatever catches your attention. Don't worry about being polite.
Never use contact information provided over the phone, in email, or on websites you aren't 100% certain of. Instead, contact the organization directly, using phone numbers, websites, or email addresses you already know are correct. Use this known-good contact information to verify what your potential scammer is asking.
When in even the slightest doubt, ignore the message or hang up. You can once again use the contact information you already know to be correct to verify whatever sounded fishy.
Keep your technology current and safe. Make sure your security software (and all your other software) is up to date. Add two-factor authentication to all your online accounts that support it. Use unique, long passwords, and a password manager to keep track of them all.
And, of course, subscribe to Confident Computing! More confidence and less frustration delivered to your inbox every week.
Podcast audio
Related Video
“When in even the slightest doubt, ignore the message or hang up.”
Unless I’m 100% sure a phone call is from someone I know or have done business with, I hang up without even saying goodbye.
In most cases, any legitimate callers will be in my contacts list. Again, it’s not a 100% sign of a scam or spam, but it’s one more sign.
Timely article again Leo.
We were reading of a horrific scam using Google Forms in a way that EASILY could fool even the most aware.
I hope it is okay to add a link to the story.
https://krebsonsecurity.com/2024/12/how-to-lose-a-fortune-with-just-one-bad-click/
I was getting many scam calls claiming to be from my internet provider .
They sounded like they were reading from a script, but the foreign accent is the first hint…
If I had the time I would quiz them on the local geography..eg name some suburbs close to where you work. One valiantly said “China town”…I still smile at this nice try.
It definitely sounds like a scam, but many (most?) US companies outsource their support to Asian countries and use a script, so a foreign accent and not knowing the local geography is not a good indicator of a scam in itself. Your question got a response that showed it was a scam. If it were legit, the caller wouldn’t have tried to make up a location. A better question to ask would be something concerning your account, such as “How much was my last payment”. Also, the fact they phoned you is one clue that it was a scam call. As for the accent, the US has so many accents from all over the world.
indeed…but when they said they were ringing from my birth city.. I could not resist the challenge.
For phone calls, I have a MagicJack device connected to my wireless home phone system, and I keep their call screening feature enabled. I also have a smart phone for mobile use. I use my home phone for all business purposes. I never give out my mobile phone number to anyone who’s not a family member. When I receive a call on my smart phone, if I don’t recognize the number, I drop the call without answering. On the other hand, when I receive a call on my home phone, I answer even if I don’t recognize the number. If the caller’s willing to jump through the hoop to connect with me, I’m willing to (cautiously) answer the call, as I frequently receive calls from service providers I have an account with
For email messages, I have Thunderbird configured to display the sender’s email address. If I don’t recognize it, I delete the message without ever opening it. For all email messages I receive and open, I check the URL any hyperlink will send me to against the text on the label, if they don’t correlate, or I can’t decipher the URL, I delete the message immediately. When I receive email messages from friends/family, I call to confirm they sent the message before opening it. Any email messages I receive from websites I know and trust, I open the message, but before clicking any hyperlink, I verify the URL it will send me to against the text on its label. In most cases, these are links to newsletters, or responses from material I post on a few sites, so I know what to expect in the URL. If anything looks amiss, I delete the message and continue whatever I’m doing.
Social media wasn’t mentioned here, but I’m always very careful to keep any information about myself/family/friends as generic as possible. When referring to family, I use ‘wife’, ‘son’, ‘daughter’, etc. When referring to friends, I use first names only. When talking about myself, I try to keep dates (1990s, etc.), places (Ohio, etc.), etc. as vague as possible. I avoid referring to communities around my home town, or my home town itself by name. If I keep all this data as vague as I can, perhaps the bad guys will have a harder time impersonating me.
These are most of what I do. I hope it helps others,
Ernie
Magic Jack is great. I live in Germany and my family all live in the US. My brother is not a fan of WhatsApp and we can call each other with my Magic Jack number, I never used their USB jack, I installed the Magic App on my phone and I have no idea where the jack is.
The thing that matters is that the service works well for you. I have the MagicJack app installed on my mobile phone too, so I can get calls to my ‘home phone’, even when I’m away. As you say, it works great for me too!
Ernie
And for people without a cellphone, you can get SMS messages sent to your Magic Jack. I’ve found this to work most of the time but for som reason, it doesn’t work for every service. One thing I can’t understand is why all websites haven added a “phone me” option for everything that requires a mobile number, and why don’t landline providers implement SMS. The technology already exists.
I wrote Magic Jack and suggested they offer the Magic App as a standalone app. It’s great for anyone around the world who communicated with prople in the US. One of my daughters travels a lot and uses a Magic App number as her business phone so her clients can call her at her US number wherever she is. They think they are talking with her in the US.
Where would a landline SMS go? A landline is most commonly just a (old style) telephone with no mechanism for anything textual.