Recognize online scams and protect yourself from them

Tämä sisältö on saatavilla myös suomeksi.

Online scams are increasingly often nowadays. In this article I concisely describe how each of the most common scams work, and what’s common to them.

The typical red flags

These apply to all categories, and if you notice any of these, it’s likely you’re being scammed.

• A phone call comes from a phone number outside of your country. In the USA, your country code is +1, and in the UK it’s +44. If a phone number has any other country code, you can safely assume the caller is located outside of your country. However, even if the call comes from your own country doesn’t mean the caller is benevolent.
• This is the first time you’re hearing about something you should already know. For example, you could be getting a call from the USPS claiming you have received a package that needs to be imported, or a package with your name containing illegal goods has been confiscated, even though you haven’t ordered anything.
• There’s little to no time to act. Scams rely on two things, in this order: your weakened capability of doing rational decisions, and your trust. Hurry targets the prior: usually we tend to make worse decisions when under a time pressure.

Five don’ts

• Don’t give any identifying information over the phone or over email. Authorities and banks have their own channels of handling this kind of information. Identifying information includes your street name, house number, city, email address, your workplace and the bank you use.
• Don’t let anyone access your computer over the internet (remotely) if you don’t know them and haven’t met them in person.
• Don’t open any emails that promise you millions of dollars of money (even if it’s the prince of Nigeria).
• Keep away from untrustworthy websites. If you visit them and notice it might not be the real deal, close your internet browser.
• Never download software that’s normally paid, but is now free.

You’re eligible for a refund

No, you’re probably not. But the scammers rely on you thinking you’re eligible even if you don’t remember it.

This scam is usually quite straightforward: you get a call, and the scammer explains they want to send you money because you’ve overpaid, or for some other reason. To get the funds, the scammer requests you to give access to your computer to handle the transaction.

Bank account

You’re often required to log in to your bank account to “choose which account you’re credited to”. The purpose of this step is to give access to your bank, and to make you memorize your account balance. This is crucial for the scam to work.

You should never let anyone access your bank account using your credentials, or when someone is connected to your computer.

Banking server

It usually starts with the “banking server”. This is often just the terminal of your own computer, which the scammer controls since you’ve allowed them to access your computer. It looks technical, and might lead someone to believe you’re interacting with something special. Usually you need to type in your name, perhaps your street address and your email. Then, as the last step, you need to type the refund amount in the “banking server” yourself. Once you’ve written $400 for example, the scammer appends one or two zeroes and "accepts" the refund of $40,000.

Back to bank

Now the scammer acts all surprised and blames you on the mistake. Usually, depending on the scammer, they blank your screen so you don’t see the actual “trick” taking place. While your screen is blank, the scammer is editing the DOM, meaning the “recipe of the webpage” to make it look like you’ve received a transaction of $40,000 in this case.

Paying back

Then the scammer tells you they’re about to lose their job if you don’t pay them back. But instead of a wire transfer, you must pay using gift cards. And they’re even nice enough to let you pay back as much in giftcards as you’re able to get. This is because even if you had the money to buy forty thousand USD worth of Google Play cards (which would be 80 cards), the shop staff doesn’t let you buy that many cards. The staff plays an important part in preventing the financial damage incurred by these scams.

You’re suspected of illegal activities

Again, you probably aren’t. If you were suspected of any crime, you would receive a call from the police, not from some guy in Pakistan. In these cases specifically, a special red flag applies: if you’re being threatened in any way, you’re not dealing with the authorities. The scammers have a tendency of saying things like “I’ll call the FBI if you don’t do this or that” or “this is mister John Weston from the Secret Service”. If you were being investigated by the FBI, or the Secret Service, instead of a call you would receive a free ride to the nearest facility to being questioned.

You’re given options

Usually there are two options, which both are far from what we would normally see in developed countries:

1. the public way: you’re given an option to not do anything, and the person calling you would “print your picture in the tomorrow’s newspaper”. At this point they don’t even know how you look like, so the chances of getting your face on a newspaper would be rather low.
2. the private way: if you don’t want to see your face in the tomorrow’s newspaper, you’re given an option to pay the investigation to an end. The payment methods are usually gift cards such as Google Play or Apple cards.

How to end this

Needless to say, neither of these options are something the authorities would normally do. You’d be just fine if you just hung up the line. And if it was really the police, FBI or the Secret Service, they’d come for you eventually, in person.