How to Spot the 5 Most Common Types of Internet Scams

Internet fraud is on the rise. In 2021, 323,972 phishing, vishing, smishing and pharming crimes were reported to the FBI’s Internet Crime Complaint Center¹, up 34 percent from the previous year. Many of these scams used spoofing, when fraudsters pretend to be a legitimate organization or company. Read on to learn how to spot spoofing and other common methods used by scammers online.

What is spoofing?

Spoofing is when a fraudster uses an email address, sender name, phone number or website URL to try and convince you that you’re dealing with a trusted source. Sometimes, fraudsters have the technology to trick your phone or computer into displaying legitimate contact information, like the phone number of a bank or your local sheriff’s department.

Other times, fraudsters might change as little as one letter, number or symbol in an email address, phone number or URL to trick you into thinking you’re working with a legitimate person or business. They may ask you to download malicious software, share personal information, or even send money.

Five ways to spot spoofing

1. An email has a generic greeting (like “Dear customer”) instead of your name.
2. A caller says your account (with a utility company or a shopping website) is on hold because of a billing problem.
3. A text message asks you to click on a link to update your payment details with a known company.
4. A domain name doesn’t quite match the official URL for the business.
5. The message appears to be from a legitimate business but is unexpected and asks you to log in, share information, or send money.

What is phishing?

Phishing scams are used to trick you into providing personal information such as logins, passwords, credit card numbers or PINs to fraudsters. They happen by email, on social media, in pop-ups and in search engine results. Some phishing scams may also use spoofing techniques to try and trick you that you’re dealing with a well-known company or organization.

In a typical phishing scam, fraudsters are trying to get you to part with personal information, or to install malware or viruses (which will be used to steal personal information) on your computer or mobile device.

Four ways to stay safe from phishing scams

1. Protect your computer by using security software.
2. Protect your cell phone against security threats by setting software and apps to update automatically.
3. Use multi-factor or two-factor authentication (MFA or 2FA) to protect your accounts when available.
4. Beware of unexpected messages that encourage you to click links, or to act with urgency or fear.

What is vishing?

Vishing scams happen over the phone or voice mail. Like phishing, the end goal is to steal money or personal information through deception. Some vishing scams may also use spoofing techniques such as spoofed caller ID information to trick you into thinking it’s a legitimate or known business calling you.

With as many as 68.4 million Americans reporting losing money in phone scams in 2021, it’s also particularly tough to spot. The calls seem legitimate because the fraudsters often know specific details about you — information they’ve pulled from other sources.

Five ways to protect yourself from vishing scams

1. Don’t answer phone calls or voice mails from callers you don’t know. Never call back using a number provided by a potential fraudster — instead, look up the number from the company’s official website.
2. Look up the company’s phone number yourself and, if needed, call them to ask if the request is legitimate (after hanging up with the original caller).
3. Similarly, do not necessarily trust caller ID, as it may be spoofed.
4. Never share personal details with a caller, even if they already know some of your information.
5. Remember, Patelco will never ask you for your account details unless you call us first.

What is smishing?

Smishing, also known as SMS phishing, is another type of scam that relies on text messages, often ones that look like they came from someone you trust like your boss, the IRS or your bank. With smishing, fraudsters want to fool you into clicking a link and sharing personal information on a spoofed website.

To protect yourself from smishing attacks, filter messages from unknown senders or enable spam protection on your phone.

Four ways to identify a smishing text

1. The message seems urgent: “Respond within 24 hours to redeem your prize.”
2. The message contains a short URL.
3. The company’s name isn’t in the message.
4. The message is unexpected, such as asking you to click a link to receive a package.

What is pharming?

Like the other online scams, pharming attacks are meant to steal your private information. Pharming may manipulate or redirect the traffic from a legitimate website, such as through spoofed websites or misleading posts or ads on a legitimate website. Pharming may also use malware, spyware, ransomware or adware to install malicious code on a computer or server, which can send you to a fake website, where you may be tricked into entering your login details, Social Security number, or other sensitive information.

Pharming can be difficult to spot and avoid, but regularly monitoring your financial and social accounts can help you spot if you may be a victim.

Five ways to tell you may be a victim of pharming

1. Bank charges you do not recognize.
2. Posts or messages on your social media that you did not post.
3. Social media friend or connection requests that you did not send.
4. New passwords for your online accounts.
5. Programs you did not download or install appear on your device.