How to stay safe online: Phishing, scams and fraud prevention

Checking a bank balance, shopping on Amazon or downloading a new app are things we all do online nearly every day. 

As the digital world drives more of these daily tasks, cyber criminals are growing more sophisticated and finding unique ways to access your data and your identity.

A cybercrime is any type of criminal activity that is carried out online and it can happen to anyone. In fact, a study conducted by the University of Maryland revealed that a cybercrime is committed every 39 seconds in the U.S. It is also estimated that 1 in 3 Americans are affected by cyber-attacks each year. 

The rate of cyberattacks in the U.S. has only increased since the start of the pandemic. With the bulk of  businesses switching to remote work and millions of Americans working from home for the first time, the risk of cybercrime is as high as it has ever been. The consulting firm Deloitte revealed that between February and May of 2020, there were over half a million cyberattacks on video conferencing services. 

The dramatic increase in cyberattacks since the start of the pandemic has revealed that no one is immune and everyone should know the basics about the different types of attacks and how to protect oneself online. While there are dozens of types of cyberattacks, we will be focusing on phishing, scams and frauds in this article as they make up the majority of cybercrime. 

What are the risks of cyberattacks?

Although anyone can fall victim to a cybercrime, young people in their 20s tend to be most susceptible to cyberattacks. This is likely due to the younger generation’s increased dependence on technology. Although those in their early 20s tend to be the most susceptible to cyberattacks, the second most vulnerable group are the elderly and this demographic tends to lose more money from cyberattacks than younger people. 

The consequences of a cyberattack can vary, but some of the most common repercussions include identity theft, theft of sensitive data, theft of funds, unauthorized transactions, loss of usernames and passwords, loss of intellectual property and installation of malware and ransomware. A cyberattack can also have devastating effects on the reputation of a business or individual. 

What is phishing?

One of the most common ways people experience cyberattacks is through phishing. Phishing is when a hacker poses as a trustworthy source in order to gain access to your sensitive information. This act is called phishing because it is similar to the act of fishing where someone provides a fake lure for the fish to bite onto. The lure is most often a familiar-looking email, website or ad and the trap is requesting personal information, such as your bank account information, Social Security number, password, etc. In fact, research has found that 91% of all cyber attacks start with a phishing email. If you receive any type of email that seems at all suspicious, therefore, do not click any links, provide any information or respond. 

Types of phishing 

The most successful and dangerous of all the cyberattacks is phishing and there are several types you can fall victim to make sure you are aware of all of them. 

Email phishing

Email phishing is when a hacker sends an email disguised as a trustworthy source. This will often manifest as an email from your work or a familiar company asking you to update your personal information. You may also receive emails saying you are in trouble or your passwords have been compromised and you need to call a number or follow a provided link to manage the issue. 

Spear phishing 

While email phishing tends to contain generic content that could apply to anyone (and is sent out to hundreds or thousands of people), spear phishing is a type of email phishing specifically targeted towards one individual. Think of casting out a large net to catch fish versus directly targeting one fish with a spear. This type of phishing is particularly challenging to identify because the content of the email is often very personal to you and is carefully designed to get you to click on a link or attachment. 

Whaling/CEO fraud 

Whaling is a type of spear phishing that is targeted towards a high-profile person, such as a CEO of a company. This type of phishing can be devastating for businesses. It’s called whaling because the catch is so large. 

Smishing

Smishing is a type of cyberattack that uses mobile devices as the attack platform. This type of phishing happens through text messages or SMSs, which is how it got its name. 

Vishing 

Vishing is short for voice fishing and is the use of phone calls to conduct phishing attacks. If you have ever received a voice message saying you need to update insurance information or are in trouble with the government, this is likely a form of vishing and you should ignore it. 

How to recognize phishing 

If an email, text message or phone call seems even remotely suspicious, trust your instincts and ignore or report it. Here are the main signs the email is not from who they are:

• Incorrect URL or domain name: Sometimes hackers will hyperlink a URL so that it looks like the link will take you to a familiar website, but really it’s going to take you somewhere else. Before clicking, hover your mouse over the URL. If it shows a different URL than the one listed, it is likely a scam and you should not click on it. 
• Ask for personal information: If the content of the email you have received immediately asks for personal information, such as your Social Security number, that is a huge red flag. There is rarely a time a website or even your bank account will request personal information in an email out of the blue. 
• Spelling, punctuation or grammar errors: If you notice grammatical mistakes and spelling errors in the content of the email, the email is likely not from a reputable source. Trustworthy websites rarely send out emails that have errors in them since they tend to be heavily proof-read. 
• The use of threatening, urgent language or ultimatums: Often, cybercriminals will use fear as a tactic to get you to comply and give up information. If you receive a cryptic email that contains threatening language, do not panic, it is likely just a phishing email. 
• Offers and services: If you receive an email with an offer that seems too good to be true, such as winning a million dollars, there is a high likelihood that the email is a scam.
• Donations: As awful as it is, many cyber criminals will pretend to be a reputable charity in order to get you to donate money. If you receive an email from a charity you would be interested in donating to, go directly to their website, do not send money through an email link if you have not subscribed to their newsletter. 

What to do if you responded to a phishing email 

• Change passwords: If you clicked on a link from a phishing email and it directed you to a site that appeared to be your social media account, bank account, email service or anything else personal to you, you will need to immediately change your passwords for that site. If your password is the same for other sites, you will need to change it on those websites as well. 
• Scan computer for viruses: If you clicked on a link, filled out personal information or downloaded an attachment from a phishing email, you will want to scan your computer for viruses with antivirus software. You can also contact a security expert and have them scan your computer for you. 
• Secure VPN: If you are frequently receiving phishing emails, you may want to consider downloading a Virtual Private Network (VPN) to your computer. A VPN can help prevent cybercriminals from contacting you. 
• File a report with the Federal Trade Commission: If you believe you are a victim of identity theft, you should immediately fille a report with the Federal Trade Commission (FTC). The FTC will help you determine how your identity was stolen and guide you through next steps to take through a personalized recovery plan. 
• Contact the company that was spoofed: Most companies likely have no idea they are being impersonated. A good thing to do if you receive a phishing email that is pretending to be a reputable company is to let the real company know. They may be able to help stop the spread of future phishing emails. 
• Follow your company’s procedures: If you fell victim to a phishing scam on a company computer, you will need to immediately let your employers know. They will help guide you through next steps to take. 

What is a scam? 

A scam is any type of scheme that takes money from an unsuspecting person. This past year in 2020, consumers lost more than $3.3 billion from scams and the average consumer lost $311 from a scam, according to the FTC. 

5 common scams 

• Lottery, sweepstakes and competition scams: If you have been told you have won some sort of lottery or competition, there are a number of ways to determine if it’s a scam or not. If you did not enter a lottery or competition, then you likely have not won anything and you are being scammed. Additionally, if you are being asked to pay a processing fee or taxes upfront before receiving your winnings, it is likely a scam. Another scamming tactic to look out for is if you are asked to wire money in order to receive your prize from a foreign country. 
• Dating and romance scams: Another type of scam is when cybercriminals will create a fake dating profile and attempt to enter into a virtual relationship with you so that you will give them money to help them with various fake scenarios, such as illness or family problems. 
• Credit card and online account scams: Many scammers will impersonate your bank or online payment service (such as Venmo) and request you provide details about your account in order to fix some fake issue. This usually occurs over email but sometimes via telephone as well. If you are unsure whether it is a scam or not, contact your bank directly, not through the number that was called or via the link sent to you over email. 
• Investment or tax scams: A common way scammers may try to steal your money is by impersonating a local tax authority and requesting personal information about your finances. They may also claim you have made a mistake on your taxes or haven’t paid a tax bill and are at risk of facing severe penalties if you do not respond to them immediately. 

COVID-19 scams 

There have been many new types of scams emerge as a result of COVID-19. Make sure you are aware of the different types of COVID-19 scams you could face in the future. 

• Health insurance scams: A common scam throughout the COVID-19 pandemic has been health insurance scams. Since obtaining health insurance is such a confusing process, many scammers will capitalize on this confusion and sell people fake health insurance. A common scam currently circulating are phishing emails and phone calls about “corona insurance.” 
• Vaccination card identity theft: Many people have suffered identity theft after posting their vaccination cards on social media. There is a lot of personal information on those cards so keep this card to yourself and off the internet.
• COVID-19 testing, vaccine and treatment scams: Some scammers will pretend to offer the COVID-19 vaccination in order to obtain your personal information. 
• COVID-19 funeral assistance scam: If you have a family member who has passed away from COVID-19, be aware that some scammers will pretend to be from FEMA’s COVID-19 Funeral Assistance Program. They may call or email to register your family member in an attempt to steal your family member’s Social Security number and other personal information. 
• Grandparent and military service member scams: Watch out for a scammer impersonating your grandchild or a military service member and asking you to wire them money to pay for medical services, particularly relating to COVID-19. 
• IRS checks and scams: Some scammers will pretend to be the IRS or other government agency and ask you to send in money in order to receive a check from the government, such as the COVID-19 stimulus check. 

How to recognize a scam 

• Unsolicited or unexpected contact: If you receive an email or phone call that says you need to do something urgently but the message is completely out of the blue, this is likely a scam. 
• Requesting personal information or money: Any contact that is unexpected but asks for money or personal information is rarely legitimate. Scammers may make you think an action is time sensitive so you do something impulsive. Instead, take your time and contact the websites and phone numbers you trust to verify you actually owe money or need to give out personal information before doing so. 
• Random competitions: If you have been told you won a competition but did not enter into it, it is likely a scam and you should ignore it. In general, if it sounds too good to be true, it probably is and you should stick with your gut instinct. 

What to do if you responded to a scam:

• Block them: You will want to block email or caller, but make sure to note down their email and phone number. 
• Contact your bank: If you fall victim to a scam, you will want to contact your bank immediately and stop sending money if you’re connected to a direct deposit.
• Notify credit agencies: If your credit card information has been compromised, you will want to notify your credit card company and request a fraud alert. 
• Report spam: Click the Report SPAM button available in almost all web-based email services today. 

What is fraud?

Fraud is the more general term that scams fall under. While scams always relate to money loss, fraud includes many types of deception. In 2020, there were over 2.2 million incidents of fraud reported in the U.S. and 34% of those incidents resulted in the victim losing money. Here are some of the most common types of frauds you could encounter.

5 types of fraud 

• Advance fee or banking fraud: This is when an investor is asked to pay a fee upfront before a deal can go through. This fee can be framed in a variety of ways, but you should be aware of the possibility of never seeing that money again. 
• Mail fraud: Mail fraud is any type of fraud that occurs via postage mail. This can look like receiving a fraudulent letter or it can be having your mail stolen from you. 
• Counterfeit health and beauty products: Any product that makes major medical claims that are backed by fake testimonies and research or by nothing at all. Common beauty frauds are anti-aging or immediate weight loss products. Many of those products may even have dangerous ingredients in them. 
• Internet fraud: This is a very general term for any fraud that occurs via the internet. This can include phishing, data breaches, viruses and more. 
• Elder fraud: Any fraud targeted at an elderly person. Seniors are often a vulnerable population since they are often not as familiar with technology, tend to be more trusting and generally have more money to give away. 

How to recognize fraud

• Unexpected changes to your accounts: If you notice any unexpected changes to any of your private accounts or you see unfamiliar accounts on your credit report, you are likely a victim of fraud. 
• Bills or statements unexpectedly stop arriving by U.S. mail: If you are no longer receiving important bills or statements, contact the company immediately to find out why.
• Receiving credit cards without applying for them: Contact your credit card company if you receive a credit card you did not apply for. 
• Notifications about address, password or information changes that you did not make: You will likely need to change your passwords and contact the company where this information was changed from.
• Shady sellers or buyers: A common type of internet fraud is from online shopping so if a website seems suspicious, it is best not to buy from them. 

What to do if you responded to a fraud 

• Collect all pertinent information: You will want to know what personal information of yours has been compromised and what passwords you will need to change. 
• Report to the authorities: The majority of victims of fraud do not report the fraud to authorities. If you are worried your personal information, such as your Social Security number, has been compromised, you will need to report it and leave a paper trail. 
• Check your insurance coverage: You may be able to receive some sort of compensation for fraud, so make sure you call your credit card company and check your insurance coverage. 

How to protect yourself from phishing, scams and fraud 

• Protect your computer with security software: A great way to keep your computer safe from viruses is to install security software. Popular options include Bitdefender Antivirus Plus and Webroot SecureAnywhere for Mac. 
• Protect your accounts by using multi-factor authentication: A great way to ensure hackers do not access your private accounts is by using multi-factor authentication, such as Okta. 
• Don’t click on suspicious links: If you receive a phishy email that has a link, instead of clicking the link, Google the website it says it is taking you to yourself. You can also hover your mouse over the provided link to see if the URL it has hyperlinked is the website it claims it is going to take you to. 
• Call banks and major companies to confirm personal information rather than email: Contacting your bank or any other company to discuss an email you received is a much safer option than responding to a phishy email directly. 
• If using work-related technology, educate coworkers and staff: Immediately let your company know if you have accidentally fallen victim to fraud. Additionally, make sure your coworkers and staff are aware that you are being targeted for scams so they can be on the lookout for them as well. 
• Verify the security of a site: One way to check the security of a site is looking at the URL. If it says “https” instead of “http” it means the site has been secured using an SSL Certificate (S stands for secure). 
• Watch what you share on social media: Do not post photos on social media that reveal any personal information. Do not post your vaccination card, a driver’s license, credit card, etc. 
• Report suspicious activity immediately: Reporting suspicious activity will not only protect you but others who may be the future target of scams. 
• Consider using “incognito mode” for browsing: One extra precaution you can take to prevent having your activity and data tracked is by using incognito mode on your computer. This is not a fool-proof option but it will provide you with some additional security.  
• Consider using a VPN: A great way to prevent being sent phishing emails is to use a VPN. When on a private network, it is much harder for scammers to find you.  
• When picking your ISP, check out their available security measures: Many ISPs will offer free security features with some or all of their internet plans. Consider this factor when choosing your ISP. 

Reporting scams and internet safety protocols 

• Your state consumer protection office: Your state consumer protection office can help you if you have lost money or possessions due to a scam. You can find your state’s office here. 
• The Federal Trade Commission: The FTC is your best bet if you have fallen victim to identity theft. They will create an individualized recovery plan and help you fill out the required forms to manage your situation. 
• Internet Crime Complaint Center: If you would like to report an internet crime, the Internet Crime Complaint Center through the Federal Bureau of Investigation is the way to go. 
• Econsumer.gov: Econsumer.gov is a great resource for reporting international scams and learning more about how you can avoid scams in the future.
•  IRS: Contact the International Revenue Services (IRS) for any issues relating to tax fraud. 
• Anti-Phishing Working Group: To help stop the spread of phishing emails, you can report any fraudulent email you have received to the Anti-Phishing Working Group. 
• SCAM (7726); If you receive phishing messages over text, also known as Smishing, forward those messages to SCAM (7726) to help stop the spread. 

Allconnect: Let us compare providers for you

Why should you choose Allconnect? We’re the #1 broadband marketplace in the U.S, meaning you can trust us to search, compare and order internet and TV service for your home.

Get started

Written by:

Ari Howard

Associate Writer, Broadband & Wireless Content

Ari is an Associate Writer for the Allconnect team. She primarily writes about broadband news and studies, particularly relating to internet access, digital safety, broadband-related technology and the digital d… Read more

Edited by:

Robin Layton

Editor, Broadband Content

Read bio

What to read next

Read more

• Featured
  How hackable are the smart devices in your home? We reveal the most vulnerable rooms Lisa Iscrupe — 9 min read
• Featured
  Is public Wi-Fi safe? No, but it is necessary Lisa Iscrupe — 4 min read
• Featured
  10 questions you should ask before choosing an internet service Ari Howard — 7 min read

Latest

• Friday, March 17, 2023

  As utility costs rise, make sure you are only paying for the internet speed you really need

  Camryn Smith — 4 min read

• Wednesday, March 15, 2023

  Amazon shares a peek at satellite antennae for future Kuiper internet customers

  Robin Layton — 2 min read

• Wednesday, March 15, 2023

  Data report: How Americans use the internet

  Joe Supan — 3 min read