The Most Common Online Scam Methods


The most frequent online scamming method that targets many people at once is phishing via email. To appear to be a trustworthy company that people may believe it’s legit, criminals create a fictitious domain. The name of the organization generally has very small variations that are only apparent after careful reading. The sender’s complete email address, the correct spelling of the organization’s name, adherence to spelling conventions, and a professional tone (which never should include invoking a sense of urgency or making threats like “if you don’t do A, disaster B will be brought upon you”) are all relied upon by recipients.

Spear Phishing

Assume that in typical phishing, the “fisherman” sets out his nets to draw in more fish—more specifically, more targets. In spear phishing, the attacker targets a single recipient of the email who has been thoroughly investigated using so-called social engineering. To generate a personalized email specifically for the victim, cybercriminals gather personal and professional information (name, job title, employer, email address, marital status, etc.). Nowadays, this is a fairly simple task because such information is readily available on both company websites and social media platforms. We become more susceptible to spear phishing attempts, which have become significantly more successful than earlier ones, the more information we make publicly available.

SMS Phishing

Criminals employ popular chat applications as well as conventional SMS to send text messages that look just like the official messages we are used to getting from reputable sources (banks, tax or health authorities, online retailers, etc.). This practice is known as SMS phishing. They frequently contain images or links that open phony websites with blank areas for entering private information.


Voice phishing (vishing) could be the next step in the cybercriminals’ evil plan. They have already obtained confidential information from their victim through emails, fake sites, or other means. However, this information proved insufficient to achieve their goal – usually to get the victim’s money. Thanks to the two-factor authentication, they need an SMS token or code to confirm the transaction they are trying to make with the victim’s payment card. That’s why they call on the phone, posing as an authorized person who should get the missing data from you.

The examples are numerous. Remember, cybercriminals can combine different tricks to get to you. A phishing attack does not exclude a phone call. Be on the lookout for various combinations of means of connection. The main goal of these people is to get to your money – sometimes directly, and other times by stealing financial information or through one more step before stealing information – gaining your trust.

Computers, tablets, and phones are not compromised by cybercriminals. They use social engineering tactics to hack people and attempt to gain access to their minds. Your family, your profession, or even your internet shopping habits might all be used against you if they get into the wrong hands. It is up to you to decide whether you will fall victim to the psychological trickery intended to elicit particular negative responses from you.

Fraud is a socio-psychological problem rather than a technological one. Even if you came up with the strongest password ever, it will be useless if someone manages to fool you into disclosing it.

How to keep your data safe

– Even if someone claims to be our representative (they are not! ), do not divulge any authorization codes you may have gotten by push message or another method to anyone.

– Do not trust telephone operators who ask you to share sensitive information – password and username, temporary access password, card number, PIN code, CVV/CVC security code (written on the back of the card), etc., even if they claim to be our employees (they are not!).

– Always use virtual cards when shopping online. Freeze (block) them after every payment.

– Be cautious if an SMS from an unknown sender impersonates a card organization and asks you to take action, especially if the message includes a URL or phone number. Avoid clicking on such numbers and websites.

Photo by Towfiqu barbhuiya on Unsplash

Main Form