Most common online scams & how to avoid them


According to a recent study, for the first time ever, more attacks on computer systems and mobile devices are happening through email, social media and mobile apps than through malicious software. 

So to keep your information safe from criminals, here’s what you need to know about various online scamming tactics, plus a look at some of the most common scams and tips to avoid them!

Phishing is a way for criminals to carry out identity theft by using fake websites, emails and robocalls to try and steal your personal information — including passwords, banking info, Social Security number and other sensitive data.

Here are a few ways to avoid these types of scams:

  • When it comes to spotting potentially-dangerous websites, before you go to an unknown site, double-check the spelling of the web address/URL by first doing a search for it. The site could be a fake scam site, and in some cases, criminals have created fake sites by using common misspellings of popular websites.
  • If you receive an email claiming to be from your bank or other company that has your personal information, don’t click on any of the links. It could be a scam. Instead, log in to your account separately to check for any new notices. You can also call the company about the information sent via email. 
  • Don’t click on any links in an email you weren’t expecting. Do a search about whatever the sender claims to want or be offering you to make sure it’s legitimate. If you aren’t sure, do a search for the company and call them directly.

Most common online scams

Fake coupon scams

The old coupon scam is back and causing some serious trouble. 

Every year billions of fake coupons are posted online by criminals trying to trick you. And very often it works, because the coupons look real and the deals look great. The scammers will even use brands’ official logos, making it nearly impossible to tell that it’s fake if you don’t know what you’re looking for. But like so many other scams, if it seems too good to be true, it probably is.

Here’s how this scam often works: First, share the deal with all your friends. Second, ‘like’ the page associated with the ‘deal.’ And third, fill out a survey with various questions and enter your email address so they can ‘send you your coupons.’

But by clicking the link to redeem the deal or discount, you could be exposing yourself to identity theft or end up with malware on your computer. And if you share the ‘great deal’ with your friends, it could put them at risk, too.

Below are some recent fake coupons that went viral: 

  • Publix: A fake coupon for Publix claimed you could receive $100 off your grocery bill of $120 or more. 
  • Kroger: A phony $250 Kroger gift card giveaway that claimed if you shared the gift card you would be entered to win a $250 Kroger gift card.
  • Kohl’s: A 50% off coupon circulated around Thanksgiving saying if you shared the coupon you would receive 50% of your purchase. 

How to avoid it

Before you click on any offer you see on Facebook or any other social media platform, take these steps:

  • Check the retailer’s official Facebook page to see if the same coupon appears there. (An official page has a blue circle next to their brand name.)
  • Check the retailer’s website to see if they are offering the same deal. 

The Coupon Information Center, an industry group that fights coupon fraud, cautions consumers not to download Internet coupons from unknown sources, or sources you can’t confirm. On the group’s website, they give this advice: ‘If a friend e-mails you coupons, especially high-value or free product coupons, the coupons are most likely counterfeit.’ 

Facebook profile tracker scam

So many people would love to know who has been ‘Facebook stalking’ them (looking at their profile). And scammers know that offering this type of service is an easy way to get people to click on a malicious link.

But any time you see an offer like this, you can be sure it’s a scam — and in fact, it’s against Facebook’s policy.

According to Facebook, “If you come across an app that says it can show you who’s viewing your profile or posts, please report the app.”

How to avoid it

Never click on an offer that promises this type of service. If you do, it could expose your information to criminals or download malware onto your computer or other device.

Read more: Top 10 financial scams targeting seniors

Facebook friend request scam

Since social media sites began to increase in popularity, scammers have joined posing as other people, attempting to gain access to your personal or financial information. Now, criminals are posing as people’s friends and family members in order to gain their trust — and the crooks will even use your contacts’ actual Facebook profile picture to convince you.

This scam is happening not only to regular old people, but also to celebrities and anyone (or group) with a large following — even companies and non-profit organizations are at risk. That’s why if you ever see anything claiming to be someone you know or a company you’ve heard of (a request, offer or anything else), you need to check to make sure the page has a verified badge to be sure! 

More tips to spot & avoid this scam

If you get a request from someone you’re already friends with, that’s a big red flag! If it happens to you, here’s what you should do next:

  • Ask the person. If you’re already friends with someone on Facebook and you see a new profile friend-request you, ask the person if they created a new profile. If they did not, you’ll want to let them know about the fake profile so they can let their friends and contacts know that it isn’t them. 
  • Report the profile. Once you know for sure the profile is fake, delete the request and mark the user as spam. You’ll then need to complete several steps to let Facebook know what kind of scam this is, and if the person is pretending to be you or someone else. You can also report it by following these instructions.

Underhanded scammers will do anything to try to get a hold of your personal information — even going so far as to pose as people you already know. Be sure to always report it — and never accept a friend request posing as someone else! 


Closed account phishing scam

With this scam, you get an email that appears to be from a social media site — like Facebook, Twitter or Instagram — claiming that you need to reactivate your account, because it’s been closed or canceled. In order to get your account reinstated, the email will provide you a link to click on or an attachment to download. Don’t do it!

Providing your information could not only give criminals access to that one account, but it also give them enough info to hack your other online accounts as well. If you download the attachment, it would most likely install malware onto your computer. 

How to avoid it

If you think there could be a problem with your account, log in directly (NOT via the email) and contact the company’s customer support staff from there.

Fake package tracking scam

This is an ugly email scam that continues to resurface in different variations.

Any time you order something online, or something is being shipped to you, you typically get an email with the order confirmation and shipment tracking information.

Criminals have found a way to make almost identical replicas of these emails – appearing to be from various shipping sources – to trick people into clicking on a malicious link.

If you click on the link in the email, a virus is promptly loaded onto your computer, smartphone or other device. And then… nothing happens. You forget all about it while the virus sits there lurking in the background – capturing your every keystroke to get your username and password for sensitive financial and other accounts.

How to spot and avoid it

The takeaway here is simple: Do not click on any link in any email you were not expecting. If there’s a question and you think there’s a legitimate message or notification intended for you, go directly to the official website of whatever business it is and check for any notifications there.

Here are some common email subject lines being used by criminals to carry out this type of scam: 

  • ‘You have a New encrypted message from your bank’

  • ‘USPS is notifying you that your package is available for pickup’

  • ‘You have received your payroll invoice’

  • ‘Your FED TAX payment was rejected’

  • ‘Advisors Online Documents Activated’

  • ‘Transaction notification from your bank’

  • ‘Docusign To all Employees – Confidential Message’


CEO/Employer email scam

This email scam involves fraudsters pretending to be company CEOs or companies in general, and it has already put thousands of employees’ information at risk. According to the FBI, this type of scam has cost companies over $2 billion worldwide. 

Here’s how it works: Criminals pose as CEOs, higher ups in a company or just the company in general — and in the email they ask for sensitive personal information such your W-2. Some variations of the scam have even involved asking an employee to wire money to an overseas bank account. And the problem is, if you really thought your boss needed money, would you send it? A lot of people would.

Here’s an example email requesting W-2 information:

‘I want you to send me the list of W-2 copy of employees wage and tax statement for 2015, I need them in PDF file type, you can send it as an attachment. Kindly prepare the lists and email them to me asap.’

If the person receiving the email think it’s real, there goes a lot of employees’ personal information to criminals.

How to avoid it & want to do if you’re a victim

First, never send sensitive information via email unless you’ve confirmed that the request is legitimate and that you’re sending the information through a secure system.

If your company has notified you that it was the victim of the CEO scam and your information was compromised, you’ll definitely want to consider doing a credit freeze. This would protect your identity in the event one of the scamsters tried to steal your identity.

For Clark’s guide on credit freezing and thawing click here.

Bottom line

New types of malicious scams are successfully being carried out every day — via email, social media, text message, apps and games. Criminals are meeting people where they are comfortable — like on Facebook or in a text message — and tricking them into clicking on posts, notifications, alerts and links.

Bottom line: Never click on any link or download any attachment unless you are sure it’s from a trusted source. If there is any doubt, open a separate window in your browser and go directly to the website that sent you the link. If something feels suspicious, delete it immediately.