14 online scams to be aware of—phishing, scam calls and more

Fake Wi-Fi hotspot scam

How it works: You sit in an airport or a coffee shop, and you log into the local Wi-Fi. It can be free, or it can look like a paid service like Boingo Wireless. You connect, and everything looks good.

What’s really going on: The website looks legitimate, but it’s actually an online scam run by a criminal from a laptop. He is most likely sitting very close to you, and you have no idea that he is mining your computer for banking, credit card and other password information. If it’s a fake payment site, he also gets your credit card information, which he will then sell to other scammers.

The big picture: Fake Wi-Fi hotspots are popping up everywhere, and it can be hard to tell them apart from the real thing. “It’s profitable and easy to do,” says Brian Yoder, a cybersecurity consultant. “Criminals duplicate the legitimate website of a Wi-Fi provider like Verizon or AT&T and modify it so that it sends your information to their laptop.”

Avoidance Maneuver: Make sure you are not set to automatically connect to non-preferred networks. For PCs, go to the Network and Sharing Center in Control Panel. Click the link for the Wi-Fi network you are currently using. A box with a “General” tab should appear. Click on “Wireless Properties.” Next, uncheck the box next to “Connect automatically when this network is in range,” and click OK to activate. For Macs, click the Wi-Fi button in the upper right, click “Open Network Preferences” and check “Ask to join new networks” and “Restrict IP address tracking.”

Before you travel, it’s also a good idea to purchase a $20 Visa or MasterCard gift card so you can purchase airport Wi-Fi access without giving out your credit or debit card information. You can also set up an advance account with suppliers at airports you will be visiting. If your cellular plan allows it, set up your own personal hotspot.

Also – and this is incredibly important – don’t do any banking or online shopping from public hotspots unless you’re sure the network is secure. Look for “https” in the URL, or look to the left of the URL in your browser for a small padlock icon. Finally, always be on the lookout for these red flags that someone has hacked your computer.

False Contest Scam

How it works: You get a direct message or a comment on a social media post announcing a contest for a free iPad, a trip to Hawaii, or some other expensive prize. The message says, “Just click the link to learn more.” The scammer will tell you that in order to claim your winnings, you have to pay a small fee that they call “taxes”, “shipping and handling charges” or “processing fees”.

What’s really going on: This online scam mostly happens on Twitter, but it can happen on any social media or networking site and even via email or text. This sometimes happens over the phone, and if it does, the caller will ask for your email so they can send a link and you can claim your prize. The link takes your fee for the “prize”, steals your credit card information and also downloads a “bot”, which will allow the hacker to send spam emails from your account.

The big picture: Scammers use URL shortening services that allow them to create links that look kind of legit. When users can’t see the actual URL, it’s easy for bad guys to post malicious links. “Once you click the link, you become vulnerable to phishing or malware being distributed to your device,” says Glassberg.

(Learn more about the new form of phishing, quishing which is designed to bypass spam filters.)

They also take advantage of your desire to strike it rich. While the thought of life-changing sweepstakes might be irresistible, you should never wire money, send cash, or pay with gift cards or cryptocurrency to claim your prize. “Don’t do it,” warns the FTC. “Scammers use these payments because it is difficult to trace who the money went to. And it’s almost impossible to get your money back.”

Avoidance Maneuver: It’s best not to click on links from strangers, but if your curiosity gets the best of you, do some research first. If you are contacted through social media, check their profile. You can also Google the person or company’s name and phone number to see what comes up. If you see the word scam in any of the search results, that’s all you need to know.

Scareware scam

How it works: A window appears over a legitimate-sounding antivirus software such as “Antivirus XP 2022” or “SecurityTool” and says that your machine is infected with a dangerous bug. You are prompted to click on a link that will run a scan. Of course, the scan finds a virus — and for a fee, usually around $50, the company promises to clean your computer.

What’s really going on: When you click the link, the bogus company installs malware on your computer. No surprise – there will be no cleaning. But the thieves have your credit card number, you’re out of money and your computer has been left on life support.

The big picture: “Scareware” affects more than a million users daily, according to Dave Marcus, director of security and research for McAfee Labs, a maker of antivirus software. “It’s a very clever trick,” he says, “because people have been told to beware of computer viruses for the last 20 years.”

Avoidance maneuver: If you get a pop-up virus warning, close the window without clicking any links, then run a full system scan with legitimate antivirus software. We recommend Norton or McAfee. It’s best to stick to name brands for this as the downgrade is likely to infect your device. The legitimate companies will use clear, calm language, while the scam sites always sound five alarms. Until then, Norton says to watch out for pop-ups that use a lot of exclamation points, tell you to act fast and are hard to shut down. This type of urgency is common, FYI, with other online scams, including some gift card scams.