Imagine a lonely person who’s looking for romantic companionship, so they turn to the internet. Picture someone who’s terribly anxious for news about an online payment that will ease their paycheck-to-paycheck existence. Or perhaps you’ve known an individual with such limited technical skills and financial resources, they’re always browsing for the cheapest IT provider possible.
These are people who easily merit our empathy. We understand their situations and how they must be feeling. But when bad actors leverage that understanding to find scam victims, empathy can be a force of evil.
The victims of online scams each possess unique characteristics. And in the eyes of bad actors, they’re vulnerabilities much like the outdated components of a website. Understanding those characteristics lets bad actors tailor online scams for certain types of individuals, much like an attack targeting a specific website configuration.
Who are the scam victims?
Once you dig into formal research about scam victims, characters emerge with real-life traits. For example, the academic paper Do You Love Me? Psychological Characteristics of Romance Scam Victims by Monica T. Whitty, PhD looks at the types of people drawn into scams where bad actors pose as romantic partners online.
The findings show victims of romance scams tend to be middle-aged women. Other characteristics include a greater sense of urgency and an “addiction-disposition” where victims need the emotional response from a scammy experience.
Any marketer will tell you that kind of information about a target audience is a huge head start. Except in this case, the desired result isn’t a conversion but a lovestruck individual sending money to someone they’ve never met in real life.
How to tell if someone is scamming you online
There aren’t hard-and-fast rules for uncovering an online scam, but there are a few common characteristics to look out for in communications like emails and phone calls. For example, when we examine phishing campaigns (one of the most common online scams), here’s what we usually see:
- Questionable authenticity — It’s easy to spoof an official-looking message by setting up an account with a free provider. Messages from senders like firstname.lastname@example.org should always be marked as spam. Similarly, slightly off email addresses such as email@example.com are likely part of a scam.
- Sense of urgency — The less time you spend asking yourself if something is legit, the greater that chance of an online scam’s success. That’s why scammers push you into a quick decision with statements like an offer won’t last long or something bad will happen soon.
- Odd composition — When you read a message or listen to a caller, think about how people you know usually communicate. An abundance of typos, errors, misused phrases, or even an odd tone can be indicators the other person isn’t who they claim to be.
While these characteristics are specific to phishing scams, you can still apply the same level of wariness and common sense to other types of communication.
Other common online scams
When we find ourselves inclined to follow our desires instead of our instincts, it’s usually time to evaluate whether we’re getting pulled into a scam. But online scams are getting so common, the U.S. Federal Trade Commission is now issuing alerts about the various types.
Here are six emerging online scams you’re likely to see today:
- Panic exploitation — During episodes of mass panic like the COVID-19 pandemic, people are relying on survival instincts more than common sense. That makes them easier targets, as victims are less likely to notice signs they’re getting scammed.
- Employment offers — You get a call from a recruiter. They love your resume and want you for a lucrative new position. But first, they just need a pay stub to verify previous employers, or a fee for required certification. Don’t go for it.
- Romance scams — As we touched on, these heartbreaking scams involve bad actors wooing people online, often in great detail. The scammer usually poses as someone who can’t easily meet offline (e.g. a worker on a remote oil rig), but eventually asks for help in the form of cash.
- Fake tech support — Many of us are completely reliant on our computers, but helpless when it comes to fixing them. That’s why so many scammers now pose as IT providers, who look legit when they request remote access to your machine. But consider all the data stored on your computer falling into the hands of bad actors.
- Mystery shopping — Who wouldn’t love to get paid to shop? Mystery shopping gigs can be a nice side hustle, until you get asked to pay for certification or wire money to verify an account. Those are definite signs of a mystery shopping scam.
- Crowdfunding hoaxes — What could be more perfect than soliciting donations for a product or cause that will never emerge in the real world? Before digging deep and adding your name to a crowdfunding campaign, do a little research and trust your common sense. There isn’t much preventing these bad actors from simply walking away with your money.
What to do if you’ve been scammed online
We all have our emotional triggers, and bad actors know that. Even the smartest people can get dragged deeper and deeper into a scam. Once it happens, it’s key to act quickly. The measures you should take depend on the scam, but here are three things you should always do:
- Update your data — Evaluate the information you just handed over, like passwords or payment details. Make sure to update this data as quickly as you can, to keep scammers from helping themselves again.
- Contact the authorities — Many financial institutions will protect you from fraud, so start with them. File reports with the appropriate law enforcement and government agencies. (In the U.S., those are the FTC, your state attorney general, and local consumer protection agency.)
- Spread the word — Get the word out on social media. If the scam was crowdfunded, leave comments and contact the platform administrators. The goal here is limiting the reach of scammers, so other innocent people don’t become victims of online scams.
In online scams, bad actors attack people in the same way hackers go after websites, locating and exploiting vulnerabilities. It’s scary, to be sure, but it highlights the value of adopting a security-oriented mindset that does so much to protect an online presence.