Online Scams

ByWalter Wimberly

While most people believe they won’t fall for an online scam, however many people do. An estimated $16.6 Billion was lost to online scams in 2024. https://www.cbsnews.com/news/online-scams-2024-statistics-fbi/

Let’s look at some of the most common scams you might run into.

Phishing and Social Engineering

You’ve probably heard the term phishing before. Maybe you even think you’d never fall for it. But phishing and other social engineering attacks are becoming more common, and more convincing, every day. They don’t rely on hacking your computer. They rely on something much easier to trick: you.

Phishing and certain online scams is becoming so common, they’re even becoming plot lines in tv shows and movies.

Let’s explore what phishing and social engineering are, how these scams work, and how to spot them before you click the wrong link or give away valuable information.

What Is Phishing?

Phishing is a type of scam where attackers pretend to be someone you trust. Think a bank, a delivery service, or even your school. They do this to trick you into sharing private information. The goal is to get things like:

  • Passwords
  • Credit card numbers
  • Social Security numbers
  • Login credentials for email, school, or work accounts

The scam usually comes in the form of an email, text message, or direct message with a sense of urgency. The attacker wants you to panic and act fast, before you have time to think. I’ve lost track of how many emails and text messages I’ve gotten like this. Most I’ve ignored, but there have been a few that I had to think twice about… and that’s with lots of years experience in doing this.

Unfortunately, many of these scams target people who might not have much computer experience. Think of people like your grandparents, or even your younger siblings.

Common Phishing Messages Might Say:

  • “Your account has been locked. Click here to verify your identity.”
  • “You’ve won a prize! Enter your information to claim it.”
  • “Your package couldn’t be delivered. Click this link to reschedule.”
  • “Urgent: You’re being charged $899 for antivirus software. Click here to cancel now!”

These messages often include fake links or attachments designed to steal your information or install malware on your device. Sometimes they will even link to a website that looks just like your bank, school, etc. to keep the illusion alive and try to get your login credentials, etc.

What Is Social Engineering?

Social engineering is a broader category that includes phishing but goes beyond it. It refers to any situation where someone manipulates human emotions, like fear, curiosity, urgency, or even the desire to help someone. They do this to get access to information or systems.

Social engineering might happen over the phone, in person, on social media, or even in a workplace setting. The attacker may pretend to be:

  • A tech support agent
  • A friend or coworker
  • A new student or customer
  • Someone from “corporate” or “headquarters”

The goal is the same: convince you to share something you normally wouldn’t. This time they do it, saying they’re locked out of an account, and need you to sign in for them with your credentials. They might tell you your password has been hacked and ask you to reset it with this special link, or something similar.

How These Attacks Work

Phishing and social engineering rely on psychological tricks, not just technology. Let’s break down some of the common techniques used:

Impersonation

The attacker pretends to be someone you trust. They may spoof an email address (like support@yourbank.com), or use logos and language that look official.

Urgency

Scammers want you to act fast. If you’re rushed, you’re less likely to think critically. Look out for words like “URGENT,” “IMMEDIATE,” or “LAST CHANCE.”

Fear or Greed

Fear-based scams say something bad will happen if you don’t respond. Greed-based scams offer rewards, prizes, or refunds—if you just click a link or provide a little information.

Authority

Some messages use the appearance of authority (like the IRS, the FBI, or your school’s IT department) to pressure you into action. You’re more likely to comply when you think someone official is asking.

Personalization

The scam may include your name, location, or a recent purchase to make it feel real. Attackers often get this information from public sources, data brokers, or previous data leaks.

Real-Life Examples

The Fake Password Reset

You get an email from what looks like your school’s help desk saying your account has been compromised. It includes a link to reset your password. But the link goes to a fake site that looks like your login page. When you type in your username and password, the attacker captures it instantly, and now they can access your real account.

I get these all the time for my personal site. I always laugh as I’m the site administrator, and I know I didn’t send it. However, in a large organization, especially one that makes you routinely change passwords, you might not think twice about it… but you should.

The “Friend in Trouble” Text

You get a text that says, “Hey, it’s Alex, I lost my phone and I’m using a new number. Can you send me $50 on Venmo so I can get home?” It looks urgent. But it’s not really Alex. It’s someone pretending to be your friend, hoping you won’t double-check.

This is becoming much more popular and can include even phone calls instead of text. Why? Well, first people share a lot of info online. So it’s easy to check your Instagram, or other social media account and get a list of your friends. Second, with all the information online, it’s easier to clone people’s voices using AI. https://www.cbsnews.com/news/elder-scams-family-safe-word/

How to Protect Yourself

The good news is that phishing and social engineering scams can be avoided if you stay alert and follow some basic safety habits.

1. Slow Down

If a message tries to rush you, that’s a red flag. Take a breath and think before clicking. Look at these other tips to stay safe.

2. Check the Sender

Hover over email addresses and links. Does the address look strange? Is the domain slightly off (like “@amaz0n.com”)? If something looks fishy, it probably is.

Unfortunately, this is easy to fake. So yes, it catches low level scammers, but you need to look further to make sure.

3. Don’t Click Unknown Links

If you get a strange message from a company, don’t click the link. Instead, go directly to the official website and log in there. If it’s legit, there will be a message waiting for you.

4. Use Two-Factor Authentication

Even if someone steals your password, 2FA can stop them from getting into your account. Set it up for your email, banking, school, and social media accounts. We talked about this in our Strong Passwords section.

5. Keep Personal Info Private

Don’t overshare on social media. Scammers can use your birthday, school, job title, or even pet names to guess security questions or create convincing messages. Sure it might be fun to get hundreds of birthday wishes from fans and followers… but is it worth it?

6. Don’t Respond to Suspicious Messages

Replying, even just to say “stop”, can confirm that your phone number or email is active. That can lead to more scams. Like a bully, just ignore them, and they’ll eventually go away.

7. Report It

If you receive a phishing email, report it to your school or organization’s IT department. Most email services also have a “Report phishing” button. I report something every few weeks it seems to our local it department, and they often send something out to everyone letting them know what is new and going around.

Practice Activity For Email Scams

Pick a recent email or message that seemed a little off. Look closely:

  • Who sent it?
  • Was there urgency or fear involved?
  • Were there links or attachments?
  • Did it ask for personal info?

Now imagine how a scammer might make it more convincing. What would you do differently next time?

Fake Websites and Online Shopping Scams: Too Good to Be True?

Another very common online scam is the fake shopping site. Imagine you’re scrolling through your favorite app and see an ad for sneakers – just $39, shipping included. Or maybe it’s a “limited-time” sale on a brand-name laptop that normally costs hundreds more. You click the link, place the order, and… nothing arrives. Or worse, your credit card is charged again and again.

Welcome to the world of fake websites and online shopping scams. These scams trick people into visiting fake stores, entering payment info, or downloading malware. They’re common, they’re sneaky, and they’re especially dangerous to people who shop online often, like students.

Let’s break down how these scams work, what red flags to watch for, and how to shop smarter online.

What Are Fake Websites?

Fake websites are designed to look like legitimate ones. Some imitate real brands like Amazon, Apple, or Target. Others pretend to be smaller stores offering huge discounts. The goal is almost always the same: get your personal or financial information.

Fake websites might:

  • Steal your credit card number
  • Capture your login credentials (remember lots of people use the same password for all their accounts – but you know better)
  • Trick you into downloading malware
  • Sell you cheap knockoffs or nothing at all

These websites can appear in:

  • Search engine results
  • Sponsored ads on social media
  • Text messages or phishing emails
  • QR codes posted in public places

You might ask, why would they go through the hassle of setting up sponsored ads, or sending emails. It’s because, just like with a legitimate buyer, they know you’re going to see it, and they will get a certain number of people to buy.

How to Spot a Fake Website

Spotting a fake site isn’t always easy, they’re getting better at looking “real.” But there are still common warning signs. Let’s look at five common issues. Don’t assume that if they pass one, it’s all good. Use this as a baseline to check, and recheck. Scammers are getting better, and fixing many of their previous mistakes, so you need to be vigilant.

1. The URL Looks Off

One of the easiest ways to spot a fake site is to look closely at the web address (URL). Scammers often use addresses that look correct at a glance but include small differences, like:

  • Extra characters: amaz0n.com or target-deals.com
  • Wrong domain endings: .co, .info, or .net instead of .com
  • Misspelled brand names: nkie.com or addidas.us
  • The name you’re looking for is first, and then there is more characters: apple.com.scamersite.info

Always double-check the spelling of the site and whether it uses the https:// prefix (which means it uses a secure connection). But don’t rely on that alone, scammers can still get “secure” certificates for fake sites.

2. Too-Good-To-Be-True Prices

My mom always taught me, “If something is too good to be true, it probably isn’t true.” If a product normally costs $120 and it’s being sold for $18, something is wrong. While some sites run real flash sales, consistent deep discounts, especially for high-demand items like electronics or shoes are a major red flag.

Scammers know how to lure you in with a great deal. But if it sounds too good to be true, it probably is. Just like with Phishing schemes, they may use a sense of urgency to try to get you to act now, and think… never.

3. No Contact Info or Policies

Legit websites usually have:

  • A clear About page
  • A Return Policy
  • Shipping and Privacy details
  • A working Contact Us form or customer service number

Fake websites often leave this information out—or it’s copied and pasted from somewhere else. If you can’t find any way to contact the company, don’t trust them with your payment information.

4. Poor Design or Grammar

A site that’s full of spelling mistakes, awkward grammar, blurry images, or inconsistent fonts may be a scam. Scammers sometimes rush to launch fake pages quickly and don’t care about quality.

That said, some fake sites do look professional, so don’t base your trust on looks alone. Also, some of the auto-translation tools they may use (lots of these scams start overseas out of the reach of the US Authorities) are getting better and sounding more natural, so use this as just one arrow in your quiver to identify a fake site.

5. Unusual Payment Methods

Watch out if a site:

  • Only accepts payment via gift cards, Venmo, Cash App, or crypto
  • Redirects you to a sketchy third-party checkout site
  • Charges your card multiple times

Legitimate businesses use trusted payment processors like PayPal, Stripe, or major credit card gateways. Scammers often avoid these because they can be traced or reversed.

Online Shopping Scam Examples

Fake Storefronts

A site offers cheap clothing, accessories, or gadgets. You order, pay, and… nothing arrives. These sites often disappear in a few weeks and pop up again under a new name.

Brand Imitation

You get a text that says, “Your Nike order is ready! Track it here: nike-shop-now.co.” You click the link and land on a convincing site. But when you enter your info, it gets sent to scammers.

Dropshipping Scams

Some scam sites actually send you something, usually a cheap or completely different product. These operations run on volume and take advantage of people who don’t follow up or can’t get refunds.

How to Protect Yourself

Stick to Trusted Retailers

If you’re buying something important, stick with stores you know, especially for electronics, clothing, or anything expensive. If you’re unfamiliar with a site, do a little research.

I recently bought a portable monitor for my laptop. I found an interesting one, which I wanted, but it wasn’t available on any of the normal sites like Amazon, Best Buy, etc. In fact, they showed ads online, but never linked to it. When someone would ask, the seller would send them a DM… why not share the link with everyone? I skipped that one, and got another which I could get from a reputable site.

Look for Reviews

Search the store name plus the word “scam” or “reviews.” Look for:

  • Customer experiences
  • Photos of received products (or lack of them)
  • Complaints on Reddit, Trustpilot, or Better Business Bureau

Using this technique I recently avoided purchasing something that many people said it was nearly impossible to get your money back, despite a “money back guarantee”.

3. Use a Credit Card or PayPal

Credit cards offer better fraud protection than debit cards or direct payments. PayPal also gives you a dispute process if the seller turns out to be fake.

Avoid using Zelle, Venmo, or Cash App for purchases from strangers or unknown sites. These services are harder to reverse the charge.

4. Use Google Reverse Image Search

If product images look too polished or familiar, try doing a reverse image search. If that same image shows up on dozens of sites, it might be stolen from a legitimate store.

5. Don’t Click Suspicious Links

If you get a promo link in an email or message, go to the brand’s official website directly instead of clicking. If there’s really a sale, it’ll be advertised there too. Scammers like to use phrases like “A special deal just for our best customers” or “not available anywhere else” or sometime similar.

They use the same techniques as the phishing scams, and now that you know how to avoid them, you can avoid most of shopping scams as well.

Bonus Tip: Use a Virtual Card

Some banks or card services offer virtual cards—temporary credit card numbers you can use online. These keep your real card info private and reduce the risk if something goes wrong.

What to Do If You’re Scammed

First off – don’t freak out. That doesn’t mean don’t do anything though. You aren’t the first person this has happened to, and you won’t be the last. There are some steps you can take to minimz

  • Contact your bank or card issuer immediately to stop the charge or dispute it.
  • Change any passwords you used on the fake site.
  • Report the site to your browser (Chrome, Firefox, etc.) and to the FTC at reportfraud.ftc.gov.
  • Warn others: your friends, classmates, or on review sites. You might help someone else avoid the same trap.

Final Thoughts

Fake websites and shopping scams are built to trick you into acting fast, before you notice the warning signs. But you can outsmart them by slowing down, doing a little research, and trusting your instincts.

If something feels off, don’t click. Check the site. Ask someone. Wait a few minutes. The best deal is the one where you don’t lose your money—or your personal info.

Imposter Scams and Tech Support Scams – A Friendly Voice Hiding a Devious Scheme

You get a call from someone claiming to be “Microsoft Support.” They say there’s a virus on your computer and they need remote access to fix it. Or maybe you see a pop-up while browsing that says “Your computer is infected—call this number immediately!”

Whether it’s a fake tech support rep, a fake IRS agent, or even someone pretending to be your boss, these kinds of scams all have one thing in common: they impersonate someone you trust to get your money or access to your device.

These are called imposter scams, and they’re growing fast. Let’s look at how they work, what red flags to watch for, and how to stay safe when someone tries to fool you with a voice, email, or pop-up that sounds official.

What Is an Imposter Scam?

An imposter scam happens when a scammer pretends to be someone they’re not. This is usually a person or organization you’re likely to trust (government agency like the FBI or IRS, your work, or even your bank). They use fear, urgency, or confusion to pressure you into taking quick action, like:

  • Paying a fake fee or fine
  • Giving them access to your computer
  • Sharing passwords or account numbers

Common impersonation targets include:

  • Tech support (Microsoft, Apple, “Windows Security”)
  • Government agencies (IRS, Social Security)
  • Banks or credit card companies
  • Delivery services (UPS, FedEx)
  • Employers, professors, or school officials

The scam might come by phone, email, text, or a browser pop-up. In some cases, it even sounds or looks legitimate, using spoofed phone numbers or official-looking logos.

Right now a very popular scam is the “unpaid toll scam”. I’ve gotten a half dozen of these in just a few weeks telling me about unpaid tolls that will lead to a revoking of my drivers license, jail, points on my license, etc, if I don’t take care of it right away.

How many of the scam techniques did you count in that message?

What Are Tech Support Scams?

Tech support scams are a specific type of imposter scam that targets your computer or phone.

They often start with:

  • A pop-up saying your device is infected
  • A phone call claiming to be from Apple or Microsoft
  • A website redirect to a fake support page

The scammer then convinces you to:

  • Download remote access software (so they can “fix” it)
  • Buy unnecessary antivirus software
  • Pay for fake support plans or repair services
  • Give them your login credentials or payment info

Once they have remote access, they can:

  • Steal your files or personal information
  • Install malware or spyware
  • Lock your computer and demand a ransom
  • Pretend to “fix” the issue while secretly stealing data

Real-Life Example: “Hi, This Is Microsoft…”

“Jordan”, a first-year college student, was studying when a pop-up appeared on her laptop. It said her computer was infected and gave a toll-free number for “Microsoft Support.” She called, and the person on the line sounded professional. They asked her to install software to “scan” her device.

Within minutes, they had full access to her computer. They said the problem was serious and demanded a $300 payment to remove the virus. Jordan paid, but the scammer, unbeknownst to Jordan, stayed connected to her computer in the background, collecting passwords and monitoring her activity until she eventually noticed something was wrong.

Of course, it doesn’t have to come from “Microsoft.” I’ve gotten phone calls, and emails from “Apple”, my “work”, “Amazon”, and more.

Red Flags of Imposter and Tech Support Scams

While these scams can feel convincing, there are always clues if you know what to look for.

1. Unexpected Contact

Real tech support doesn’t call you out of the blue. Neither do government agencies or banks. If you didn’t ask for help, be suspicious.

2. Urgency or Fear

Scammers want you to panic so you won’t think clearly. Phrases like:

  • “Your computer is about to crash”
  • “You’ll be arrested if you don’t act now”
  • “You have 10 minutes to respond”

These are scare tactics. Don’t fall for them.

3. Requests for Payment or Gift Cards

No legitimate company asks for payment in the form of gift cards, crypto, or wire transfers. If someone does, it’s a scam.

4. Remote Access Demands

You should never give remote access to someone you don’t know and trust, especially not someone who contacts you unexpectedly. If you do, it should be because you requested help from your IT department first.

5. Spoofed Phone Numbers or URLs

Scammers can make their phone number look like it’s from a real business, or their email address look like it’s official. Always verify separately before taking action.

How to Protect Yourself

Hang Up or Close the Tab

If you get an unexpected call or pop-up, don’t engage. Close the window or hang up the phone. If you’re not sure, look up the official company number yourself and call them directly.

Over the years I’ve had “fun” playing with some of these characters. I’ve told the “FBI” to “come and get me… you’ll never catch me copper,” in my best ’20s and ’30s mob movie voice. I’ve messed with “Microsoft Helpdesk” more than once acting like a fool, not doing anything really saying I couldn’t figure anything out because my grandson usually does all this “computer stuff.” Of course I don’t have any grandchildren, but it’s just fun and games.

However, the best option is to just hang up/ignore. It’s faster and safer, which is the important things.

Never Give Remote Access to Strangers

If someone asks you to install software like TeamViewer, AnyDesk, or LogMeIn and you didn’t request support, say no. Real tech support won’t pressure you to give access.

Use Trusted Antivirus Software

Install antivirus software from reputable companies and keep it updated. But don’t rely on pop-up ads or “free scans” from random websites. Those are almost always fake.

Be Cautious with Emails or Messages from Authority Figures

If you get a strange message from a boss, teacher, or family member asking for money or gift cards, double-check. Contact them directly using a known phone number or email.

Know the Real Policies

  • Microsoft and Apple will never send pop-ups that ask you to call a number.
  • The IRS and Social Security never demand payment by phone or threaten immediate arrest.
  • Real banks won’t text you asking for login details.

Knowing these facts can help you spot scams right away.

What to Do If You’re Targeted

If you think you’ve interacted with a scammer, here’s what to do:

  • Disconnect immediately. If they had remote access, unplug your device from the internet.
  • Scan your device using antivirus software.
  • Change your passwords, especially for email, banking, and school accounts.
  • Contact your bank if you shared payment info.
  • Report the scam to the FTC at reportfraud.ftc.gov.

Final Thoughts

Imposter and tech support scams work because they feel real. The person on the phone sounds professional. The pop-up looks like something your computer would display. The sense of urgency makes you feel like you have to act now.

But you always have time to stop and think.

  • Trust your instincts.
  • Don’t let fear or pressure control your decision.
  • And when in doubt – verify!

Being aware of these tactics is your best defense. As you move into your career and college life, staying smart about how you respond to messages, pop-ups, and calls could save you time, money, and peace of mind.

Online Scams was originally found on Access 2 Learn

Assistant Professor

Walter Wimberly is an Assistant Professor at a regional college in Tennessee, teaching Computer Science in the Software Engineering track. He works as a student advisor, oversees curriculum changes, develops new courses, and manages the advisory panel.
Walter taught full time for about 7 years, before going back into “industry” as a full stack Software Developer for a dozen years. There he focused on web based projects coding in JavaScript/jQuery and utilizing the Bootstrap CSS Framework on the front-end, and coding in PHP, ASP/ASP.Net, SQL on the back-end.

Since he loves teaching, he taught as an adjunct web and digital media classes for eight (8) years, while working in industry, and has since returned to teaching full time.

He has been married for over 25 years, and is father to several special needs boys. As such, he is working on some projects to help others who have special needs to be self-sufficient, and support the care givers of those with special needs. Check out his Autism blog for more info.

Similar Posts

3 Comments

  1. Pingback: Strong Passwords: Your First Line of Defense - Access 2 Learn
  2. Pingback: Antivirus Software: What It Is, Isn’t, and Why It Still Matters - Access 2 Learn
  3. Pingback: Understanding the Inbox - Access 2 Learn

Comments are closed.