When it comes to protecting yourself from online scams, education is your best defense. Here’s what you need to know to stay safe.
14 Online Scams You Need to Be Aware of—and How to Avoid Them
Updated on Apr. 14, 2025
Free trial scam
How it works: You see an internet offer for a free one-month trial of some amazing product—a weight-loss program, teeth whitener or some other thing offering incredible results in record time. All you pay is $5.95 for shipping and handling … or so you think.
What’s really going on: Buried in the fine print, often in a color that washes into the background, are terms obligating you to pay a monthly fee—forever. Canceling these subscriptions can be a beast, and take months.
The big picture: “These guys are really shrewd,” says Christine Durst, an internet fraud expert who has consulted for the FBI and the FTC. “They know that most people don’t read all the fine print before clicking on ‘I agree,’ and even people who glance at it just look for numbers.” So, companies might write numbers in words, with no dollar signs. “Anything that has to do with money or a time frame gets washed into the text,” she says.
Avoidance maneuver: To avoid this subscription scam, read the fine print on offers, and don’t believe every testimonial. Check images by doing a reverse image search, or by going to websites that scour the internet for identical images, such as TinEye.com. If that woman with perfect teeth shows up everywhere promoting different products, her testimonial is probably fictitious.
If you do get sucked in, reputable companies will allow you to cancel your mistake. If you can’t get out of a contract, cancel your card and negotiate a refund with the company. If that doesn’t work, appeal to your credit card company.
Fake Wi-Fi hotspot scam
How it works: You’re sitting in an airport or a coffee shop, and you log into the local Wi-Fi. It could be free, or it could resemble a pay service like Boingo Wireless. You connect, and everything seems fine.
What’s really going on: The site looks legitimate, but it’s actually an online scam run by a criminal from a laptop. He’s likely sitting very close to you, and you have no idea he’s mining your computer for banking, credit card and password information. If it’s a fake pay site, he also gets your credit card info, which he’ll then sell to other crooks.
The big picture: Fake Wi-Fi hot spots are cropping up everywhere, and it can be difficult to tell them from the real thing. “Sometimes cybercriminals are targeting your financial information, but not all crime schemes are limited to credit card numbers,” Eaton says. “Your personal identity can also be a tempting target.” Even your children can have their identity stolen, she adds, so “you always need to stay on your toes.”
Avoidance maneuver: Make sure you’re not set up to connect automatically to non-preferred networks. This setting can be disabled under your device’s network settings or preferences.
Before traveling, buy a $20 Visa or MasterCard gift card so you can purchase airport Wi-Fi access without broadcasting your credit or debit card information to everyone in the airport or train station. You can also set up an advance account with providers at airports you’ll be visiting. If your cellular plan allows it, set up your own personal hotspot.
Also, don’t do any banking or online shopping from public hotspots unless you’re certain the network is secure. Look for “https” in the URL, or check to the left of the URL in your browser for a small padlock icon. Finally, always be on the lookout for red flags that someone has hacked your computer.
Bogus contest scam
How it works: You get a direct message or see a comment on a social media post announcing a contest for a free iPad, a trip to Hawaii or some other expensive prize. The message prompts you to click on a link to learn more, and all you have to do to claim your winnings is pay a small fee for taxes, shipping and handling or processing fees.
What’s really going on: “Once you click on the link, you become vulnerable to phishing,” says Jason Glassberg, co-founder of cybersecurity company Casaba Security. When you enter your credit card info to pay for this great deal, the scammer steals your information and downloads a bot, or automated software program, that lets the hacker send spam emails from your account to ensnare others in the scam.
This online scam is common on social media, but you might also get a bogus contest message in an email or text. Sometimes, scammers even use the phone. In that case, they’ll ask for your email to send you a link for your “prize.”
The big picture: Scammers are taking advantage of URL-shortening services that allow them to create links that look sort of legitimate. When users can’t see the actual URL, it’s easy for bad guys to post malicious links. Your spam filter may be no help: Quishing is a new form of phishing, designed to bypass spam filters.
Avoidance maneuver: Don’t click links from strangers. If your curiosity gets the best of you, do a little research first. If you’re contacted through social media, check out their profile. You can also Google the person, company name or phone number to see what comes up. If you see the word scam in any of the search results, that’s all you need to know.
Scareware scam
How it works: A window pops up about a legitimate-sounding antivirus software program like “Antivirus XP 2025” or “SecurityTool” and says that your machine has been infected with a dangerous bug. You’re prompted to click on a link that will run a scan. Of course, the scan finds a virus—and for a fee, the company promises to clean up your computer.
What’s really going on: When you click on the link, the sham company installs malware on your computer. No surprise—there will be no cleanup. But the thieves have your credit card number, you’re out the money, your computer is left on life support and there’s no telling what other sensitive information the scammers might have stolen.
The big picture: About a million people fall victim to scareware scams every single day, according to studies cited by Weber State University. Shocking? Yes, but even worse, that number hasn’t changed since 2015! Things aren’t getting better, either. In 2024, the Federal Trade Commission charged two overseas security firms with bilking people out of tens of millions of dollars. The companies settled for $26 million, giving you an idea of how lucrative these scams are.
Avoidance maneuver: If you get a pop-up virus warning, close the window without clicking on any links, then run a full-system scan using legitimate antivirus software like Norton or McAfee. Urgency is common in online scams, and is always a red flag, so if you see lots of exclamation points or windows that are hard to close, you know it’s scareware. Legitimate companies will use clear, calm language, while scam sites are always sounding five alarms.
Smishing scam
How it works: You receive a text from your bank or credit card issuer saying there’s been a problem and you need to call right away with some account information. They might tell you your account has been compromised and you need to act fast so you don’t lose everything.
What’s really going on: The “bank” is a scammer who hopes you’ll reveal your account information. If you do, you’re actually surrendering your credit card information to black-hat marketers who will ring up phony charges or sell your information to other scammers.
The big picture: Welcome to smishing, which stands for SMS phishing, the text-message version of the email scam. “Cell phone numbers are easy to track down on the dark web, and smishing messages are much easier to craft and deliver than phishing emails,” Glassberg says. “They are significantly shorter, they don’t require any formatting and the attacker doesn’t have to worry about bypassing spam filters and antivirus protections.” Because many banks and businesses offer text-message notifications, this scam has the air of legitimacy.
Avoidance maneuver: Do not click on the link. Contact your bank directly via a phone number you know (such as on the back of your card). “But be careful not to misdial the telephone number of your bank,” warns Steven J.J. Weisman, an attorney who specializes in scams, identity theft and cybersecurity. “Some scammers purchase phone numbers similar to those of legitimate banks and credit card companies, hoping that they will receive calls from unwary consumers who may have merely misdialed the telephone number of their bank or credit card company.”
Charity scam
How it works: You get an email or social media DM with an image of a malnourished orphan from a developing nation. “Please give what you can today,” goes the charity’s plea, followed by a request for cash. To speed relief efforts, the email recommends sending a Western Union wire transfer as well as detailed personal information, such as your address, Social Security number and checking account info. “They may use catfishing tactics, fake deals and special offers, spoof businesses or hijack real accounts through which they spread malicious links,” Glassberg says. It’s for the children!
What’s really going on: The charity is a scam designed to harvest your cash and banking information. Nothing goes toward helping those in need—every penny you send goes to the scammer. Even worse, the scammer now has access to all your personal information, and if you don’t act quickly, they’ll drain your bank accounts, rack up charges on your credit cards and possibly steal your identity.
The big picture: Hackers often create fake personal, business and charity accounts on social media to lure their victims. “Phishing attacks are very common on these platforms, because people are less vigilant” with social media messaging, Glassberg says. “Plus, the platforms aren’t filtering spam or monitoring for malicious links.”
Avoidance maneuver: Donate to real charities on their own websites instead of clicking on links in email solicitations. Also be aware that genuine aid organizations will accept donations by credit card or check, and they won’t ask for wire transfers, bank account information or Social Security numbers. Donations via text message are OK, as long as you confirm the number with the organization.
Romance scam
How it works: You meet someone on a dating site, on Facebook or while online gaming. You exchange pictures, talk on the phone and get close quickly. It soon becomes obvious that you were meant for each other, but the love of your life lives in a foreign country and needs money to get away from a cruel father, get medical care or buy a plane ticket so you can finally be together.
What’s really going on: Your new love is a scam artist. There will be no tearful hug at the airport, no happily ever after. You will lose your money and possibly your faith in humankind. It may be hard to admit it happened to you, but if these details sound familiar, you’ve been the victim of a romance scam.
The big picture: Online social networking has opened up new avenues for scammers who specialize in luring lonely people into phony friendships and love affairs, only to steal their money. According to the FBI, consumers reported losing more than $1.14 billion to romance scams in 2024, more than triple the losses just four years ago.
Avoidance maneuver: “On the internet, it is almost impossible to be too paranoid,” says Durst. “But don’t be paralyzed—be smart.” Dating and social-networking sites can be a great way to meet people, even from foreign countries, but if someone you know only from the internet asks for money, you should sign off quickly and block them.
Business email compromise scam
How it works: You sent your client an invoice, but they didn’t pay after 30 days, so you send a reminder that their payment is past due. The client replies and tells you they paid via wire transfer. The only problem? You don’t accept payments via wire transfer.
What’s really going on: Someone hacked into your business account and sent an email to your client with directions on how to wire money to pay their balance. The client wired the money—but not to you—and now the scammer has the money, and the account is closed or untraceable.
The big picture: Business email compromise (BEC) scams and email account compromise (EAC) scams are currently the biggest online scams, according to the FBI. Though not new, BEC/EAC are evolving and getting more sophisticated. “These fraudulent wire transfers are often immediately transferred to cryptocurrency wallets and quickly dispersed, making recovery efforts more difficult,” the FBI explains in its internet crime report.
The FBI’s Internet Crime Complaint Center (IC3) says that between October 2013 and December 2023, the BEC scam was reported in all 50 states and 186 countries, with losses totaling $55 billion in more than 300,000 incidents. In the U.S. alone, there were more than 158,000 incidents resulting in almost $21 billion in losses.
Avoidance maneuver: Set up two-factor authentication codes for everything, especially your work email. When invoicing clients, be explicit about accepted methods of payment. Wire transfers are less common now that we have so many digital options, but it’s important to be aware of Zelle scams and similar money transfer options because once the money has been sent it’s as good as gone. As long as we have digital wallets there will be digital fraud.
Of course, even with the best practices in place, you may still get scammed if someone hacks into your business or personal email. If this happens, report it immediately to the IC3. If you think reporting a scam won’t help, consider that in 2023, the latest data available, the IC3’s recovery asset team (RAT) received more than 3,000 fraud reports totaling $758 million and was able to recover $538 million, a 71% success rate.
Counterfeit goods scam
How it works: You’re doing some online shopping, as one does. You see what looks like a great deal on Amazon or eBay and place an order. Everything seems fine … until you get the item. You look closely at the box, and it looks like someone printed it in their basement. Or, the box is fine but the product is shoddy and clearly not legit. You may not receive the item at all.
Learn about these eBay scams, too
What’s really going on: The seller’s a scammer, and they’re going to send you a counterfeit product (or nothing at all)—and they’ll still get your money. These scammers often post delivery dates that are three or four weeks from the date of purchase, so they typically receive payment long before you discover that it was a scam.
The big picture: The sale of counterfeit items is a major problem, and it hurts not just buyers but other sellers as well. “There’s been rampant theft of intellectual property—Marvel, Disney, Star Wars, NFL teams, sports jerseys,” Eaton says. “Facebook Marketplace, OfferUp, Craigslist and other sites are rife with rip-offs.”
Some people don’t care about counterfeit or knockoff goods—a fake Louis Vuitton looks close enough to the real deal for many—but that’s for them to decide, with full knowledge of what they’re buying.
Avoidance maneuver: Watch out for new sellers, and take a careful look at sellers’ reviews before you buy. Read the one- and two-star reviews as well as the glowing ones. Take a close look at photos reviewers have attached to the post, and read the wording on the reviews. If you find a string of clichés, or a bunch of reviews written in the same tone, they’re probably fake testimonials.
Positive reviews are generally a good thing, but if a new seller has 20 five-star reviews for a brand-new product that’s a fraction of the regular retail price, it’s a red flag. As a general rule, stick with sellers who have products with hundreds of reviews and an average rating of four stars or higher.
Eaton says that a good way to circumvent counterfeit sites is to use the company’s official app as much as you can. “If you shop a lot at Walmart, don’t keep logging in through the website,” she advises. “Go through the app, because it helps eliminate certain fraud risks.”
Hitman scam
How it works: You get an email or text from someone saying he’s been hired to kill you or kidnap a family member. He tells you to send a large amount of money via Cash App or another irreversible method in exchange for your safety. Usually, the email will also warn you against contacting the authorities, saying that will only make things worse.
What’s really going on: There is no assassin. Somebody found your email address (along with hundreds of others) and just wants your money. “The scam is simply a means to an end,” Eaton says. “The scammer’s only objective is to get you to give him what he wants as quickly as possible. It’s not personal—but it is a crime—and it can ruin your life and devastate your finances.”
The big picture: How could anyone possibly fall for this? Keep in mind that the first response of anyone who’s just been threatened with murder online is most likely to panic. Even scarier, many of these scams include the victim’s personal information—such as where they (or loved ones) work or go to school, or even what street they live on—which can be easy to access through social media.
Avoidance maneuver: If you get one of these messages, block the number. Responding to the scammer clues them in that they have reached a live account, and they’ll probably respond with more aggressive threats. Next, contact local law enforcement. It’s not likely that the scammer is in your town—they’re probably halfway across the world—but the authorities need to know in case there’s a real threat. Your cyber awareness will protect you, and reporting the crime will help protect others.
Also, be careful of what you post about your family online. You might think it’s harmless to show casual photos of your home and vehicle, but these details can be used to coerce you or your loved ones into believing the scammers know who you are, where you are and that they intend to harm you if you don’t pay up.
Travel scam
How it works: You see a social media post or get an email advertising an amazing deal on airline tickets, or an all-inclusive vacation to an exciting destination like Paris or Fiji. And it is truly amazing: We’re talking a $10,000 vacation for just $999. How could you say no?
What’s really going on: Like the free trial scam, travel scams have extra costs hidden in the fine print. The initial fee won’t cover much, and you’ll have to pay thousands in resort fees. Or that confirmation code may never land in your inbox. Either way, the scammer will now also have your credit card info—or ask you to pay through a third-party app—opening you up to additional theft.
The big picture: The peak time for these kinds of online scams is the summer, when people have vacation on the brain, but they’re also common right before Christmas and New Year’s Day. Scammers intentionally choose exotic, remote places that would be difficult to get to without their “amazing offer.” Finally, they throw in an expiration date, saying you only have a few days, or even hours, to take advantage of this deal, hoping that a sense of urgency will rope you in.
Avoidance maneuver: Scour the details of the offer before clicking any sort of confirmation button, and Google the site and the offer to see if anyone warns of fraud. The email or website will hold plenty of clues that it’s not legit. “Are the images low-resolution? Does the verbiage include spelling errors and grammatical mistakes?” Eaton asks. “These are the telltale signs of a fake online store, site or organization. Delete the email, and don’t submit your personal information.”
Keep in mind that fake websites can look like legitimate sites, but reputable e-commerce sites and major airlines, banks and hotel chains use website addresses that begin with https. “The ‘s’ indicates a higher level of security,” Eaton says. “Most scam sites, however, are http, because http sites are cheaper than https sites.”
Empty house scam
How it works: You’re on vacation having the time of your life, and you want to share the joy with your friends and Instagram followers. You post a few photos from Lisbon, announcing, “Next stop, Amalfi Coast!” You don’t think twice about it, but when you get home, your house has been ransacked and burgled.
What’s really going on: Criminals scour social media sites for people posting pictures of themselves out of town, so they can find empty residences to burglarize. Some even pay attention to obituaries. This is a scam that exists mostly offline, but it’s your online activity that makes you a potential victim.
The big picture: Criminals search for keywords that indicate you’ll be out of town. For example, it’s pretty common for people to share photos from a bridal shower with the caption, “This time next month, we’ll all be celebrating in Vermont!” But scammers take note and check back when they think you’ll be away. While there aren’t official stats on how many burglaries result from this type of online scam, Eaton points out that 60% of burglary victims were active on social media.
Avoidance maneuver: Wait to post photos until you’re back, and don’t post information about future events. Otherwise, you’re putting others at risk as well as yourself. For example, if you’re attending a family wedding, a scammer could identify dozens of people, often in one community, who are out for the night—or out of town for a long weekend—and now they’re potential victims as well.
If you really, really want to share, Eaton suggests changing your privacy settings so only close friends or a specific group can see those photos. As an additional safety measure to avoid an Instagram scam, it’s always a good idea to leave a few lights on and have neighbors collect mail and packages so it looks like you’re home.
Elder financial scam
How it works: A loved one becomes a widow. Another widow finds them on Facebook and says, “I know what you’re going through.” They become fast friends, and then the friend has an emergency—perhaps a sick grandchild or an unexpected car repair—and needs to borrow money immediately.
What’s really going on: This new “friend” isn’t a friend at all—they’re a scammer, of course. They may vanish after the first payment is made, or they may stick around to see how much more they can squeeze out of the unsuspecting senior. In elder fraud, the scammer might also eventually attempt to take over their bank accounts—and even steal their identity.
The big picture: Increased concentrated wealth from retirement accounts, pensions and other income streams make seniors an attractive target to scammers, says Jason Zirkle, training director at the Association of Certified Fraud Examiners. “Plus, scammers assume that Baby Boomers are more respectful to authority, that widows are lonely and that elders are reluctant to ask for help because they don’t want to be a burden to caregivers.”
Avoidance maneuver: The best way to protect yourself and your loved ones is to educate yourself on the red flags so you and your loved ones know how to avoid online scams, according to Darius Kingsley, head of consumer business practices at JPMorgan Chase. If you suspect this is happening to someone you know, look for the following signs: a new friend they’re secretive about, changed spending habits, bounced checks after a lifetime of fiscal responsibility or a desire to cash out IRAs and/or change their will.
“Even though online fraud schemes come in zillions of varieties, they often follow a specific pattern,” Zirkle says, and knowing how to recognize online scam techniques will keep you and your family safe. Make sure the elders in your life know how to stop spam calls, and while it’s not foolproof, encourage them to get on the National Do Not Call Registry.
Google Voice scam
How it works: You’ve posted something for sale on Craigslist or Facebook Marketplace, and someone messages you to say they’re interested in buying it. First, though, they need to verify your identity through a two-factor authentication (2FA) code due to scams and fake online listings they’ve heard about.
What’s really going on: The 2FA code sent to you via SMS is actually from Google. When you give the scammer your code, they’ll be able to set up an account in your name. “The attackers claim a new Google Voice number that’s tied to your real phone number,” explains Paul Bischoff, a privacy advocate at Comparitech cybersecurity company. “Scammers can then use Google Voice to send spam calls and texts under your name, likely without you ever knowing.”
The big picture: This is not your grandmother’s phone scam. Spam calls have evolved over the years. Instead of an easily ignored 800 number, the numbers look like they’re from your home area code—or sometimes even your home city. The con artist uses your identity to conceal their identity so they can contact people with the intention of ripping them off. The scammer might even be able to gather enough information to open accounts in your name.
Avoidance maneuver: If you’re buying and selling stuff online, stick to the app—for all communication and payment. If you go offline, you won’t be protected, and you won’t be able to get your money back. This doesn’t work for Craigslist (though they can encrypt your email for you), but it works for most online selling platforms.
Additional reporting by Meghan Jones.
About the experts
|
Why trust us
Reader’s Digest has published hundreds of articles on personal technology, arming readers with the knowledge to protect themselves against cybersecurity threats and internet scams as well as revealing the best tips, tricks and shortcuts for computers, cellphones, apps, texting, social media and more. For this piece on how to avoid online scams, Jaime Stathis tapped her experience as a journalist who has written dozens of articles about scams and digital security for Reader’s Digest to ensure that all information is accurate and offers the best possible advice to readers. We rely on credentialed experts with personal experience and know-how as well as primary sources including tech companies, professional organizations and academic institutions. We verify all facts and data and revisit them over time to ensure they remain accurate and up to date. Read more about our team, our contributors and our editorial policies.
Sources:
- Federal Trade Commission: “New FTC Data Show a Big Jump in Reported Losses to Fraud to $12.5 Billion in 2024”
- Federal Trade Commission: “Tech Support Firms Will Pay $26 Million to Settle FTC Charges That They Deceived Consumers into Buying Repair Services”
- FBI: “2023 Internet Crime Report”
- Weber State University: “Scareware”
- FBI: “Business Email Compromise: The $55 Billion Scam”
- Monica Eaton, CEO of Chargebacks911; email interviews, October 2022 and April 2025
- Jason Glassberg, co-founder of Casaba Security; email interview, October 2022
- Christine Durst, author and internet fraud expert; email interview, October 2022
- Steven J.J. Weisman, expert in scams, identity theft and cybersecurity; email interview, October 2022
- Jason Zirkle, training director at the Association of Certified Fraud Examiners; email interview, October 2022
- Darius Kingsley, head of business practices at JPMorgan Chase; email interview, October 2022
- Paul Bischoff, privacy advocate at Comparitech; email interview, October 2022
