Online Scams: An Overview of Common Internet Scams to Avoid

Phishing, ransomware, grandparent scams, tech support fraud, and more. Warning signs and prevention tips for staying safe online.

For your information

These guides are for educational purposes only. Technology changes quickly — we can't guarantee every step will work on every device. We recommend backing up your data before making changes.

How online scams work

Many scams follow the same pattern: you get an email, message, or pop-up that looks like it’s from a real company, bank, or person. You’re urged to click a link, open a file, or send money. Once you do, the scammer can steal your information, lock your files, or take your money.

  • The message appears to be from a legitimate source (bank, store, government, or someone you know).
  • You’re tricked into clicking a malicious link or opening a bad attachment.
  • The scammer then installs malware and/or uses your stolen details to steal money or data.

Phishing, ransomware & scareware

Phishing is when you get an email that looks real but isn’t — from a “bank,” “store,” or “support” — to get you to click a link or give your password. Ransomware is malware that locks your files until you pay a ransom (often in cryptocurrency). Scareware uses fake virus pop-ups that say your device is infected and offers “free antivirus” that is actually malware.

Warning signs:

  • Urgent tone, misspellings, threats of financial consequences
  • Logos or sender addresses that don’t look quite right
  • Unexpected attachments or “virus” pop-ups that are hard to close
  • Software you’ve never heard of “scanning” your computer

Prevention tip: Go directly to the company’s official website if you’re unsure about an email. Don’t click unexpected malware notifications. Back up your data and use trusted antivirus from a reputable company.

Travel & fake shopping websites

Scammers send fake travel insurance offers after you book a trip, or build fake shopping sites that look like real retailers. Deals are often “too good to be true” — they steal your payment details or sell you nothing.

Warning signs:

  • Travel agents offering 100% coverage “no matter what”
  • Payment only via wire transfer
  • URLs with “http://” instead of “https://” or that look odd
  • Prices that seem unrealistically low

Prevention tip: Only buy travel insurance from reputable agencies. Use trusted antivirus to warn you about unsafe sites. Stick to well-known retailers and secure payment methods.

Grandparent & romance scams

In grandparent scams, someone pretends to be a grandchild in trouble (e.g. abroad, need money for a ticket or hospital) and asks for money urgently. In romance scams, a person on a dating site builds a relationship but never meets in person and eventually asks for money or financial details.

Warning signs:

  • Message or call from an unknown number claiming to be a loved one
  • Request for a large sum of money, often urgently
  • Profile or story that seems too good to be true; they live far away
  • Relationship moves fast; they ask for money or personal information

Prevention tip: Don’t act immediately. Verify your grandchild’s identity with questions only they would know, or call them on a number you already have. In online dating, take it slowly, ask lots of questions, and never send money or share financial details with someone you haven’t met.

Hitman & lottery scams

Hitman scams threaten harm to you or a family member unless you pay. Scammers may use details from your social media to sound convincing. Lottery scams say you’ve won cash or a trip and ask for “fees” to claim the prize — you never receive anything.

Warning signs:

  • Message threatening harm unless you pay
  • You “won” a prize for something you didn’t enter
  • You must pay a fee to accept the prize

Prevention tip: Never reply to threatening texts or emails from unknown senders. Don’t click pop-ups or links in “you’ve won!” emails. Report threats to the police.

Tech support scams

Pop-ups or ads claim your computer has a serious problem and offer “tech support” you don’t need. The “support” may try to install malware or charge you for fake fixes.

Warning signs:

  • Unexpected pop-up saying your device has a virus or critical error
  • Someone asking for payment via wire transfer or gift cards

Prevention tip: Download antivirus only from a reputable company. Real tech support doesn’t contact you out of the blue via pop-up. If in doubt, close the window and contact your device maker or a trusted technician yourself.

Disaster relief & COVID-19 scams

After natural disasters or during health crises, scammers impersonate government agencies, charities, or health organizations. They ask for donations, sell fake equipment, or promise payments in exchange for your information.

Warning signs:

  • Email that doesn’t match the real agency or charity website
  • Websites with little or no contact information
  • Requests for payment via wire transfer

Prevention tip: Don’t respond to suspicious sender addresses. Check charity and government sites by typing the real URL yourself. For COVID-19 or pandemic info, use your state or local government’s official channels.

Nigerian letter, money transfer & pre-approved scams

Nigerian letter (419) scams: someone claims to need your help to move a large sum of money and asks for your bank or personal details. Money transfer scams: a “buyer” overpays by check or wire and asks you to send back the difference — the original payment is fake. Pre-approved scams: fake “pre-approved” credit or loan offers that ask for an upfront fee to “complete” an application that doesn’t exist.

Warning signs:

  • Email or letter from abroad asking for help moving money or for your bank info
  • Buyer sends “extra” money and asks you to wire some back
  • Upfront payment required to “submit” a pre-approved offer

Prevention tip: Never respond to suspicious emails or texts from unknown senders. Only send money to verified accounts on secure payment services. Check credit or loan offers on your bank’s official website.

Cryptocurrency scams

Scammers use fake giveaways, impersonation, or blackmail to get access to your digital wallet or personal information so they can steal your crypto.

Warning signs:

  • Investments that “guarantee” high returns
  • Unlicensed or unregistered crypto sellers
  • Urgent requests for payments or wallet access

Prevention tip: Research any exchange or seller before investing. Never respond to urgent payment requests or share wallet keys or recovery phrases with anyone.

Social media & mobile scams

On social media, scammers post fake deals, vacation ads, or “claim your prize” links to spread malware or steal information. Impersonationis when someone copies a real profile and sends friend requests to that person’s contacts to harvest personal data. Mobile scams use fake apps that look like real ones to deliver malware — same idea as phishing, but through an app instead of email.

Warning signs:

  • Posts with very low prices or links to “claim” something
  • Someone you’re already friends with “requesting” you again
  • Apps that are hard to close, disappear and reappear, or redirect to suspicious sites

Prevention tip: Verify a company or seller before buying. Limit who can see your profile and be cautious with new friend requests. Only download apps from your device’s official app store.

Stay safe: pause and verify

Scammers rely on urgency and emotion. When something feels off — an unexpected message, a too-good-to-be-true offer, or a request for money or personal details — pause. Don’t click, don’t pay, and don’t reply until you’ve verified through a channel you trust (e.g. the real company website or a phone number you looked up yourself).