How to identify the most common online security scams.

How to Identify the Top 4 Online Security Scams

Scams are becoming more dangerous and harder to spot. Here’s what to look for.

Over the past few years, the public has grown more educated in the tactics used by online scammers. Doubtless, this is due to the rise in security breaches in prominent businesses and the surrounding publicity. With the news coverage surrounding these security failures, more and more businesses and private individuals are becoming aware of the most common scams and are therefore better able to avoid them.

However, the rise in security breaches also indicates an evolution in the way scammers and hackers challenge security systems. While many of the hacks are the same as we’ve always seen, some are executed with greater nuance. So, for those wanting to stay ahead of the curve, constant education and vigilance is in order.

Below are some of the most common security scams business are likely to encounter. In fact, these are so prevalent you’ve probably encountered all these before. Nonetheless, if you haven’t looked at these recently, a recap is in order.

1. Email phishing.

We’ve all received emails from scammers posing as foreign investors or romantic interests. Many of these are laughably transparent and it’s easy enough to flag them as spam and dismiss them. These emails, which are designed to trick gullible people into sending sensitive personal information, are known as phishing scams. And while early iterations might have been simplistic in their design, many recent iterations are able to fool even those of us usually savvy enough to spot them.

In some of the more recent, public examples of successful phishing attempts, the scammers sent highly-targeted emails to members of organizations posting as a trusted contact—often even a superior. Employees fell for the ploy because the trusted sender name caused them to ignore other red flags.

To address this problem, organizations should implement protocols about what information may be transmitted via email. They should also facilitate ways for employees to verify that the request comes from a legitimate source.

2. Website phishing.

Phishing schemes cover a broad spectrum, and many overlap. For instance, it’s common for an email phishing scheme to trick email recipients into clicking on a link that directs them to a fraudulent website, instead of going after sensitive information directly.

Many phishing schemes succeed by alarming their targets into taking action before they’ve thoroughly examined the situation. For instance, they appear to come from a bank account or credit card company. They claim that the user’s account has been hacked, and direct them to a landing page where they are asked to enter their username and password to confirm their identity.

These landing pages are becoming alarmingly detailed in their ability to reproduce actual landing pages from trusted companies. In 2017, one phishing scheme imitating Google’s landing page proved to be especially convincing.

Many Internet users know to check a website for SSL certificates and not to enter personal information into a website if it doesn’t have an HTTPS URL. However, many phishing websites are catching on and obtaining SLL certificates to give the impression of having a secure site.

While an SLL certificate ensures that data from that domain uses encryption in transit, it does not ensure that the domain itself is trustworthy. Therefore, before entering information into a form, it’s important to look more closely at the URL. If the URL contains typos (such as, or if the trusted brand only appears as a subdomain (, these are clear indications of fraud.

3. Scareware.

This scenario may sound familiar: you’re browsing the Internet, and suddenly a pop-up alert flashes onto your screen. “Virus alert detected,” it says. “Download the latest update of this security program to remain secure.”

The pop-up may use the logo of a brand you trust, such as McAfee, Norton, or Microsoft, but it’s actually malware.

Like website phishing, many scareware alerts intentionally imitate trusted security platforms to fool users into granting privileges that they would otherwise withhold. And, like the most recent phishing attempts, these alerts are increasingly more able to imitate the language and design of warnings you usually see on your computer.

However, your computer antivirus software should not be initiating updates from your web browser. No matter how frightening the warning, run a search to see if the alert is a known scam before you make any moves. Check your current antivirus software to see if it’s up to date. Finally, consult with your IT provider if you have any doubts.

4. Social media impersonators.

It doesn’t take much for someone to impersonate another person on a social media platform. Facebook is especially susceptible to this behavior. All an imposter needs is the information available on someone’s public profile, and they can set up a false account and begin contacting that person’s friends.

If you receive a friend request from someone you know and thought you were already friends with, check to make sure they haven’t deleted their account. Most social media imposters have only blurry images scraped off their target’s profile, and their posting history should be fairly brief. If it seems appropriate, contact the person whom you suspect of being impersonated. Ask them if they are restarting their profile before accepting their request.

If someone you suspect of being an impersonator contacts you and begins behaving suspiciously, avoid revealing any personal information.

You can protect yourself and your business.

Even as scams grow in sophistication, so do the protections we have against them. For instance, enabling two-factor authentication can protect your account, even if a hacker gains access to your login credentials. They won’t be able to access your account without a text being sent to your mobile phone, or a verification email being sent to your account.

Training can also go a long way. Make sure employees understand proper procedures for sending sensitive information, and encourage them to verify requests if anything appears suspicious.

Finally, an IT partner can help you maintain firewalls so as to prevent downloading suspicious files by accident. They can advise your business about measures to prevent a security breach, and to limit the damage should one occur.