Scams

How to Spot Online Scams

How to Spot Online Scams

Have you lost money or cryptocurrency to an online scam?

In 2024 alone, £11.4 billion was lost to scams, with investment scams seeing a sharp rise(1). As more of our lives shift online, so do the tactics of scammers. They’re smarter, faster, and harder to spot than ever before. 

If you’ve fallen victim to an online scam, you’re not alone. That’s why it’s so important to understand how these scams work and what you can do to protect yourself. Let’s break down the warning signs and show you how to stay one step ahead. 

What is an online scam? 

An online scam is a type of fraud carried out over the internet, often through websites, emails, or other forms of online interaction. These scams can take many forms, including phishing, email spoofing, and fraudulent investment schemes. 

At their core, online scams work by hiding the scammer’s identity, making it easier to trick people and steal money or personal information. 

Common tactics scammers use online 

Phishing 

Phishing is a common tactic where scammers pretend to be trusted organisations to steal information like passwords or bank details. This might be your bank, a delivery company, or even HMRC. 

Phishing messages often arrive via email, text message, or social media, and typically urge you to take immediate action by clicking a link or downloading an attachment. Messages often warn you that your account will be suspended, or you’ve missed a delivery, which leads people to act before thinking. 

For example, you receive an email that appears to be from your bank, claiming there’s been suspicious activity on your account. The branding looks authentic, mimicking the logo, fonts, and layout of the real site.  

The message urges you to “verify your account” by clicking a link. The link takes you to a page that looks like your bank’s login screen, but it’s fake. Once you enter your details, the scammers capture them and gain access to your account. 

How do I know if I clicked a phishing link? 

If you think you’ve clicked on a phishing link, try not to panic. The most important thing is to stay calm. Then, manually search for the website and log in to the official site. If your account isn’t logged in, it’s possible your credentials were compromised. 

You should also: 

  • Change your password immediately 
  • Enable two-factor authentication if it’s not already active 
  • Monitor your accounts for unusual activity 

Email spoofing 

Email spoofing is when a scammer forges the “from” address on an email to make it appear as though it’s come from someone you trust, like a colleague, a business, or a government organisation. It’s commonly used in phishing schemes to steal information or distribute malware. 

For example, you may receive an email from what appears to be your manager, asking you to urgently purchase gift cards for a client. The email looks legitimate, but on closer inspection, the sender’s address is slightly misspelt. Once the cards are sent, the scammer disappears. 

Always verify unusual requests through another channel—a quick phone call to your manager can prevent major losses. 

Remote access software 

Remote access software allows someone to control a device from another location, which is typically used by IT professionals for technical support. Legitimate programmes include TeamViewer, AnyDesk, Remote Desktop, Splashtop, and UltraViewer. However, scammers have found ways to misuse these tools to gain unauthorised access to victims’ devices. 

Scammers often pose as customer support agents, recovery specialists, or even representatives from banks or cryptocurrency platforms. They may claim they need to “verify a transaction,” “help recover lost funds,” or “remove a virus”. To do this, they persuade victims to install remote access software, giving the scammer full control of the device. 

Scammers can then move quickly. They might open banking apps, search saved passwords, or access cryptocurrency wallets. Sometimes, they install additional spyware or malware to maintain long-term access, even after the victim thinks the session has ended. 

To avoid this scam, don’t install software at someone else’s request, especially if they contacted you unexpectedly. You should also use admin passwords to block unauthorised software installations and install antivirus protection to detect suspicious activity. 

Viruses and spyware 

Viruses and spyware are used to compromise devices and steal information without your knowledge. Viruses can corrupt files, while spyware silently collects data such as login credentials, browsing activity, or financial information. 

Here are some common types of viruses and spyware: 

  • Ransomware: Locks or encrypts your files and demands payment to release them. 
  • Trojans: Disguised as legitimate software but gives hackers backdoor access. 
  • Adware: Floods your device with unwanted adverts, often leading to further scams. 
  • Worms: Self-replicating programs that spread across networks. 
  • Keyloggers: Records your keystrokes to capture sensitive information 

Keep your software and antivirus programmes updated and avoid downloading files or apps from unverified sources. 

Lottery scams 

Lottery scams involve messages claiming you’ve won a prize, despite never entering a competition. This might include cash, a holiday, or a high-value item. To claim the prize, you’re asked to pay a processing fee or provide personal information. Once the scammers have what they need, they vanish. 

These scams often target older adults, vulnerable individuals, or those under financial strain, who may be more likely to respond in hope of genuine relief. 

There are a few clear red flags to watch out for. If you haven’t entered a competition, it’s highly unlikely you’ve won one. Legitimate lotteries never ask winners to pay upfront fees or share personal information to receive a prize.  

Scam messages often contain vague language, poor grammar, and generic greetings, which are all signs that the offer isn’t genuine. If it sounds too good to be true, it probably is.

 

Latest online scams to be aware of 

Online scams are always evolving, and scammers continuously develop new tactics to deceive users. Here are some of the latest scams targeting online users: 

Social media ads 

Fake stores and services are being promoted through paid ads on platforms like Facebook and Instagram. These scams often feature stolen branding, AI-generated product images, and fake reviews.  

Victims place orders and never receive the product or receive poor-quality counterfeits. AI tools have made it easier to generate convincing content, contributing to a 12% increase in Facebook-related scams (2).  

Fake online sellers 

On sites like Facebook Marketplace or X (formerly Twitter), scammers pose as private sellers. They often request payment via PayPal’s “friends & family” option, which doesn’t offer buyer protection. In some cases, they use fake tracking numbers or ghost the buyer after payment. 

PayPal impersonation emails 

Scammers impersonate PayPal with official-looking emails claiming there’s an issue with your account or a payment to confirm. These emails link to fake login pages designed to steal your credentials.  

Always verify by logging into PayPal directly via their website or app, never through email links. 

AI scams 

Artificial intelligence is now used to create deepfakes, which are highly convincing fake videos, images, or voice recordings. These can be used for blackmail, to impersonate family members or business contacts, or to give false credibility to fraudulent investment opportunities. 

QR code scams

QR codes are now common in restaurants, events, and online interactions, but scammers use fake ones to redirect you to malicious websites. These sites may prompt downloads, collect login details, or present fake prize claims asking for personal data. 

Malicious apps 

Apps from unofficial stores or unverified links can infect smartphones with spyware or malware. Once installed, they can track your keystrokes, access banking apps, or look at your contact lists. Always download apps through the Apple App Store or Google Play, and check reviews. 

WhatsApp links 

These scams often begin with a message from a seemingly trusted source, such as someone claiming to be a recruiter, landlord, or friend using a new number. They may offer job opportunities or ask for help with urgent payments, only to redirect you to phishing sites or fake payment portals. 

Romance scams 

Scammers build emotional relationships over weeks or months on dating apps or social platforms. Once they’ve established trust, they often ask for money, investment in fraudulent platforms, or access to personal information. These scams can be highly convincing and emotionally damaging. 

 

Quick tips for avoiding online scams 

Online scams are often convincing, but there are simple checks you can make to reduce your risk. Here’s how to stay safe: 

  • Be sceptical of anything that seems too good to be true: Don’t trust offers without evidence—if it feels off, it likely is. 
  • Review your privacy settings: Limit who can see your posts, contact details, and activity on platforms like Facebook, Instagram, and LinkedIn. 
  • Avoid engaging with strangers online: Be cautious with unsolicited messages, especially those that become personal, urgent, or financial. 
  • Enable two-factor authentication (2FA): This adds a second layer of security, like a code sent to your phone, to protect accounts even if your password is compromised. 
  • Manually search for websites: Avoid clicking links in emails or messages. Search for the company or platform to ensure it’s legitimate. 
  • Don’t send money to someone you haven’t met: Always verify who you’re dealing with before making any online payments or transfers. 

 

Who is most likely to fall for an online scam? 

According to a 2023 Deloitte survey, Gen Z individuals are more than three times as likely to fall for online scams compared to baby boomers (3). 

This higher risk is likely due to Gen Z’s frequent use of digital platforms and social media, which puts them in contact with more scams. Being comfortable with technology can also lead to overconfidence, making them less cautious when something seems suspicious.  

That said, no one is immune. Scammers are constantly changing their tactics, and staying alert is important for everyone. 

 

I think I’ve been scammed online—what should I do? 

If you believe you’ve been scammed online, it’s important to act quickly: 

  1. Identify what’s been compromised: Determine whether you’ve lost money, cryptocurrency, or shared personal information such as passwords or ID documents. 
  1. Contact your bank: Immediately inform your bank, credit card provider, or crypto platform. They may be able to freeze transactions or reverse unauthorised payments. 
  1. Report the scam: File a report with local authorities and relevant organisations, such as Action Fraud or the National Cyber Security Centre (NCSC). 
  1. Monitor your accounts: Regularly check your bank and online accounts for any unusual activity. Change your passwords and enable two-factor authentication where possible. 
  1. Seek professional help: A legal or cybersecurity expert can help assess the extent of the damage, advise on recovery options, and take steps to protect you from further risk. 

Remember: being scammed is not your fault. Scammers are highly sophisticated and exploit even the most cautious individuals. To prevent further losses, avoid sending any further payments or engaging with the scammer. Instead, seek professional help as soon as possible. 

Contact Wealth Recovery Solicitors 

If you’ve lost money or cryptocurrency to an online scam, contact Wealth Recovery Solicitors. Our recovery specialists can help trace your lost funds and recover what’s yours. 

We know how to get results for our clients. In fact, we’ve helped recover more than £50,000,000 for fraud victims in the last three years. With a 4.8-star rating on Trustpilot, you can also expect superior customer service at WRS. Our UK-based specialists are on hand to provide reassuring, expert advice when you need it. 

Why choose Wealth Recovery Solicitors? 

  • ETL Global Partner: Access to a trusted international legal network 
  • £50,000,000 + recovered: Proven track record of success in complex fraud cases 
  • 4.8 Trustpilot rating: Excellent client feedback for service and results 
  • No win, no fee: You only pay if we successfully recover your funds 
  • Free consultation available: Get in touch to see if you qualify 

Get in touch to take the first step towards recovering your lost funds.