Cybersecurity attacks are increasingly common, often resulting in financial losses or identity theft. Most scammers have two goals: to steal your funds and to steal your identity (to further steal your funds or use your accounts).

Knowing what the most common scams are on the internet today can help you know what to look for and avoid cyberattacks or financial fraud.

The number one scam online is phishing. It occurs when a scammer sends you an email, pretending to be a service provider or your bank, and tricks you into clicking a link or providing your personal or financial information. The links included in the emails often request recipients to navigate to a fake website and provide their updated banking information. Not only will you be giving away your details, but the links may also result in malware being installed on your devices when you click them. Verify the sender information and note the tone of the email. If it has a sense of urgency (e.g., “provide your information now to avoid your account being blocked”) it is likely a scam.

Another way to stay safe online is to ensure you only interact with reliable platforms. For example, when playing on a crypto casino, make sure to pick one that’s licensed and has security measures in place. Blockchain technology used on these platforms helps reduce fraud. Always ensure you’re on an official site before entering personal or financial details.

ATM fraud begins in-person and can eventually migrate online, especially if your bank card contains your account details and CVV number. Fraudsters can swap your card at the ATM or use a fake device masquerading as the card slot to clone your card. If they swap your card (by distracting you while you’re at the ATM), they can then use it to perform online transactions. They can get your PIN by “shoulder surfing”, which is when they stand so close that they can see you key in your PIN at the ATM. The easiest way to avoid this scam is to never allow anyone to approach you at the ATM, even if they’re asking for advice. If you suspect your card has been swapped or cloned, contact your bank immediately to stop your card.

The last thing you want to become is a money mule. These are people who allow their bank accounts to be used to move (illegal) funds through the banking system. This money is often received from other victims of fraud. Cybercriminals will approach you online and gain your trust. They will then take advantage of your caring nature and persuade you to open an account with a bank in your name, but this account will be used by them. They will often use the tactic of offering you money or rewards in exchange for your services. The easiest way to avoid this scam is simply not to allow others to access your bank account or make deposits for anyone else. Never open an account in your name for someone else, even if you’re offered payment or you know the person.

Romance scammers prey on the lonely and vulnerable. They create fake dating profiles and form relationships with their victims online, either through social media or dating apps. Once there is a solid relationship formed, they start asking for a little bit of money. They often even repay the first couple of payments to earn your trust. From there, they will ask for increasingly larger amounts, and eventually disappear without ever repaying you for the thousands of dollars you lent them. When chatting to people online, it is best to verify their identity by asking for photos, videos, a video call, or meeting them in a safe public place. The Federal Trade Commission (FTC) provides additional tips for avoiding romance scams, as well as how you can report these scammers.

Ransomware attacks often make headlines. This scam is aimed at companies, not individuals. Ransomware is malware that can lock files on electronic devices. The cyberattacker then sends a request for a ransom to be paid to unlock the company’s data. The scammer may announce that they will publicly disclose or sell the data unless the ransom is paid. Avoiding a ransomware attack can be difficult, so ensure that your company’s security systems are up to date and inform employees of potential scams. Should you be the victim of a ransomware scam, contact your local law enforcement, CISA, the US Secret Service, or the Federal Bureau of Investigation (FBI).