Key Takeaways:
Scams are rising and increasingly sophisticated, so even careful people need a higher baseline of vigilance.
The biggest red flags include unexpected invoices, messages pretending to be the IRS/SSA or well-known brands, pressure to act fast, and demands to pay via gift cards, wire, or other unusual methods.
Your best defense is to verify requests through trusted channels, avoid clicking suspicious links, use updated security and multi-factor authentication, and act quickly with your bank/IdentityTheft.gov/FTC if you’ve been targeted.
When was the last time you received a phone call or email from a scammer? If you were contacted recently, you aren’t alone.
Internet scams show no signs of letting up. In fact, the problem may be getting worse. In its most recent report from the Internet Crime Complaint Center, the FBI said it saw the largest number of complaints and the highest dollar losses reported since the center was established 20 years ago.
The FBI said it recorded 859,532 complaints in 2024 and more than $16.6 billion in losses to individuals and businesses.
The costliest scams involved business email compromise, romance or confidence fraud, and mimicking the account of a person or vendor known to the victim to gather personal or financial information, the FBI said.
“Criminals are getting so sophisticated,” Donna Gregory, the chief of IC3 said. “It is getting harder and harder for victims to spot the red flags and tell real from fake.”
How to Avoid Being Scammed
But you can avoid becoming a victim with vigilance and common-sense steps.
Beware of the fake invoice or suspicious email
Be sure to check that email address. The name may be familiar, but the email address may be a long string of unrelated characters. Other scamsters may have an email that is one letter off. Or they may simply use .net instead of .com.
Does an invoice ask you to provide new bank information? That’s a potential red flag. A simple way to side-step a fraudulent transfer of funds is to verify you are using a trusted source, for instance making a quick phone call to the vendor. If you are a business owner, require your employees to call and verify payment requests using phone numbers that are on file.
Don't fall for scammers pretending to be from an institution you are familiar with
You’ve probably received these emails or phone calls. Someone reaches out to you claiming to be from the IRS, the Social Security Administration, or another government organization. The caller says you owe money and that you must pay, or legal action will be taken.
The email may have official logos, or your caller ID may reflect the government agency’s name.
Let me be clear on this. The IRS will never make first contact via a phone call and claim you owe them money. You’ll receive a letter with details and steps you can take. If you receive a call, simply hang up the phone. Please do not engage the caller. Some may threaten or become abusive.
If you “settle” and pay over the phone, expect repeated phone calls as more “discrepancies” are found. In other words, they will extract as much cash as you allow them to.
Avoid the Social Security scam
In one version of the scam, the caller says your Social Security number has been linked to a crime involving drugs or sending money out of the country illegally. They then tell you that your Social Security number is blocked. For a fee, it can be reactivated. Then the scammer will ask you to confirm your Social Security number.
Hang up. The Social Security Administration will never call you on the phone and ask for your Social Security number.
Scammers will tell you how to pay
They often insist that you pay by sending money through a money transfer company or by putting money on a gift card and then giving them the number on the back.
Others will send you a check (that will later turn out to be fake), tell you to deposit it, and then send them money. This is a common Craigslist scam. The caller wants to purchase your items sight unseen. Or they will want you to set up a PayPal account or some other type of electronic payment. (On the other hand, if you are selling items, cash is usually the best way to proceed.)
Pop-up warnings
Tech support scammers may try to lure you with a pop-up window that appears on your computer screen. It might look like an error message from your operating system or antivirus software. It might use logos from trusted companies or websites.
The message in the window warns of a security issue on your computer and directs you to call a phone number to get help. Simply ignore. You can always use your antivirus software to scan.
If you call, they’ll likely give you worthless information--for a fee. They may also have you download malware or other unwanted software that they claim will fix the issue.
Avoid phishing scams
Phishing is a cybercrime in which a person is contacted by email, telephone, or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as banking, credit card details, and passwords.
Phishing emails and text messages spin a tale in order to trick you into clicking on a link or opening an attachment.
For example, they may:
- Claim they’ve noticed some suspicious activity or log-in attempts
- Claim there’s a problem with your account or your payment information
- Say you must confirm some personal information
- Include a fake invoice
- Want you to click on a link to make a payment
- Say you’re eligible to register for a government refund
- Offer a coupon for free items
Here is one example from the Federal Trade Commission (FTC): You may receive an email that appears to be from a company you are familiar with, such as Netflix. Not everyone subscribes to Netflix, but tens of millions do.
You receive an email requiring that you update your credit card or bank information for payment. If you comply, you’ve given criminals personal information they can use to steal from you. (If you are unsure, go to the website of the company and check your information there.)
Also, be careful about clicking on links or attachments that could compromise your personal information or lock up your computer. Use these four steps to protect yourself from phishing:
- Use updated virus protection software and keep your browsers and operating system updated.
- Protect your mobile phone by setting the software to update automatically.
- Protect your data by backing it up.
- Protect your accounts by using multifactor authentication, which simply means you will get a text or email with a passcode when you log into an account.
Please note that some of these emails/texts now include a warning not to give out the passcode to anyone. Why is this needed? Some scammers will attempt to log into your account, then call claiming they are from that company and need your passcode. Just hang up.
Steer clear of the fake Facebook page
Scammers sometimes set up a fake Facebook page of a well-known company. Scammers then add a post claiming they will give away autos, free airline tickets, or thousands of dollars to “hundreds of lucky winners.” Simply share the post, comment, click on a provided link, and fill out the requested information.
If you look at the FB page, you’ll notice it’s brand new as there are few posts, and it lacks a verified FB badge indicating its authenticity. However, you’ll see hundreds of individuals who have dutifully complied with the scammer’s requirements. Sadly, they will win nothing but grief.
What to do if you are scammed
Be vigilant and use common sense. Anyone can fall victim to these scams. If you have paid someone, call your bank, money transfer app, or credit card company and see if they can reverse the charges.
If you gave personal information, go to IdentityTheft.gov to see what steps you should take, including how to monitor your credit.
Did a scammer take control of your cell phone number and account? Contact your service provider to take back control of your phone number. Once you do, change your account password. Passwords should be lengthy and include numbers, letters, special characters, and capitalized letters. Short passwords can easily be hacked using computer programs.
When you report a scam, the FTC can use the information to build cases against scammers, spot trends, educate the public, and share data about what is happening in your community. If you were scammed, report it to the FTC at ReportFraud.ftc.gov.
Finally, be vigilant and use common sense. Avoid clicking on suspicious links, and never give out personal information to a stranger over the phone. You’d never tell your best friend your annual income, so why would you give a suspicious caller your passwords, bank information, date of birth, or your Social Security number?
Sources and further reading
- How to avoid a scam
- What to do if you were scammed
- How to recognize and avoid phishing scams
- Fake calls about your SSN
- How to spot, avoid and report tech support scams
The opinions voiced in this material are for general information only and are not intended to provide specific advice or recommendations for any individual. All performance referenced is historical and is no guarantee of future results. All indices are unmanaged and may not be invested into directly. The economic forecasts set forth in this material may not develop as predicted and there can be no guarantee that strategies promoted will be successful. All investing involves risk including loss of principal. Options are not suitable for all investors and certain option strategies may expose investors to significant potential losses such as losing entire amount paid for the option.
John Gigliello, CFP®
John Gigliello, CFP®, is a fee-based fiduciary financial planner in Albany, NY, serving individuals age 50+ with comprehensive planning and investment management, centered around proactive and advanced tax planning. John earned a Certificate in Financial Planning from Boston University and, more recently, successfully completed the rigorous CFP® Certification examination to become a CERTIFIED FINANCIAL PLANNER™. John earned the Accredited Investment Fiduciary® Designation from the Center for Fiduciary Studies®, the standards-setting body for Fi360. The AIF® designation signifies specialized knowledge of fiduciary responsibility and the ability to implement policies and procedures that meet a defined standard of care. John currently serves on the Albany County Investment Advisory Board, having been appointed by a unanimous vote of the County Legislature in January 2019. In this position, John advises the county on a strategy for making the best use of money available for investment.