It's unfortunate that there's always someone out there trying to take your hard-earned money away from you. On the internet, these hucksters target the technologically unsavvy, and in particular, the elderly. In this article, we'll explain how three of the most common scams today work, and how you can protect yourself from them in the future.

This scam has gained immense popularity over the last few years and shows no signs of slowing down. It can be initiated in various ways. Occasionally, it starts with a cold contact: you receive a phone call or an email purporting to be from ‘Microsoft,’ ‘Windows,’ etc., claiming there’s a severe problem with your computer and urging you to speak to a representative to fix it. These calls may make alarming claims, suggesting you’re in danger due to “computer problems” or accusing you of illegal activity.

More commonly, these scams begin with a simple advertisement. While browsing the internet, warning messages flood your screen. Sometimes, an alarming noise or robotic voice accompanies these messages, which may appear realistic and report that your computer is compromised. Attempting to close these messages might result in them taking over your screen, becoming “un-closeable.” Many warnings threaten that closing the message will damage your computer or lead to your arrest, insisting you call a provided phone number for assistance.

THESE ARE EMPTY THREATS! What you’re seeing is merely a webpage, albeit a highly intrusive one. You might encounter this page through typosquatting websites (where you mistype a URL), malicious advertisements (which is why using an adblocker is recommended), or compromised websites. This webpage cannot do anything beyond fullscreen itself and ignore your attempts to close it. Pressing Ctrl+W or ALT+F4 can close the tab or browser window, respectively. If all else fails, hard reset the computer by holding the power button down for ten seconds.

What happens if you call the number? You’ll be connected to a call center (usually in India, though they may claim to be in California or elsewhere) where a “certified technician” will guide you through steps to grant them remote access to your computer. Once connected, they’ll click around your OS, highlighting various issues they’ll claim are serious problems – “foreign attackers” (actually external services your computer is connected to) or “critical errors” (standard error logs) will be exaggerated to sound extremely serious. In reality, your computer is likely (mostly) OK.

Ultimately, they’ll offer to fix the issues for a fee, often requesting payment via gift cards for services like Google Play or Apple Music. This method prevents you from reversing the transaction.

Any “services” they provide usually involve installing free software like Malwarebytes Anti-Malware, with limited – if any – effect on your device’s operating condition. Meanwhile, you might have been tricked into parting with hundreds or even thousands of dollars. We’ve encountered many victims of this scam, some losing thousands of dollars.

Although this scam can begin in various ways, it often starts with an email supposedly from Amazon, PayPal, or another trusted service. These emails typically claim that an order is being processed, displaying an amount you’ve supposedly paid or agreed to pay. They can be pretty convincing and might even show an item you “purchased” that seems legitimate. These emails usually provide a phone number to cancel or dispute the order. A variant of this scam commonly starts with a cold call, claiming to be about a tax liability with the IRS. The specifics can vary, so we won’t delve too deeply into the details, but the basics are similar.

If you call the number provided, the person on the other end will ask to connect to your computer to process your “refund remotely.” Generally, they’ll have you log into your banking website, then temporarily blank your screen (the remote access software can black out your view) while “confirming details.” In reality, they’re live-modifying the webpage you’re on, a process that’s a bit complex to explain but essentially involves editing the appearance of elements on the page without permanently modifying its code.

They’ll add a line to your transaction list on your banking site, showing the purchase amount. Meanwhile, they’ll also mentally note how much money you have in your account. They need to know your available funds to determine how much they will scam you. They’ll then show you the screen again, indicating where you supposedly purchased the item and asking if you want a refund. After you confirm, they’ll claim to process the refund, blanking your screen again and adding another line to your banking transaction history, this time for a refund, but with inflated figures.

Following this, they’ll ask you to confirm that the refund was for the correct amount. They’ll feign shock and distress when you point out the overpayment, begging you to return the excess amount. They may offer to let you keep some of it in exchange for your “trouble”, asking you to withdraw cash from your bank and mail it to an address they provide to “avoid documentation”. These addresses usually belong to intermediaries who take a portion of the money before depositing the rest into an account controlled by the scammers.

Due to a “refund” for something you never purchased, you’ll be left without money and no means of getting your money back.

This scam preys on human fears while showing you private information only you should know. Compromised services and websites occasionally leak account credentials onto the internet, including your email address and password. It’s crucial to use different passwords on every service and to change them occasionally, especially after a data breach involving a service you use. Hackers can easily find these credentials in ‘pastes,’ typically on the dark web but sometimes on the clearnet. You can check the website haveibeenpwned.com to see if your credentials have ever been compromised.

You’ll typically receive an email resembling a ransom letter. The sender claims to have installed malware on your computer, knowing all your information and proves this by showing you one of your passwords. Remember, they obtained this password (and your email address) from one of these credential pastes. It may or may not be a password you still use, but it will be familiar to you, lending the email credibility.

They’ll also state that this malware allowed them to see the websites you visit and record your camera, complimenting your taste in pornography. Then, they’ll threaten to forward a video of you to all your friends, family, and even your boss unless you pay a certain amount, usually via cryptocurrency.

This threat intimidates many people we meet, regardless of whether they consume pornography. However, it’s crucial to remember that this is a scam. While they may have access to your old password, they haven’t accessed your browsing history or camera. Your privacy remains intact.

Separating fact from fiction is a skill everyone develops over time, and no one is immune to scams. Even the senior tech at The Computer Cellar once fell for a PayPal phishing email. However, avoiding panicking is the most crucial thing when encountering a potential scam. Take a moment to evaluate what you’re seeing, consider whether it seems legitimate, and seek a second opinion if needed. Use another device to research whether it’s a common scam or contact a friend or a computer repair shop for advice.

Additionally, staying informed about technology news can help you identify new threats and scams as they arise.

Our number one rule for avoiding scams is simple yet crucial: DO NOT ALLOW ANYONE REMOTELY TO CONNECT TO YOUR COMPUTER UNLESS YOU PERSONALLY KNOW THEM. Do not grant them access regardless of who they claim to work for or represent. Following this rule significantly reduces the risk of falling victim to scams.

If you’ve fallen victim to a scam and the scammers accessed your credit card or bank account directly, most banks are experienced with these situations and can assist you in securing your accounts and recovering the lost funds. However, the recovery process may be more challenging if you made payments via gift cards or cash.

Regarding your computer, removing any remote access software that the scammers may have installed is crucial. We recommend having your computer checked by a reputable shop like ours to ensure that all traces of the software are removed, as some remote access tools can be challenging to detect. Additionally, it’s wise to have your computer scanned for other malware or adware, as falling for one scam often indicates susceptibility to others.

Learning from the experience is essential. While no one likes to admit falling for a scam, sharing your story with others, especially within your community or neighborhood mailing list, can help raise awareness and prevent others from becoming victims. Don’t be ashamed—mistakes happen, but by providing details of your experience, you can help others recognize similar scams in the future.

If you’ve lost money or been deeply involved in the scam process, consider reporting it to the Federal Trade Commission (FTC) using their online form. While it may be challenging for authorities to act against foreign-run scams, every report raises awareness and potentially prevents future scams.

After the ordeal, you may find satisfaction in supporting efforts to combat scams. Scam baiters like Kitboga, Pierogi, and Jim Browning dedicate their time to educating the public about these scams while creatively disrupting scammer operations. Whether it’s wasting their time on prank calls or exposing their activities to authorities, these efforts help protect potential victims and hold scammers accountable.

Remember, while the internet has become safer in many ways, it still poses risks, and no antivirus software can fully protect you from online threats. Staying informed and vigilant is your best defense against scams, so continue educating yourself and others to stay safe online.