Most common scams on the internet

The 20 most common scams on the internet: find out how to protect yourself from them

wanessa alves avatar
People posing as someone else on WhatsApp, fake job offers, and suspicious messages from Mercado Livre are some of the main scams. Look!

A few years ago, the most common scams were carried out through telephone calls, sales of non-existent products or when leaving banks. As information and communication technologies evolve, new forms of scams emerge and, unfortunately, every day more people become victims of scammers.

Most likely, you know someone who fell for some type of scam on messaging apps, where the criminal pretended to be a friend or family member of the victim telling a story and requesting money to be sent via Pix. According to a survey by fintech financial protection Silverguard, in 2022 more than 1,7 billion Pix scams.

Most common scams on the internet.
Most common scams on the internet.

According to a survey carried out by companies AllowMe, icarros, Itaú, OLX, Only, Who e Zoop, and presented during Security Week, around 80 thousand scams were applied between January and September 2023 when buying or selling products online, such as smartphones, clothes or electronics.

Still according to the study, the three most applied types of scams were the false payment (54%), account hacking (22%) and fake ad (21%). In Latin America, Brazil is second only to Mexico in the number of recorded digital crimes.

Observing the rate of scams by Brazilian regions, the Southeast is the region with the highest number of cybercrimes, followed by the South region. The study also shows that the majority of victims are men (73%) aged up to 31 (71%).

Check out the 20 most common types of virtual crimes in this article and learn how to defend yourself against each of them. At the blog ExpressVPN you can see other very common scams and how to protect yourself from them.

Phishing

Most common scams on the internet. Phishing
Image: Depositphotos

Phishing It is one of the oldest scams applied on the internet, dating back to the 1990s, when email communication began to be accessed by more people. The word Phishing is an adaptation of English fishing, which means 'fishing', making an analogy with fishing for information.

Through messages sent by email or SMS, cybercriminals pretend to be trusted companies or people and ask the victim to click on a link or send personal data to resolve something, win prizes or pay an invoice. The scams are always well designed, and the emails are identical to those from real companies, making it difficult to identify the veracity of the information at first.

Using the fishing analogy, the objective is similar to the act of fishing: the criminal launches the 'bait', a fake email or SMS asking the receiver to click on a link or send personal data. When the victim falls for the bait, cybercriminals obtain card data, account login information and even install malicious software on the victim's smartphone or computer.

But how to find out if an email is or not Phishing?

Crime, no matter how well prepared it is, always leaves traces that help to identify what is true and what is not. Therefore, always observe the message and the spelling of the URL, checking whether the link is the same as the company's or not and, above all, whether you are being redirected to the indicated page or to an unknown location.

In the case of invoices, always observe the amounts and contact the bank using reliable numbers that you are sure belong to the banking institution. Remember that no bank contacts you asking for passwords or personal information.

Never click on links in emails or text messages from unknown sources; stay alert and avoid clicking on windows pop-up and do not provide personal information via email to strangers. If you receive an email from a known source but it appears suspicious, contact the sender to confirm the accuracy of the content.

Smishing

Most common scams on the internet. Smishing
Image: Depositphotos

Increasingly, all personal data and information is stored in mobile device applications, such as messaging applications, banks, social networks, clouds, emails, among others. This provides an opportunity for criminals who only need one click to hack and defraud all accounts installed on the smartphone.

One of the types of phishing attacks is smishing, which occurs through text messages sent via SMS or messaging apps. The objective is to convince the victim to provide personal data through fake websites or by responding to the message with the requested information.

To convince the victim, the criminal pretends to be organizations or contacts known to the victim and sends a message with a convincing and personalized context, offering a free service, surreal discounts, participation in sweepstakes or even congratulating the victim for winning a prize for which has not registered. All of this with the aim of manipulating decision-making and convincing them to provide the requested data to 'earn' these rewards.

Another common type of smishing is the sending of false invoices, purchase confirmations or people pretending to be attendants from famous stores, such as Apple, Amazon and Mercado Livre, warning about errors in product orders and providing instructions to resolve the problem. You have to be very careful, as it could be a scam!

In 2020, for example, a text message campaign appeared posing as a supposed chatbot da Apple , asking people to confirm some data because a supposed purchase made by the customer had been delivered to the wrong address.

The link redirected the victim to a website where the person could claim a free iPhone 12 as part of an early access trial program, but asked for credit card information to cover a small shipping fee. In other words, blow!

To avoid going through situations like these, always be suspicious and:

  • Do not respond to suspicious messages; In some cases, even asking to 'stop' receiving texts can be a way for criminals to understand that the contact is active and send even more messages.
  • Have you received messages from banks or other institutions? Call the alleged sender, but remember to call a trusted number and not the one listed in the message, as this could be part of the scam.
  • Do not click on links contained in messages; look for information on official websites.
  • Never store account numbers and bank passwords on your cell phone and never provide this data via text message to anyone.

A practical and automated way to prevent possible virtual crimes is by installing applications to protect against malware that can come from fake links and public Wi-Fi, for example. Furthermore, the use of VPN servers (Virtual Private Network) reliable services can ensure that your data will not be seen and captured by hackers and other people or institutions with bad intentions.

Ransomware

Most common scams on the internet. Ransomware
Image: Depositphotos

Unlike the two scams mentioned previously, ransomware is malicious software that 'hijacks' and blocks the victim's computer, demanding money or crypto assets in exchange for ransoming the information. According to a survey carried out by IBM Security X-Force Threat Intelligence Index By 2024, 17% of cyberattacks recorded in 2023 were ransomware crimes.

There are several types of ransomware attacks, between them:

  • Blocking ransomware: All of the victim's devices are blocked and basic functions are affected. To regain access to the operating system, that is, to have full access to the devices again, the victim will need to pay the ransom.
  • Encrypted ransomware: In this case, the hijacking involves individual user files. The information is encrypted by the criminal, who usually releases the code needed to decrypt the data only after the ransom is paid.

For example, in 2018, American healthcare provider Wolverine Solutions Group fell victim to a ransomware scam. The malware installed on the company's servers encrypted a large part of the customers' files. During about a month of investigations, forensic experts managed to decrypt and restore the data, however, much information was lost and it is not known exactly where it went.

The ways in which each attack occurs can be classified into four types:

  • Leakware/doxware: confidential data is stolen and may or may not be encrypted. The cybercriminal threatens to release them publicly if the ransom is not paid.
  • Mobile ransomware: Ransomware software is sent via mobile device applications or installed when the user performs direct downloads.
  • wipers: the criminal threatens to destroy the data if the ransom is not paid. In some situations, files are destroyed even after payment.
  • Scareware: uses ways to scare and persuade the data owner through messages posing as recognized institutions, such as public security organizations, accusing the user of alleged crimes and demanding the payment of false fines.

Although individual attacks are better known, cybercrimes against companies are also common. In these cases, using a reliable antivirus is a way to avoid the installation of malwares on corporate computers. Furthermore, it is necessary for organizations, whether public or private, to adopt prevention measures against cybercrime, guiding and qualifying employees to avoid situations such as Wolverine Solutions Group.

pyramid schemes

Most common scams on the internet. Pyramid scheme
Image: Depositphotos

The pyramid scheme is one of the oldest in humanity and also one of the most famous. Basically, people are invited to participate in businesses with the promise of high profitability and rapid growth in the company. This is precisely the weak point that makes people believe they can change their lives, leading them to fall for the pyramid scam.

The rules are always the same: the more people you manage to attract to the business, the bigger the base of the pyramid will be, and the more earnings you will have, advancing levels within the company and gaining benefits such as cars, trips and prizes.

As it has been a known crime for years, it is not difficult to recognize a pyramid scheme. If you receive job offers with surreal earnings and guaranteed returns, with extra bonuses or prizes for each new client or person referred to the system, be suspicious. The lack of information about the products sold or the company responsible are also factors that should trigger an alert.

In Brazil, since 1951, the financial pyramid has been considered a misdemeanor crime against the popular economy. According to the paragraph IX of Law No. 1.521/1951, “obtaining or attempting to obtain illicit gains to the detriment of the people, or an indeterminate number of people through speculation, or fraudulent processes” is a crime and can result in imprisonment of up to six years and a fine.

However, the legislation is old and does not cover scams carried out on the internet. Currently, it is being processed in the Constitution, Justice and Citizenship Committee (CCJ) of the Federal Senate o Bill (PL) No. 3.706/2021, which provides for a sentence of up to eight years in prison for financial pyramid crimes and digital fraud, including crimes involving cryptoactives and online payments.

Cryptocurrency fraud

Most common scams on the internet. Cryptocurrencies
Image: Depositphotos

In 2023, several news emerged about famous and anonymous people who lost thousands of reais in fraud related to the purchase and sale of cryptocurrencies. Among the victims are fighter Acelino Freitas, known by his nickname Popó; model and stylist Sasha Meneghel; and former football player Magno Alves. They lost millions of reais when investing in digital currencies from companies like braiscompany, Rental Coins e Xlandrespectively.

Although cryptocurrencies involve a different type of trading, the model for attracting new investors is similar to the traditional pyramid scheme, with promises of high returns. For example, the braiscompany offered up to 8% return.

According to a survey carried out by the InfoMoney, between 2018 and 2023, around 23 cryptoactive companies were accused of being financial pyramids and caused a loss of approximately R$40 billion in Brazil, affecting almost four million people.

Therefore, when deciding to invest in cryptoactives, it is important to research whether the company is trustworthy and uses blockchain technology, that is, if it has adequate mechanisms to transparently monitor all digital currency transactions. Furthermore, be wary of extraordinary returns that are far above those offered by the market.

Fake investment offer

Most common scams on the internet. False investment
Image: Depositphotos

In every fraudulent action, what attracts potential victims are quick returns and extremely advantageous values. After all, who wouldn't want to participate in a business that promises to change your life almost overnight? In these cases, it is important to remember the old popular saying: “when the alms are too much, the saint is suspicious”.

A survey by Brazilian Securities and Exchange Commission (CVM) showed that proposals for financial investments are mainly concentrated on social networks, with the seller being someone “known” to the victim, such as an influencer or someone close to them. During the first year of the pandemic, more specifically between January and October 2020, the CVM registered 298 complaints related to fraudulent investments.

Therefore, before investing in something, seek out as much information as possible about the item or company in which you intend to invest. Check whether the company is regulated, whether there are lawsuits against it and always be wary of returns that are higher than those of the market in general. 

Fake job offer

Most common scams on the internet.
Image: Depositphotos

Every day, text messages with job offers coming from unknown numbers with codes from different countries or even from Brazil are received by tens of thousands of people. 

The offers are sent by supposed managers of some multinational and offer good salaries for work in a home office, where the employee will not have much effort and will not need to spend a lot of time on the job. 

If you receive a message like these characteristics, beware! 

As in the vast majority of cases, these types of messages are received via WhatsApp, so do not respond to the sender, as there is a risk that the criminal will try to hack your number and carry out other scams. Remember to activate two-factor verification and set strong passwords to protect your accounts, whether on WhatsApp or social networks like Facebook and Instagram. 

And, finally, never click on the links provided in the message. Access the official page of the company in question or contact them to find out if the proposal was actually sent by them. 

Fake online store (fake e-commerce)

Most common scams on the internet.
Image: Depositphotos

The exponential growth of e-commerce stores has become a form of income for many, however, it is also a field of opportunities for cybercriminals. According to a survey by axur, in 2021, 25.133 pages of Phishing, the number was 36,4% lower than in 2020, where more than 39 thousand cases of fake online stores were recorded. 

During festive seasons and national promotions, such as the Black Friday and Cyber ​​Monday, the risk is even greater, as it is at this time of year that more sales pages appear with the aim of capturing customer data. In the last quarter of 2022, Axur identified 7.010 fake pages. 

Additionally, always check the company’s credibility. This can be verified by a quick search on Google and "Reclame Aqui". Another factor that must be observed is whether the website’s domain has https. The 's' is a security certificate assigned to the website. 

Fake restaurant or hotel profile on Instagram

In recent years, social media has been frequently used to promote businesses such as hotels and restaurants. However, while these networks open up business opportunities, they are also susceptible to the creation of fake profiles.

These fake profiles promote sweepstakes and promotions that attract many people interested in leisure time, and, as a result, cybercriminals are able to deceive countless people in the name of companies that do not even know that they are being used to carry out scams.

Through these ads, fake profiles send messages to victims asking them to click on a specific link and provide personal data in exchange for a prize or the chance to participate in a sweepstakes. As a result, the victim's social network account is hacked, and criminals begin sending messages to followers, friends and family asking for money.

Therefore, always be wary of incredible promotions coming from dubious profiles. Investigate and look for the official page.

The same type of scam can also be applied via WhasApp, check the details

Fake profile on dating apps

Most common scams on the internet.
Image: Depositphotos

In an increasingly connected world, the use of dating apps, such as Tinder, to meet new people and, who knows, future partners, is welcome. But like other social networks, here the 'distrustometer' needs to be always on, as gangs take advantage of users' emotional fragility to carry out virtual scams, known as sentimental fraud

After the conversation becomes more established and the victim becomes more involved with the criminal, the requests begin. And they range from loans, payment of invoices to sending intimate photos, which are later used by the embezzler to blackmail and get something in return. In this type of scam, there is also the practice of Phishing, by sending malicious links aimed at stealing data and passwords. 

Person pretending to be someone else on WhatsApp

People posing as others on messaging apps like WhatsApp is, at the moment, the most common scam on the internet. The method of action is almost always the same, the criminal creates an account with a user's photo and name and starts sending messages to friends and family requesting money to pay a bill or make an urgent purchase. 

In some cases, the victim has their WhatsApp number stolen and loses access to their account on the application. Using the data and contacts, the criminal carries out several scams in the name of the victim. 

To avoid this type of crime, the recommendation is to enable two-factor verification, which can be activated in the application settings. This makes it difficult for people with bad intentions to act. 

And if someone contacts you asking for money, call them directly (avoid WhatsApp calls) and confirm the situation before taking any action. 

Fake email from banking institutions

In the context of banking institutions, scammers pretend to be representatives of recognized banks and send messages requesting passwords and account data. In more elaborate actions, criminals inform that information cannot be sent via SMS or WhatsApp, copying the style of official communications from the bank in question. Finally, criminals ask the victim to respond to the email with personal data.

The entire message is written with a tone of urgency and warns about possible unauthorized access or withdrawals that were made to the account. It's clearly a scam.

In a note, the Banco do Brasil (BB) clarifies that “BB does not have an exclusive browser. If you receive an email on behalf of Banco do Brasil requesting any action of this type, the advice is to contact the manager or service office via Fale com o BB”.

Furthermore, the recommendation is:

“If you receive an email from your bank asking for some action, open a page on the internet and access the website directly, typing the official address in the browser bar (do not use addresses saved in favorites). Or open your bank's app to search for the information or message in question, or contact the institution via one of its official phone numbers.”

As a way of raising awareness among account holders, the Bank of Brazil created a YouTube series on digital security, illustrating various situations and teaching how to identify and report each one of them. Check out!

A CEF is also carrying out explanatory campaigns about virtual scams.

Fake password recovery message 

Most common scams on the internet.
Image: Depositphotos

If you receive an email or notification informing you of a password recovery link, but you did not request it, do not click. The chances of it being a scam are almost 100%. 

In situations like this, access your profile on the social network or website and check if your account is normal, if everything is ok, just ignore the message. But if there is something wrong, immediately report it to the platform and take the appropriate steps to change the password.  

Scams involving the name of Mercado Livre

Most common scams on the internet.
Image: Depositphotos

Internet scams involving company names are, unfortunately, common. And when it comes to large companies like Mercado Livre it is even more common. Of the attempts to Phishing The two most recurrent are the following:

Fake Mercado Livre seller

As it is a marketplace platform, negotiations on Mercado Livre can take place directly with sellers registered on the site. However, it is important to be careful when following the steps indicated by the seller when making a purchase, as he could be a charlatan trying to scam you.

O modus operandi It's almost always the same. A person interested in a product contacts the (fake) seller and begins negotiation. The two agree on the amount and the customer makes the payment as instructed by the fake seller. After confirming the deposit, the criminal disappears and the product is not delivered.

To avoid situations like these, always check the seller's reputation. Furthermore, do not make payments outside the platform; Always use Mercado Livre's own payment resources.

Fake free market email

In this type of scam, the messages consist of false alerts about registrations on websites, errors in purchases or pending data verification. Generally, the objective of these emails is to convince the person to provide personal data, allowing criminals to obtain customer information to carry out other crimes.

In a note published by Mercado Livre na Seller Center, the company clarifies that “no Mercado Livre representative will ever contact you to request passwords or security codes.”

Mercado Livre also advises: “If someone contacts you by phone, ask for the employee's name, that person's registration number or any other data that helps identify them. Then, immediately contact Mercado Livre's official communication channels to confirm the veracity of the information.

Credit card fraud

Most common scams on the internet.
Image: Depositphotos

In Brazil, according to Nubank, credit cards are the second most used payment method for purchasing products or contracting services. Whether in virtual or physical stores, using a card is often the first option to make payments.

Despite the ease provided by using the card on a daily basis, there are also risks of scams. Among the most common frauds are:

  • A false center: Disguised as a bank employee, the criminal contacts the customer and claims that the card has been cloned. During the call, the fake attendant says that the institution will need to collect the card for analysis. To do this, a motorcycle courier goes to the customer's home to collect the card. This is a scam! No bank contacts customers to collect cards or personal data through third parties.
  • O machine scam: During in-person purchases, the fake seller uses faulty machines to get the customer to swipe their card, at which point the data or money is stolen. With contactless cards, the criminal can claim that the card was not accepted, forcing the customer to insert the card, and then the card data and codes are stolen. Therefore, never accept swiping your card on machines with problems and, if you need to insert the card, pay attention!

Check out Serasa's tips and, once again, always be alert for proposals or calls requesting personal or card information.

Fake bank transfer scams

Similar to the fake center scam, a fake attendant contacts the victim and informs that there has been unusual movement in the person's account. From there, it requests various information such as passwords, card codes and other personal data. By answering these questions, the victim provides the scammer with the data necessary for him to commit fraud, clone the card, take out loans and carry out other fraudulent actions in the victim's name.

Most common scams on the internet.
Image: Depositphotos

However, some details of the scam make the victim have doubts about whether the call is really from the bank, as during the call the criminals provide various personal details, such as full name, CPF, date of birth and, in some cases, even the address. However, no bank will contact you asking for passwords or card codes. If this happens, it's a scam! Never provide this type of information to strangers, whether in person or over the phone.

A Civil Police of Paraná advises that, if you are the victim of a scam of this type, immediately register a police report. Registration can be done online, on your state's civil police website, or in person at the nearest police station. In addition, contact the banking institution and inform them of what happened.

Sweepstakes scams and fake contests

Another old scam in the square is the fake draw. It works like this: a stranger contacts the victim informing them that they were included in a draw and won a car, for example. But to receive the prize, she will need to deposit an amount into a specific account, as according to them, this amount will be used to cover some expenses for collecting the car. 

In the euphoria of the moment, the victim ends up depositing the requested amount and only at this moment does he realize that he has just fallen for a scam. 

The recommendation of the delegate of Tocantins Civil Police (PCTO), Evaldo Gomes, is that when receiving this type of call or message, the person contacts the company informed to verify the existence of the draw. “Hardly a company offers prizes over the phone or asks customers to make deposits into bank accounts. For mobile phone users, the best tip is to control greed and use the minimum amount of good census. Do not deposit any amount in a bank in order to receive a prize”, explained the delegate in a publication on the PCTO website. 

Inheritance Offer Email (Nigerian Prince Scam)

Anyone who has dealt with legal procedures to receive inheritances knows how bureaucratic it is to receive any amount or assets from deceased loved ones. Therefore, the scenario where a government institution or a 'guardian' of a large fortune contacts you to inform you that you are the heir to a million-dollar fortune from a Nigerian prince, is strange to say the least, isn't it?

But this is the plot of a scam that has been circulating on the internet for decades. In this case, the criminal also informs that to receive the inheritance, it will be necessary to pay an amount to cover the costs of the international transfer. The crime has a name, and it is called advance payment fraud. 

Therefore, regardless of the history, prize or inheritance, under no circumstances, make any false advance of money to strangers or acquaintances. 

Cloned GSM chip scam

Most common scams on the internet.
Image: Depositphotos

In addition to the cloning of cards and WhatsApp numbers, there is also the cloning of phone chips, including those we use with our phone number, known as GSM chips, an acronym for Global System for Mobile Communication.

Device cloning takes place using the IMEI code (International Mobile Equipment Identity), a series of unique numbers that identifies the device, similar to the chassis of a car. In this case, the code is 15 digits long, and you can check yours by calling * # # 06 on the device itself.

On dual chip cell phones, there will be more than one IMEI associated with the smartphone. When a chip is cloned, the criminal can make calls, access the internet and use the cloned cell phone's plan or credit.

If you identify that your number has been cloned, contact your telephone operator and record what happened; change all application passwords and file a police report at the nearest police station or online.

According to Serasa, in case of proven fraud, the user will not be able to be charged nor will they suffer the burden of the situation related to the contracted plan. In 2007, the Anatel (National Telecommunications Agency) published the Personal Mobile Service Regulation; Check the document to find out your rights and the legal protection you are entitled to.

See also: 

How to protect yourself from a ransomware attack

People over 50 are the most deceived by photos and videos generated with AI

Sources: Express VPN, CNN, E-commerce Brazil, Serasa, IBM, Senate, Caixa Econômica Federal, Banco do Brasil, Mercado Livre, Valor, Axur,  Tocantins Civil Police, Civil Police of Paraná and InfoMoney. 


Discover more about Showmetech

Sign up to receive our latest news via email.

Leave a comment

Your email address will not be published. Required fields are marked with *

Related Posts