Online scams range from phishing emails impersonating banks to fake websites selling counterfeit goods. Common tactics include creating urgency, requesting personal information, offering unrealistic deals, and exploiting authority or trust. Recognizing warning signs—suspicious email addresses, grammatical errors, password requests, unexpected attachments—helps you avoid becoming a victim.
Review examples of common scam emails and identify red flags. Practice identifying what you'd do if you received a suspicious message.
You already know how to evaluate whether a source is credible — checking who's behind a website, looking for corroborating sources, questioning whether a claim makes sense. Online scams work by short-circuiting exactly that process. Their core technique is social engineering: manipulating human psychology rather than breaking technical security. Scammers don't need to hack your bank — they just need to make you hand over your credentials voluntarily.
The most reliable trick in a scammer's toolkit is urgency. "Your account will be closed in 24 hours." "You've been selected — respond now or lose your prize." Urgency shuts down the deliberate credibility evaluation you've learned to do, replacing it with panic. The antidote is simple: any legitimate institution — your bank, the IRS, a retailer — will give you time and a verifiable way to respond. If you feel rushed, that's a red flag, not a reason to comply.
Phishing is the specific form of scam that impersonates a trusted entity to steal credentials or money. The tell is almost always in the details: the sender's email address will be slightly off ([email protected] rather than [email protected]), the links will route to a lookalike domain, and the branding may be subtly wrong. Applying your source-credibility skills here means checking the actual URL before clicking, hovering over links to see the destination, and going directly to the known website rather than following links in messages. A legitimate email from your bank should be verifiable by logging in directly.
Scams also exploit authority and trust by impersonating government agencies (IRS, Social Security Administration), tech support (Microsoft, Apple), and family members in distress ("grandparent scams"). The psychological lever is that these are entities you're conditioned to comply with or help. Any unsolicited contact claiming to be an authority and requesting immediate payment, gift cards, wire transfers, or credentials should be treated as high-risk until you can independently verify the contact through an official channel you look up yourself — not a number the caller provides.
The hardest misconception to shake is that smart people don't get scammed. Scams are specifically calibrated to the target: a tech-support scam targeting seniors looks different from an investment fraud targeting financially sophisticated people. The common thread is that every scam catches you in a vulnerable moment — distracted, emotional, or encountering a scenario you haven't seen before. The practical defense is a personal rule: never provide personal information, credentials, or payment in response to *inbound* contact you didn't initiate, regardless of how legitimate it appears. Always initiate verification yourself through a trusted channel.