How to spot an online scam

As you spend more time online, engaging in a greater variety of activities and digitizing previously analogue aspects of your life, you entrust your personal information to online processes. This opens up avenues that scammers may attempt to take advantage of. Keeping yourself protected from fraudulent activity is increasingly important, since so much of day-to-day life is now dependent on electronics.

Scammers can be incredibly creative in their means of coercion, coming up with new ways to dupe intended victims. Probably the most common form of online scams is via email. The types of emails that you might receive vary massively, but there are a few key things to look out for. How, then, should you go about keeping yourself safe from scams? Here are some top tips on what to look out for, and what to do if you suspect you’ve been the victim of an online scam.

How to spot an online scam

Company misrepresentation

Many scam messages are designed to look like they come from a reputable company, but they often have some telltale signs that they could not be genuine. Be wary of messages you receive from companies that you don’t have an account with. Phishing is a numbers game. Bad actors cast a wide net, so it’s likely that your email address has ended up on a bulk list of targets, all of whom will have received the same message in the hope that some of you do have accounts with the impersonated company.

If you receive a suspicious message claiming to be from a company you do have an account with, be vigilant for signs such as poorly replicated logos, impersonal greetings — like “Dear Sir/Madam” — or dramatic statements about your account being frozen or in danger of being closed.

Check the sender

Sometimes scammers do an excellent job of duplicating official communications, which means it can be hard to spot a fake at a glance. Expand the message details to see what email address the message was sent from to determine if it looks like a genuine one.

Bear in mind that this isn’t always going to be effective. If a company employee has had their account compromised, scammers could be sending the message from an official source. This would be the exception rather than the rule, though. Usually examining the sender’s email address will be a good indicator of its trustworthiness.


Phishing scam emails often have spelling errors or poorly formed sentences in them. Especially if the message appears to be from a trusted source, like a business, remember that official communications are carefully constructed and edited to be free from mistakes. If you spot any typos or poor formatting this should raise a red flag.

Suspicious calls to action

A call to action (CTA) is the general marketing term for the prompt at the end of a message asking you to do something, such as click on a button or link. Phishing emails often have CTAs, but they will link to unsafe websites or force a download of a virus or malware. Do not click on these links. If you want to check the status of your account, access it via a new browser window and input your details only through the official login page.

What if I think I’ve fallen for a scam?

Unfortunately, the sophistication of contemporary phishing scams means that we are all susceptible to them. Anyone could inadvertently fall prey to one. If you suspect you may have done this: don’t panic.

Your first course of action is to report it. You can do this on the Federal Trade Commission website. Alternatively, if you think that you’ve spotted a scam email but haven’t fallen for it, you can forward it to the Anti-Phishing Working Group at this email address: [email protected]

These options will begin investigations into the suspecting email. But to ensure that your own systems are safe, run scans using any antivirus software you have installed. The best protection against phishing and other types of scams is to maintain a powerful security tool. Packages like Total Defense’s Ultimate Internet Security provide comprehensive protection across all your devices.