Cyber Brew: Why we fall for online scams and how to avoid them

Why people still fall for scams

Aleksandra: Online scams seem to be everywhere these days — from fake shopping sites to phishing texts. Why do you think so many people still fall for them, even when they've heard the warnings?

Justina: Scammers constantly improve their tactics and create new ways to trick you into sharing your personal information with them or giving them your money. Technology keeps evolving, and scammers evolve right alongside it.

Meanwhile, people struggle to keep up with all these changes and new security measures, which creates the perfect storm for successful scams. Add in our tendency to rush through online tasks without paying close attention, and you can see why even the most cautious people can still fall victim to online scams and phishing attacks.

Scams are almost always psychological and prey on our most human emotions — fear, loneliness, greed, or FOMO. You might want to snag that great deal on a dream purchase you’ve been saving up for. Or you might be looking for a partner in online dating apps and suddenly start getting texts from someone who seems to be just perfect. Even the most careful people can let their guard down if scammers catch them at the right emotional moment.

Recently, Mastercard conducted a survey that showed 7 out of 10 people feel it’s easier to secure their physical homes than to protect their digital information online. This sentiment rings true — so many more attack vectors exist online compared to the physical world that keeping up becomes a challenge.

Scams always prey on victims’ most human emotions — fear, loneliness, greed, and FOMO.

The scammer’s playbook: Most common threats right now

Aleksandra: What are some of the most common online scams targeting everyday consumers right now? And how can people spot the red flags before it’s too late?

Justina: Overall scam statistics never paint the full picture. People often don’t report scams because they might not even realize they fell for one, or they feel ashamed about it. Therefore, many cautionary tales never get shared.

Phishing calls and messages

Justina: Phishing is easily one of the most common scams and seems to never go away, probably because it works so well for scammers. Phishing happens when you get an email, a text, or even a direct message that looks legit. It might say it’s from your bank or a delivery service. But someone’s actually trying to steal your personal information, logins, or financial details.

According to our research on scam experiences, receiving phishing calls and messages ranks as the second most common scam tactic — our February 2025 survey found that 39% of NordVPN users have encountered this type of attack, which is why they’re turning to various cybersecurity tools for help. 

How do you spot a phishing email or text message if you have no cybersecurity tools available at the moment? While bad grammar used to be a telltale sign, AI has made phishing messages much more sophisticated and convincing. Instead, ask yourself — did I expect this message? If you get a delivery notification but haven’t ordered anything, or congratulations for winning a lottery you never entered, that’s your red flag right there. Especially if the unexpected message delivers an urgent request. If there’s also a link, hover over it before clicking and see if the address matches the legitimate service that’s supposedly contacting you.

Investment scams

Justina: Investment scams are easier to spot in some ways. They always promise crazy returns with no risk, but finance doesn’t work that way. Whether it’s “crypto experts” on Instagram or people messaging you about NFT opportunities, they all use the same playbook — pressure you to act fast. Watch out for pressure to invest on the spot, promises of “guaranteed profits,” or anyone claiming they have secret knowledge just for you — these signal a crypto scam. 

Fake online shops

Justina: Fake shopping websites look almost professional these days. So how do you spot them? They typically offer deals that are just too good to be true. For example, they might lure you in with absurdly cheap electronics or designer items with massive discounts.

These deals should make you suspicious, right? Well, scammers work hard to put all your suspicions to rest. That’s why most of these fake shops feature tons of glowing reviews (all fake, of course), legitimate photos stolen from real sites, and a super-easy, super-quick checkout process. You pay and wait, but your goods never show up.

To avoid falling for fake online shops, pay attention to three things: payment method, customer service, and prices. Does the retailer ask you to pay using sketchy methods like wire-transfer? Does customer service consist of just a generic contact form (or nothing at all)? And are the prices unbelievably low?  If you answer “yes” to at least one of these questions, leave the website and never return.

Scammers typically offer deals that are just too good to be true.

Tech support scams

Justina: Tech support scams are also very common. They mostly target adults, with seniors making up the vast majority of victims. Tech support scammers prey on your fear and confusion. You might get a scary pop-up or even a phone call claiming there’s an urgent problem with your computer or bank account. These scammers typically want to “help” by getting you to install remote access software. While they might sometimes ask for payment to “fix” the issue, their main goal is often just getting access to your computer so they can steal your passwords, banking information, and personal data directly from your device.

If anyone contacts you out of the blue about an IT problem you didn’t know existed, asks for access to your device, or pushes you to pay for urgent “repairs” — end the conversation.

Romance scams

Justina: Unfortunately, even dating apps and social media platforms aren’t safe. A NordVPN survey showed that 24% of Americans have faced romance scams. We conducted the survey in 2023 and see no signs of the trend going away. 

Scammers can spend weeks or even months building a fake relationship online, sharing sob stories, and playing with your real emotions. Whatever their relationship with you, romantic or otherwise, they’ll eventually create an “emergency” and ask for your help. They don’t want just any help — they want money. Or gifts, preferably big ones.

Online dating scams play on one of your deepest desires as a human being — to have a meaningful connection with another person. That’s why they can hurt more than just your finances. So how can you recognize them? Stay extra cautious if someone you haven’t met in person asks you for money, no matter how close you feel emotionally. Also, consider it a warning sign if the person wants the relationship to move way too fast — that’s a red flag whether they’re a scammer or not! Finally, take declarations of love with a grain of salt if they come from someone you’ve only texted or exchanged voice messages with. Real trust comes from experiences, not words.

Social media: A scammer’s paradise

Aleksandra: Social media has become a hotbed for scams — from fake investment offers to impersonation accounts. What steps can users take to stay safe while still enjoying these platforms?

Justina: Social platforms are brimming with scams. You might see fake giveaways, random investment advice from strangers, or even fake accounts pretending like they belong to your friends or family. Scammers also love sliding into your DMs with links or urgent requests.

Stay skeptical of messages where someone asks you for money or personal details out of the blue. Especially if you don’t know that person. And even if you do know them, contact the person through a different channel to make sure they actually sent that message. For example, if you get a message from your cousin asking for an urgent loan, simply call them and ask if they really sent that message. 

Also, double-check the social media account that you’re suspicious of. Scammers can impersonate friends or even official organizations, so don’t just trust the name or photo. Examine their friends list and posts, see if they have followers, and look for anything that seems suspicious. If something feels off — trust your gut and don’t engage with that person or account.

Here’s the golden rule — never click on unexpected links, period. Especially if the message urges you to. And don’t share your passwords, banking information, or ID numbers in messages or emails, even if a friend seems to be asking. Ask yourself — why would my friend need this information? Why would my bank need this information? Contact the person or the institution directly and sort it out.

Take a breath. Scammers love pressuring you into making rash decisions. Their communication feels urgent and stressful for a reason. The counter-measure? Don’t rush, pause, and think before you react. If it feels off, do some digging first.

For technical protection, two-factor authentication works well. Enable it on all your accounts, wherever possible. It’s a pain sometimes, but it really does help. According to our latest Americans’ online security awareness survey, not having MFA enabled on the majority of accounts is the most common type of unsafe online behaviour across the USA. With MFA on, even if a scammer gets your password, they won’t be able to access your account because of the second authentication factor, such as a text message sent to your mobile phone or a code in your authenticator app that only you can access. 

What else can you do? Make reviewing your app privacy settings a routine. Apps change their rules all the time, so you should update your preferences accordingly.

Another tip that may sound like it comes from spy movies, but actually works — create a “safe word” with your family and close friends. If you ever get a suspicious emergency request, ask the sender for the safe word before sending help.

Also, keep your apps and antivirus software updated. Those updates may seem minor, but they actually patch security holes scammers love to use.

Finally, never pay anyone with gift cards, crypto, or wire transfers if you’ve only met them online. Even if it’s a tiny amount, and even if they promise a huge discount in exchange. Real companies and real friends won’t ask for money that way. And honestly, if an offer seems too good to be true, it probably is.

Here’s the golden rule — never click on unexpected links, especially if the message urges you to.

Damage control: What to do if you’ve been scammed

Aleksandra: If someone suspects they’ve been scammed or shared personal information by mistake, what’s the first thing they should do to limit the damage?

Justina: Report it to the relevant platform, for example, the social network you’ve been scammed on, and your bank. Contact your financial institution to freeze or monitor your accounts if you’ve shared financial details with someone you suspect of being a scammer.

Then, change your passwords, especially for email and important accounts, as soon as you can. Also, monitor your accounts for suspicious activity, such as unfamiliar charges, withdrawals you didn’t make, or changes to your personal details.

Most importantly, don’t let shame stop you. Seek help and report the scam so you can prevent further loss and maybe even protect others from falling into the same scammer’s trap.

Practical tips: Your anti-scam toolkit

You can take several steps to outsmart scammers and keep your money and information safe.

Before you click or pay:

• Pause and think when communication feels urgent.
• Hover over links to check if URLs look legitimate.
• Contact the person asking for help (or money) directly and double-check.
• Stay skeptical of unsolicited messages asking for money or personal information.

While on social media platforms:

• Enable two-factor authentication on all accounts.
• Review privacy settings for your apps and social media accounts regularly.
• Create a “safe word” with family and friends for emergency requests.
• Never share passwords, bank details, or ID numbers in messages.

Watch out for:

• Promises of guaranteed profits with no risk.
• Pressure to act immediately and intimidation suggesting you’ll lose out if you don’t.
• Payment requests via gift cards, crypto, or wire transfers.
• Professional-looking websites with suspiciously low prices.
• Unsolicited tech support offers.

If you’ve been scammed:

• Report the scam to the platform where it happened and your bank.
• Freeze or monitor your financial accounts if you’ve disclosed your financial information.
• Change passwords for all important accounts.
• Monitor your accounts for suspicious activity.
• Don’t let shame prevent you from seeking help!

Remember, scammers keep getting more sophisticated, but staying informed and maintaining healthy skepticism are your best defenses against online fraud.