Online scam taxonomy: the many ways to trick us
Online scams have become more and more sophisticated during the past years. And while scams and scammers have been around pretty much always, the online world has created the perfect environment for them. Online scammers have found ways to make money by tricking people, which creates incentive to develop new scams.
As the world has shifted from face-to-face interactions to online connections, online scammers rarely even need to meet their victims. They can often just automate the process and target masses of potential victims from the safety of their homes. However, some online scams still require direct interaction with the victim – but even then it’s often much easier than before, thanks to modern technology.
Scam taxonomy
Because there are so many different types of online scams, we have compiled a list of scam taxonomy, shortly explaining what these scams mean. It’s important to stay vigilant against these threats, so it’s easier to avoid them.
Scams can be systematically categorized based on different factors such as their characteristics, methods, attack vectors and their underlying strategies. We’ve broken down the scam taxonomy to 4 main groups, which are methodology-based scams, target-based, AI-based and platform-based scams.
Methodology-based scams
Phishing scams
Phishing scams are fraudulent attempts to obtain sensitive information – like usernames, passwords, and credit card details – by posing as a trustworthy entity, often via email, phone calls, or fake websites. Phishing scams can be further categorized into the following subcategories:
Phishing emails are a common method used for tricking recipients into revealing personal information or clicking on malicious links or attachments.
- Smishing
“Smishing” is a term derived from SMS Phishing which is a form of text message scam. A scam text might impersonate a bank or a government entity claiming an urgent need for account verification. Smishing tricks individuals into sharing sensitive information or clicking on malicious links, similar to email phishing but via text messages.
- Quishing
Quishing is a term derived from QR Code Phishing. It’s a type of phishing attack that uses a fake QR code to deceive victims into disclosing sensitive information or downloading malicious software.
- Vishing
Vishing is a term derived from Voice Phishing. Scammers use phone calls/voice phishing to impersonate legitimate entities, often using threats or urgent scenarios to manipulate individuals into disclosing personal or financial information. A common example is technical support calls about a Windows PC.
Financial Fraud
Deceptive scams designed to trick individuals or organizations into providing money or sensitive financial information all under false pretenses. Financial fraud is designed to exploit victims mainly for monetary gain.
- Shopping Scams
Shopping scams involve fraudulent online stores or sellers offering goods at attractive prices, but either never deliver the products, or then provide counterfeit or inferior items. Victims might pay for items that never arrive or don’t match the advertised descriptions.
Find out more: 4 sneaky online shopping scams
- Pyramid & Ponzi Schemes
Pyramid Schemes are fraudulent attempt to make money solely based on recruiting new participants to the chain. The structure of a pyramid scheme resembles a pyramid, with a few individuals at the top who expand the base by recruiting people below them. Participants are typically required to make an initial payment or investment to join, with fake promises of significant returns as reward for recruiting others.
Ponzi Schemes are an investment scam where returns are supposedly paid to current investors using funds provided by new investors. This misleads investors into thinking that profits arise from genuine business activities, whereas they come from the contributions made by new participants.
- Investment Fraud
Fraudulent schemes promising high returns on investment, often using fake companies or businesses to lure victims into investing.
- Loan Scam
A scammer requires borrowers to provide an upfront fee – but does not give the promised loan after getting the fee.
- Debt Relief
Offers related to debt reduction. This includes fake discounts offered to students to settle their study loan. Scammers often target people facing substantial amounts of debt, such as credit card debt, medical bills, or other financial obligations. The scammers exploit the vulnerable financial situations of their victims by claiming to provide effective solutions for debt relief.
- Real Estate Scam
Fake real estate listings for rental properties or properties for sale, mainly aiming to extract money or personal information from interested parties.
Impersonation Scams
Scammers impersonate a trusted person or entity to deceive victims into providing money, information, or access to sensitive data.
- Identity Theft
Identity theft occurs when someone steals your personal information or possessions so they can use your identity such as name, social security number, or financial details, with the intent to commit financial fraud, gain unauthorized access to resources, or engage in other deceptive activities. These scams often involve tricking or manipulating individuals into divulging their sensitive information, either through online methods, social engineering, or other deceitful tactics.
Emotional Manipulation
Exploiting emotions to gain money or personal information.
- Romance
Exploiting emotions to gain money or personal information through fake romantic relationships.
Read more: Is online dating safe?
- HealthCare
Offering deceptive health products through fake medical treatments and promising miraculous cures.
- Lottery
Lottery or Sweepstakes Scams occur when victims are told they need to pay fees or provide personal information to claim a prize, which they never receive.
- Charity
Asking for donations to fake charities or causes, especially after natural disasters or during times of crisis.
- Sextortion
Blackmailing a victim or threatening to publish nude images or videos, unless the victim pays a demanded price.
More details: Sextortion scams are trending. Here’s how to deal with them.
Online Tech
Pretending to provide tech support to gain access to a device or to get money.
- Tech Support
Scammers impersonate tech support agents, claiming issues with the victim’s computer or device, and offering to fix them for a fee. Scammers use this method to install malware or steal personal information.
Target-Based Scams
Individual
Scams targeting specific individuals for financial gain or personal information
- Gaming
Targeting gamers to steal their accounts for financial gain.
Voting scams is a type of gaming scam first appeared in 2022 and are used to steal Steam accounts. The attack starts in a Steam or a Discord channel, with a message appearing to be from a friend, asking the victim to follow a link and vote for their team. The link directs to a phishing page. Once they click on it, their Steam account goes to the attacker.
More details: The social and gaming platforms most popular for phishing in 2023
- Tax Scams
Emails or fake calls pretending as tax authority demanding payment or personal information.
- Job Scams
Scammers creates fake job offers that aim to exploit job seekers by requesting upfront payment for training, background checks, or other fake expenses. They also pose as employers or recruiters reaching out to victims with a fake job offer and request their money or personal information.
Business
Scams targeting companies, businesses or organizations for financial fraud, data theft, or ransom demands.
- Ransomware
Deploying malicious software to infiltrate a computer system or network, encrypt data, and request a ransom payment from the victim in return for restoring data access. This deceptive practice involves coercive tactics, wherein attackers threaten to permanently delete or restrict access to the victim’s files unless the demanded ransom is paid. Ransomware scams may focus on individuals, businesses, or governmental organizations, frequently taking advantage of software vulnerabilities or employing social engineering methods to gain system access.
- Whaling / Spear Phishing
Whaling or known as CEO Fraud is a type of spear phishing targeting high-profile individuals like CEOs or executives. Attackers aim to trick these individuals into authorizing financial transactions or revealing sensitive corporate information.
Elderly
Elderly scams exploit the vulnerabilities of older individuals, often through phone calls or emails, taking advantage of their trust or lack of familiarity with technology.
- Government impersonation
Scammers call an elderly person impersonating a government officer (IRS, social security administration, Medicare, etc.). Imposters may also warn about unpaid taxes and then threaten with immediate arrest or deportation. They may also threaten about Medicare benefits being cut.
- Grandparent
Scammers call and impersonate a grandchild or other close relative pretending to be in a crisis, asking for immediate financial assistance. Sometimes these scammers “spoof” the caller ID to make an incoming call appear to be coming from a trusted source.
Often the imposter claims to have been in an accident or arrested. The scammer may ask the grandparent “please don’t let mom and dad know,” and may hand the phone over to someone posing as a lawyer seeking immediate payment.
- Funeral Scams
Scammers read obituaries and call or attend the funeral service of a complete stranger to take advantage of the grieving partner by claiming the deceased had an outstanding debt with them. Scammers will try to extort money from relatives to settle the fake debts.
- Romance Scams
Scammer creates fake social media profiles and lures single lonely elderly people. Scammers may pretend to be overseas and once a friendship has been established, demand money for visa, medical emergencies, etc.
- Pension Scams
Scammers offer elderly people better returns for pension savings by transferring or releasing their pension funds.
- Illegal RoboCalls
Unwanted spoofed calls claiming to represent legitimate organizations, government agencies, or financial institutions to trick individuals into providing sensitive information or participating in fraudulent schemes. Alternatively, unsolicited automated phone calls that deliver prerecorded messages or use an automated system to connect the call to a live operator, often with the intent of promoting scams, fraudulent activities, or other deceptive schemes.
- Lottery Scams
Scammers call and pretend that the elderly person has won a lottery prize. Later they demand money, cash or gift cards to claim their winnings to supposedly cover taxes and processing fees.
Platform-Based Scams
Online
The fraudulent activities take place across online platforms.
- Travel
Fake vacation packages which offer hidden fees or non-existent accommodations.
- Utility
Impersonating utility companies to demand immediate payment or threaten with service disconnection.
Tricking individuals into unwanted subscriptions or memberships by offering free trials that automatically convert into paid subscriptions.
- Social Media
Deceptive or fraudulent activities that take place on social networking platforms. These scams exploit the trust and engagement within online communities to trick users into providing personal information, money, or engaging in other actions that benefits the scammer.
Social media scams can manifest in various forms, targeting users on platforms such as Facebook, X (Twitter), Instagram, LinkedIn, and others.
- Pet
Fake pet adoption listings where scammers request payment for pets that don’t exist or aren’t in their possession.
Phone Calls
Conducted through fake phone calls, including tech support scams, tax authority scams, and impersonation scams.
Mail / Postal
Fraudulent schemes delivered through traditional postal or mail services, such as lottery scams or fake prize notifications.
AI-based scams
AI Powered Phishing
- AI-generated text can be used to create more sophisticated phishing emails or messages.
- Scammers using AI generated phone scripts to impersonate customer service representatives and trick individuals into providing sensitive information.
- With the use of AI, scammers can mimic the writing style of someone the victim knows or trusts, making it more convincing and harder to detect as fraudulent.
Spam & Scam Content
AI-generated content could flood platforms with spam, scams, or fake reviews/comments, impacting the credibility of information available online.
Social Engineering
AI can assist in social engineering attacks by analyzing vast amounts of publicly available data to craft more targeted and convincing scams, exploiting personal information to gain trust.
- Social Media Manipulation
AI can assist in social engineering attacks by analyzing vast amounts of publicly available data to craft more targeted and convincing scams, exploiting personal information to gain trust.
Fake Content Generation
AI can be manipulated to create highly convincing fake news articles or misinformation, influencing public opinion or causing panic by disseminating false information. Using AI to create fake content such as deepfakes, fabricated images, or videos.
- Image & Voice Manipulation
With the use of voice cloning, scammers can impersonate trusted individuals, such as friend or family members, to trick victims into giving them money or personal information.
Scammers use AI to clone voice pretending like your close one is in danger and demand ransoms. They can convert any message into the voice of your loved ones in real time. All they need is some actual audio of your voice, which is not that hard to find nowadays, thanks to social media.
- Celebrity Scam
Scammers pretending to be celebrities and promoting fake money-making schemes with the help of AI-generated image and video.
Fraudsters may use the likeness, name, or reputation of well-known individuals or celebrities to trick people into taking certain actions, such as providing personal information, sending money, promoting fake products, urging others to engage in fake investment or to participate in other fraudulent transactions.
Scammers may use a celebrity’s name to create fake charitable organizations, soliciting donations for fictitious causes.
- Deepfake
Deepfakes are the manipulation of facial appearance through AI generative methods.
With the help of advanced AI techniques, particularly deep learning algorithms, scammers can create realistic and often deceptive video or audio content. The term “deepfake” is a combination of “deep learning” and “fake.” Deepfake technology can manipulate or replace existing content, making it appear as though individuals are saying or doing things that they never actually did.
- Fake Chatbots & Virtual Assistants
Scammers can create AI-powered chatbots that impersonate customer service representatives of legitimate companies to extract sensitive information from unsuspecting individuals.
- Fake News
AI can be manipulated to create highly convincing fake news articles or misinformation, influencing public opinion or causing panic by disseminating false information.
More details: What is Fake News? – How to spot fake news
Categories