Not too long ago, we had a client who emailed us regarding a domain renewal invoice they received from a very legitimate-sounding company. Thankfully, they ran it past us first, and we were able to tell them that we already manage their domain and renewal for them, and that they should disregard the email.
However, this led to a bigger conversation internally about how clients could end up as the victims of increasingly sneaky internet scams.
We’ve collected the most popular and concerning internet scams we see floating around. Falling prey to these scams might make you feel a little silly, and some can come with big repercussions, but regardless, it’s important to take extra precautions to protect yourself and your business from internet scams, and we’re here to tell you how.
Scam: Domain Pain
Target Victim: Anyone who owns a domain name is a potential victim.
Modus operandi: While we mentioned this scam above, the details of how this happens are quite important. Often, the scammer may utilize a WHOIS look up to find the domain owner’s email associated with a website. From there they can easily mock up an invoice that looks like a legitimate domain renewal notice. The phony invoice will usually come from an entity calling itself “Domain Listings Services” or a similar-sounding, generic domain management company.
How to avoid: If you receive an email from one of these companies, the quickest course of action is to look up the email address or sender name with the word “scam” next to it. You can also check your domain registrar to verify whether you are set up for renewal. If you aren’t sure or don’t remember where your domain is registered or hosted, you can look up that information through a WHOIS search. If you aren’t sure, don’t hesitate to reach out to Culture Foundry for advice on how we can ensure that your domain and DNS records are correct and up to date. The most important thing: never click on any links and never pay the invoice sender. If you owe money on your domain, log directly into your registrar and verify/pay your renewal fees there.
Scam: Surprise! It’s an invoice!
Target Victim: Anyone who manages sending or paying vendor invoices.
Modus operandi: This is a wild one, and one that happened to one of our clients. Someone purchased a domain that was one hard-to-notice letter different from the real domain. (Think of a “0” instead of an “O” or a lowercase “L” instead of a capital “I”.) From there, they set up an email client using the bogus domain and sent a fraudulent invoice to a Culture Foundry client. It looked eerily similar to a real invoice! Our client, thinking it was an email for a legitimate invoice, nearly paid it before questioning things. Fortunately, the transaction was questioned and rejected before it was paid.
How to avoid: If you own a domain that you use to send emails, it is important to purchase variations in domains that could be used to impersonate your staff. For example, if your domain is culturefoundry.com, we’d recommend purchasing the .net, .org, and other variations in spelling that look and sound similar, like “culturedfoundry.com” and “cuIturefoundry.com”. (Note: That last example has a capital “I” where a lowercase “L” would be.) This will protect your staff and clients from becoming victims of this rather insidious scam.
When paying your vendors, it’s wise to question any invoice received outside a regular invoicing cycle, or that requests payment for inconsistent dollar amounts or product/service descriptions that don’t mirror your traditional billings from that vendor. Most businesses consistently invoice during the same time of the month, so if something seems off, it’s best to trust your gut and remember to give things a thorough look before paying.
Scam: Congratulations! You won a free phishing trip!
Target Victim: Anyone engaging with email, social media, and/or text messages
Modus operandi: You’re happily scrolling through the latest updates on your social media feed when a text or notification pops up. “Congratulations! You’ve been chosen, you’re a winner, all you have to do is just ‘click here’.” Maybe it is for a cash reward, a trip to some exotic destination–or these links may even look like a legitimate way to “login to your PayPal account”, etc.
As the saying goes, “nothing in life is free.” Clicking that link or other enticing messaging may be more costly than it seems, as it could result in you sharing your personal information with hackers, downloading malware to your device, or even exposing your contacts to the risk of falling prey to the same scam. These links are called phishing scams, and they seem to be everywhere.
How to avoid: Though you may have seen a few of these, they continue to get sneakier and sneakier. The best policy is to not click anything from a source or person that you don’t recognize. As we mentioned above, it’s easy to spoof popular companies’ online personas and trick users into clicking those phishing links. If a suspicious email is encouraging you to “log in” to a website that you believe to be legitimate, it’s best to type that site’s URL directly into your browser and access the bonafide site that way.
Scam: Trust no one, especially your great aunt Bernice
Target Victim: Anyone on social media
Modus operandi: A little red notification pops up on your social media, alerting you that you have a new friend or message request. You click and see that it’s from someone you already thought was in your social network. Perhaps, they tell you they lost access to their original account? Something seems off, though. They request help from you to get their account back by logging in somewhere, or helping them out financially.
How to avoid: The best way to avoid this scam is to directly contact the person sending you a message or invitation. This will also alert them in the event someone is impersonating their account. Whatever you do, though, interacting with that person’s new (or old) account may get you into trouble.
Scam: Warning! Tech Support
Target Victim: Anyone with a device connected to the internet
Modus operandi: The scam often starts with a strange pop-up warning message on your computer. “Warning! Suspicious Activity Detected. Contact Tech Support Now at 1-555-223-3325.” This alarming message may look very legitimate, even matching the UX of your device. Whatever you do, do not call or click the message, and DO NOT give anyone your personal or financial information.
How to avoid: If you have an active virus or have been given access to your device from clicking on a suspicious link (see above), then it’s best that you do not engage or negotiate with whoever that message came from. If rebooting your device in Safe Mode doesn’t clear the message, then you might need to take a trip to the repair counter for this one. We guarantee it will be cheaper than negotiating with a scammer.
Scam: Add to Cart.. and the dark web
Target Victim: Anyone shopping online
Modus operandi: You may have recently browsed for a product online. Suddenly, you are inundated with companies serving you targeted ads. Many of the names of these stores are not well known, and often have product images that look like they’ve been gathered from various places around the web. However, the price seems right, so you go to “Add to Cart”. Entering your personal details and credit card information could cost you more than your bargain was for. If you’re lucky you may receive a ridiculously terrible knock off of the item you thought you’d purchased. Some may even never receive their items, and limited contact information and non-existent customer services makes getting your money back a headache. However, inputting credit card information on a scam e-commerce site may end with identity theft and more.
How to avoid:These fly-by-night e-commerce stores often have warning signs. These warning signs often include too good to be true prices; slapped together products, often with images that feel like they are heavily photoshopped or taken from elsewhere on the internet; and confusing or limited information on the company. We recommend doing your due diligence before purchasing by researching unknown companies on the web, using an intermediary service like PayPal who can make sure you get your money back for fraudulent purchases, and verify the origin and age of the site by utilizing a WHOIS lookup (mentioned above).
This is a short list, and every day, scams change and scammers get smarter and sneakier. Sometimes, the speed of innovation at even well-established tech platforms leaves the door open for mischief. You may have seen the news about the thousands of fake Twitter Blue accounts created after the social media network, now under entrepreneur Elon Musk’s ownership, briefly introduced a pay-for-verification program that allowed imposters to set up accounts to impersonate well-known politicians, celebrities, and brands. The task of avoiding online scams can seem overwhelming, but staying aware, educating yourself, and trusting your intuition will go a long way toward helping you safeguard yourself, your family and friends, your coworkers, and your place of employment.
If you want to learn more about avoiding the most common internet scams, contact Culture Foundry and make sure you and your website are protected from scammers. If you feel you may have stumbled upon a scammer or have been victim of a scam, you can report fraud to the Federal Trade Commission at https://reportfraud.ftc.gov
Culture Foundry is a digital experience agency that helps our clients elevate their impact with beautiful technology. We provide the expertise and insight at every layer that makes a great digital experience for websites and applications possible. If you're committed to elevating your digital experience, contact us and we'd be happy to schedule a chat to see if we're a fit.
(Psst! We also happen to be a great place to work.)