Odd Links. Weird Emails. Gift Cards. Red Flags.

Let’s take a look at some common red flags.

Some scams might seem obvious and in your face, while others can be carefully crafted and difficult for anyone to detect. The following are a handful of common red flags that will help you identify a scam. The better you get at looking out for these, the less likely you are to fall victim to a scam.

Suspicious Links

It’s always best to avoid links sent via SMS/text from numbers you don’t recognize. It’s easy to disguise a malicious link as something benign, and this is far more difficult to identify in a text message than it is in email. Scammers can use URL shortening services to obfuscate the link address, and claim that the link will connect you to a legitimate platform or service. These links could contain malware that would infect your device with a computer virus, or direct you to a form designed to look like a legitimate platform in order to steal your data.

“Close examination of the sender’s email address can make the difference between a successful and a failed scam attempt.”

Emails may contain malicious links or attachments, both of which can serve to infect your computer and steal your data. However, email scams may be a bit easier to detect. Close examination of the sender’s email address can make the difference between a successful and a failed scam attempt. Only click on an email link if you are 100% certain that the source is legitimate.

Strange Email Addresses

This one isn’t always easy to spot. When in doubt, check the email address of the sender. Look out for addresses that don’t appear to be correlated with the agency they claim to represent, emails claiming to be from large agencies with addresses @gmail.com or @yahoo.com, or misspelled domains.*

Here are a few examples:

[email protected]

[email protected]

A “Microsoft” email coming from [email protected]

*The domain is the part of the email address that comes after the @ symbol, like “gmail.com” or “yahoo.com”.

It’s important to note that anyone can change the name that shows up when they send an email. For example, I could send you an email from my personal Gmail account, and I could change my name to make it say “Facebook Support”. Spoofing an email domain is possible, to make it look like it’s coming from @facebook.com, but it is considerably more difficult to do than changing the sender name. It would be much easier to purchase a similar domain that only looks slightly off, in the hopes that the victim does not notice, like @faceboook.com for example. This is a very common tactic that scammers use to trick their victims, which is why checking the actual email address and its domain is so important.

Unconventional Payment Requests

Perhaps the most glaring characteristic of a scam is a request for an abnormal mode of payment. Even if they are under the guise of a “personal transaction,” as many scams claim to be, many of the payment methods requested are still extremely unconventional.

Keep an eye out for requests for payment via any of the following four methods:

A legitimate company/agency will NEVER ask you to pay for something via gift cards, wire-transfer, or by shipping cash. If you are being asked to pay in gift cards, wire-transfer, or by mailing cash to someone, IT IS A SCAM. These payment methods will never be requested by above-board organizations. Giving gift cards or shipping cash, specifically, are extremely unconventional for personal transactions. While wire transfers may be used to send large sums of money for personal reasons, you’ll never need to send money via wire transfer to someone you have never met. If a family member or close friend is requesting help via wire transfer, make sure to contact this person through a second form of communication. This way you can verify that the message is, in fact, coming from them. It isn’t uncommon for scammers to impersonate close family members or friends and make requests like this.

Peer-to-peer payment applications, like Venmo, Cashapp, and Zelle, are more commonly used for personal transactions, but are also prolific tools utilized by scammers to steal your money. Like with wire transfers, there are almost zero scenarios in which you would need to send money via one of these applications to a person you have not met. If someone you have never met is requesting you to send money to them on one of these platforms, without meeting in person first, they are likely trying to scam you.

Scammers will often pretend to post listings on personal sale websites like Ebay and Etsy. If you were to try to buy one of their items, you would get a message with some sort of excuse that they can’t accept payment through the platform’s application. They would then request that you send them payment via an external peer-to-peer application. This is a scam, which attempts to circumvent the anti-scam protections in place when paying through legitimate personal sale applications like Ebay or Etsy.

Remote Access Requests

There are many tools available free to download on the internet that allow people to access computers remotely. While these are designed for professional, above-board applications, they are also frequently used by scammers to gain access to a victim’s computer. The following are three of the most common software applications that scammers use to trick victims into granting them remote access: AnyDesk, SupRemo, and TeamViewer.

At face value, there is nothing inherently wrong with any of these software packages. It is when scammers abuse these applications that the problem comes into play. These applications are frequently used in tech support scams, where the scammer will claim they need remote access to your device in order to resolve the issue. If anyone claiming to be tech support asks you to Google and download one of these programs, or something similar, you are very likely encountering a tech support scam and should hang up the call immediately.

Once they have gained access to your computer, scammers can search through your personal data, install viruses and malware on your device, and even lock it down or threaten to destroy it for ransom. Usually they will use these tools to open the system event viewer, or run a command like netstat on your command prompt. To the untrained eye, either of these tactics will show information and codes that may not mean much. The scammer will then take advantage of the lack of knowledge here and claim that these are showing computer/network viruses, and the victim must pay for the tech support service to remove the “viruses”. In reality, the computer is not actually infected, but they’ll use tools like these to convince the victim that it is.

This is also commonly used in refund scams. Scammers will use this to edit the HTML code of the victim’s bank page in order to convince them that an incorrect amount of money has been “accidentally” sent to them. For more on this and a quick example of the bank webpage editing technique, see the Home page video at the 15:57 minute marker.

Bottom line: if anyone you do not know is asking you to download one of these programs, they are trying to scam you.