In this article:
Identity theft and fraud protection for your finances, personal info, and devices.
How Do You Know If You’re Communicating With a Scammer?
With the help of artificial intelligence (AI) tools and massive amounts of personal data leaked in recent breaches, scammers are able to create believable schemes that put even the most savvy of us at risk.
While cybercriminals are getting better at how to target you, there are still common red flags that can warn you if someone is trying to scam you online.
As soon as you think you might be dealing with an online scammer, look for these warning signs:
- Requests for payment of any kind — especially via gift cards, cryptocurrencies, wire transfers, or other harder-to-trace methods
- Creating a sense of urgency — via threats, promises of rewards, or any other method that pressures you to act now
- Impersonating a trusted individual, agency, or company — such as the FBI, companies like Amazon, or your bank
- Suspicious links, attachments, or phone numbers, along with requests that you get in touch right away
The best way to stay safe online is to ignore and block scammers. But if you’ve already given up information or money, you can still take steps to protect yourself and recover lost funds.
12 Warning Signs That You’re Being Scammed Online
Almost every scam — from romance scams to phishing schemes and tech support cons — rely on the same or similar approaches.
Here are 12 warning signs indicating that someone is trying to scam you:
1. Unexpected messages on any platform
Consider any out-of-the-blue contact from a stranger to be a red flag. If you don’t know or trust the person in real life, any unsolicited contact is risky. Be especially wary of strange messages or friend requests on public platforms and messaging apps, like Facebook, Discord, and WhatsApp.
2. Requests for any form of payment
Very few legitimate organizations — including banks — ask for payment via text messages or email. If someone you just met online asks for money, the alarm bells should be ringing. Scammers often request payment via untraceable and hard-to-recover methods, such as gift cards, wire transfers, payment apps like Zelle, or cryptocurrencies like Bitcoin.
📚 Related: How Does Identity Theft Happen? 10 Risks (and How To Avoid Them) →
3. Threats of fees, fines, or jail time
Scammers often try to apply pressure to try and get you to act without thinking — one of their most common tactics includes threatening fines or even jail time. For example, you may receive a call or message from someone claiming to be from law enforcement (such as the FBI), or government agencies (such as the IRS), stating that you owe money or will face jail time for “missed jury duty” if you don’t pay up now.
Last year, two Ohio college students were arrested after threatening an elderly woman with jail time and convincing her to send them hundreds of thousands of dollars.
4. Requesting personal information
While most scammers are after a quick payment, others may try to obtain your personal details and use them to steal your identity. One common phishing scam tactic used by fraudsters is to claim they need to “verify” your sensitive information to reopen online accounts or secure you against hackers.
Watch for requests for these types of personal information:
- Social Security numbers (SSNs) or government ID details
- Financial information, account numbers, or credit card details
- Login credentials, passwords, or anything that would give someone access to your online accounts
Legitimate companies already possess your information and have secure channels to make updates. They won't ask for sensitive data via unsolicited emails or texts — especially one-time passcodes or data as private as your SSN.
📚 Related: What To Do If a Scammer Has Your Social Security Number →
5. Promising rewards or huge gains in investments
One of the oldest types of fraud involves "get rich quick" schemes, in which scammers lure victims with promises of early entry into new investment opportunities. Scammers who run investment scams often back up their claims with fake testimonials and official-looking documents. Some may even let you withdraw small earnings to lure you into sending them even more to “invest.”
Remember: there is no such thing as a guaranteed investment. If someone promises exceptional returns with minimal risk or effort, it's almost certainly fraudulent.
6. Suspicious or strange-looking links
Phishing attacks often include links that appear to be from legitimate sources. But if you click on one of these links, it may initiate a malware download on your device; or, the links direct you to convincing-looking fake websites through which scammers can capture your sensitive data, including credit card numbers.
Be cautious of any unsolicited links, especially ones that include:
- Misspelled domains (like "amaz0n.com" or "paypa1.com")
- Unusual domain extensions (“.xyz” or “.info” instead of “.com”)
- Long strings of random characters or numbers in the URL
Pro tip: Instead of clicking on any link, hover over it to preview the actual destination URL. When in doubt, manually navigate to the company's website directly.
7. Pressuring you not to talk to anyone else
Fraudsters don’t want you to talk to anyone else who may expose their schemes. If someone won’t let you off the phone, is pressuring you to act without allowing you time to think, or threatens your loved ones and family members if you talk to them, you’re dealing with a scammer.
8. Strangers trying to build romantic relationships
Romance scams start with fraudsters seeking out vulnerable targets on social media sites and dating apps. Posing as a love interest, romance scammers quickly build a connection with their victims and then manipulate them into sending money or sharing personal information.
Watch out for new online friends or romantic partners who:
- Quickly profess deep feelings for you, even though you’ve never met (this is called “love bombing”)
- Make excuses to avoid video chats or in-person meetings
- Describe dramatic events, like medical emergencies or travel problems
- Start talking about cryptocurrency and try to get you involved
📚 Related: How To Avoid Online Dating Scams & Romance Swindlers →
9. Fake fraud alerts, 2FA codes, or transaction confirmations
A common online scam tactic involves sending victims fake fraud alerts in order to get them to click on phishing links or call phone numbers. These scams typically begin via text messages designed to look like they’re from your bank — asking if you made a purchase or warning you that your account needs to be secured.
You may also receive:
- Password reset request emails or texts
- Two-factor authentication (2FA) requests
- Texts or emails containing one-time passwords
- Notifications that someone has logged in to your account
- A confirmation about a transaction on your account
If these messages are legitimate, someone may be hacking your account. However, the safest thing for you to do is reach out to the company or financial institution directly via the contact information on its app or website.
10. Messages from fake profiles and accounts
The anonymity of most online platforms makes them hotbeds for scammers. But there are some clear signs that you’re dealing with a fake profile on social media or a dating site, such as:
- Newly created accounts displaying minimal posts and connections
- Limited or vague profile information
- Attractive profile photos that look fake, stolen, or taken from a stock image website
Before engaging with unfamiliar accounts, examine profiles carefully and consider whether the content seems authentic. You can even try a reverse image search to see if the photo really depicts the person named in the profile.
If you receive a message from an account that includes any of the warning signs above, it’s best to block the profile to avoid social media identity theft.
📚 Related: Do Scammers Have Your Email Address? Do This Now →
11. “From” names that don’t match email addresses or phone numbers
Scammers frequently send phishing emails in which the display name doesn't match the expected email address. For example, an email might appear to be from "Amazon Customer Service" while the actual address reads, “amazon-support@mailservice123.com” or a completely unrelated domain.
Always check the full sender details, especially for messages requesting sensitive information or containing links. Legitimate organizations use official company domains in their email addresses — they do not use free email services or obscure domains.
12. Psychological tricks to get you to act
Hackers rely on deceptive psychological tactics, like fear and urgency, to knock victims off their guards. While it’s not always easy to recognize when you’re being manipulated, try to take a step back if ever you find yourself stressed out or anxious during an online or phone interaction. Inciting you to feel like this is usually a clear warning sign that someone intends to do you harm.
What To Do If You Accidentally Fall for an Online Scam
The signs of a scam aren’t always easy to spot — and there may be situations in which you accidentally fall for one before realizing it’s a trap.
As soon as you know that you’re a victim of an online scammer, act quickly to shut down the scam and minimize the damage:
If you get an email, text message, or phone call from a scammer:
- Avoid giving out sensitive information including your full name, address, phone number, or SSN
- Break off contact immediately by blocking the phone number or profile on your app
- Ensure that you have 2FA enabled to make it harder for anyone to gain access to your accounts
If you share personal information with a scammer:
- Place a credit freeze by contacting each of the three major credit bureaus individually. This security measure stops anyone from opening a new credit card or taking out a loan in your name. Here are the contact details for the three credit reporting agencies: Experian, Equifax, and TransUnion.
- Secure your accounts by creating new, strong passwords. Each one should be a unique, complex combination of uppercase and lowercase letters, numbers, and symbols. Also, enable 2FA by using an authenticator app.
- Report the fraud to the Federal Trade Commission (FTC) via the form found at ReportFraud.ftc.gov.
- File a police report to clear your name of any accusations. The FTC affidavit and police report will help you dispute fraudulent transactions with vendors and debt collection agencies.
If you send a scammer money:
- Immediately contact your bank or credit card issuer to cancel your cards. Look for the official contact phone number on the back of your credit or debit card.
- Examine your accounts for unauthorized or fraudulent transactions. Take note of all fraud — including details of transfers, amounts, and dates — with supporting notes to help the authorities investigate.
- Collect all supporting evidence, like emails, text messages, and other evidence of fraudulent activity found on your online accounts.
- File a police report. While it’s unlikely that you can get money back from gift cards or cryptocurrency scams, reporting the theft will help aid the investigation and may prevent others from falling prey to further theft.
- Block the scammer on all channels — but only after you’ve saved evidence of the scam, such as screenshots of conversations and profiles.
Identity Guard helps you safeguard your online accounts against the most sophisticated scams and cyber threats.
Identity Guard’s digital security suite includes credit monitoring, bank account protection, Safe Browsing features, and a password manager. If you get scammed, you’ll have access to $1 million in identity theft insurance, plus 24/7 support from a U.S.-based support team to help you recover.
