top of page

11 Most Common Types of Online Scams and Tips to Protect Yourself From It

Updated: May 31, 2022

By Sabrina Loh

When we were kids, our parents told us not to talk to strangers. But as the world evolved to become more technologically advanced, it’s ironic that we now talk to strangers all the time.

Take ride-sharing apps like Uber and Grab for example — we literally get into strangers' cars and lead them to our doorsteps. And even Instagram or Tinder where we ‘befriend’ strangers through the internet and sometimes meet them in person.

Whether online or in the real world, stranger danger is still a real threat.

Instead of dangers lurking in isolated alleyways or dodgy neighbourhoods, danger can also be found in our inboxes, social media accounts, and favourite websites.

Cybercrime is criminal activity carried out using a computer, electronic device, or the internet. It can be committed by cybercriminals, hackers, and even criminal organisations.

By learning the signature patterns of the most common cyber scams, you can be better prepared to face cyber threats when they inevitably occur.

Read on to learn more about the 11 most common cyber scams in 2022.

Cyber scams:

How scammers masquerade as BigPay

Tips on how to avoid online scams

The bottom line


What it is: Phishing is a type of cyber attack designed to steal user data, such as login credentials and credit card information. The attacker masquerades as a trusted entity to trick you into opening a malicious email, text message, or direct message.

Believing the source is trustable, the victim clicks on a link which leads to the installation of malicious software which steals sensitive information.

These links can also redirect you to malicious sites designed to look legitimate (such as a bank website), where you’re prompted to enter your username and password. It’s through this scam that the attacker gains access to your account.

How to spot it: This type of social engineering attack usually impersonates trusted and popular companies to create a sense of security. Sometimes, these scammers even create fake social media accounts with many followers to lure unsuspecting victims in.

Take your time to review the email and message to spot inconsistencies in spelling, grammar, and misspelt names.

Before clicking on any link, hover your cursor over it to check the full URL that can be found in the bottom left corner of your screen.

Use your deduction skills to assess if this link is to a real or scam website. If you feel suspicious, Google it to find an explanation. Other victims might have experienced this scam beforehand and reported it on social media or on platforms like Reddit.

Shopping scams

What it is: These scams are based on fake companies that pretend to sell you products that they have no intention of ever fulfilling. You’ll even get the confirmation email after payment, but you’ll never receive the product.

You’ll often find these scams in your email inbox or on social media, where you’re offered major discounts or high-end luxury items at a low price.

You’ll then be directed to pay for it through an electronic funds transfer.

How to spot it: Do your research to see if these products are being sold elsewhere, as these fake websites might have stolen photos from other brands.

Look out for customer reviews and try contacting the company if you’re unsure. If you can’t reach anyone, that’s a big red flag.

You should also try to make payments through secure payment platforms such as PayPal, Visa, and Mastercard to ensure that your money is going to the right place.

Image from


What it is: Similar to the shopping scam above, form jacking uses fake shopping websites to steal your credit card information.

This can also happen when a legitimate e-commerce website is unknowingly hacked, so you’re redirected to a different URL to make payment. It will look similar, but it’s actually stealing your information.

How to spot it: Spotting formjacking is a lot trickier. The best way to spot it is to double-check the URL to make sure you’re on the same website you came from.

The fake URL is often changed ever so slightly, such as adding or removing an alphabet, to avoid detection.

An example of this is Maybank, which was recently the target of formjacking. The fake website looked identical to the original, except for the missing trademark and variation in the URL.

Identity theft on social media

What it is: According to a recent survey, social media has become a gold mine for scammers. As sharing our personal lives on the internet becomes more commonplace, it becomes easier for scammers to steal your photos and personal information to create fake social media profiles of you.

Using these fake accounts, scammers reach out to your friends and family to ask for money. For instance, telling them that you’re struggling to pay rent and asking for help, or raising funds for a charity and asking for donations.

Your loved ones may think that they’re sending money to your bank account, but in reality, it’s going into the pockets of these scammers.

How to spot it: If you haven’t heard from your ‘friend’ in a long time and they’re asking for money, it’s advisable to be wary. If you have another way of getting in touch with them, please do so to double-check the legitimacy of their claim.

Never click on any suspicious links either.

Fake anti-virus software

What it is: You’ve probably experienced a random pop-up on your computer when you’re browsing through the internet. This pop-up usually tells you that your computer is now infected with a virus, and you’ll be instructed to download anti-virus software.

This type of scam wants you to download their nasty software, which will give you a virus, malware, or ransomware.

How to spot it: Real antivirus software takes care of any threats quietly in the background. Any pop-ups with flashing lights that pressure you to urgently take action are most likely a scam.

When in doubt, do not click.


What it is: It’s reported that 1 in 5 relationships begin online. Unfortunately, scammers take this as an opportunity to target people who are looking for love.

Catfishing takes place when a scammer creates a fake identity for the purpose of starting a relationship. They form a connection with you until you ‘fall for them’, then they use this relationship to scam you out of money.

An extreme example of this is Netflix’s recent documentary on The Tinder Swindler, who wooed women online and conned millions of dollars out of them.

How to spot it: If this person is too good to be true (Tall, handsome, filthy rich, heir to a business empire, and flies exclusively in private jets — you get the gist), be on guard.

Pay attention to any inconsistencies in their profile, and observe if they’re rushing to move the relationship along. It’s also a huge red flag if they won’t meet you in person.

Lottery or freebies

What it is: You’ll often find these scams on social media or through email claiming to give out freebies to popular stores such as Starbucks, and Zalora, or announcing that you’ve won the lottery.

When you click on them, you’re led to a site where you are prompted to enter your personal information to claim your freebie, or to input your banking information so they can ‘wire’ your lottery winnings.

This scam is more effective than you’d think because it plays on people’s desire for free things.

How to spot it: If you’ve never entered a lottery or giveaway, it’s probably a scam.

Skill or talent contests

What it is: With social media taking attention-seeking to new heights, a popular new scam involves contests on social media where you’re urged to compete in music composition, dance, artwork, or modelling.

These scams require you to pay an entry fee to participate, and it promises you more cash if you win.

How to spot it: Do some research on the contest. If you can’t find much information about the contest online, it’s most likely a scam. You should also never pay to enter any dodgy competition.

Account failure

What it is: If you’ve received an email from a service you use claiming that there’s a problem with your account that you need to fix urgently, it could be a scam.

This popular scam masquerades as your favourite companies, such as Netflix or Amazon claiming there’s a problem with your payment information, or your local mail delivery service claiming your package is stuck at customs.

How to spot it: Do some research online for an explanation. If you can’t find anything, it’s probably a scam. You should also try contacting the company through the contact information on their website to double-check their claims.

WFH scam

What it is: Scammers know how much people love the idea of making lots of money from doing nothing and working from home.

In this scam, scammers contact you through email, LinkedIn, or social media, claiming that you can earn thousands of dollars a day from doing next to nothing, such as shopping online or filling in a simple survey.

However, to get started, you might have to pay for your ‘training material’, after which you’ll never hear from them again.

How to spot it: If it’s too good to be true, proceed with caution.

Fake charities

What it is: These scammers have a special place reserved in the inferno underground as they take advantage of people’s kindness.

They’ll usually reach out to you after or during a major disaster or catastrophe, such as an earthquake or war, asking you to donate money to their charity.

But these charities don’t exist and the money you donate line their pockets.

How to spot it: Only donate to reputable charities and keep a lookout for a list of approved charities that official authorities will usually publish.

How scammers masquerade as BigPay:

Where there is money, there will always be crime. Unfortunately, BigPay, like any other financial institution, has also been the target of cyberattacks.