The latest online phishing scams and how to avoid them

Online scams are unfortunately a natural part of being on the internet, whether it's on your phone or your laptop/computer. And while there are common scams always in circulation that everyone should be aware of, new ones pop up all the time, which is why we put together a guide on all the latest scams you should watch out for, so you can keep yourself protected. Be sure to check on this guide every month as we update it for any new scams – how to spot them, how to avoid them, and even how to report them.

STOP! Paying for phone service

With TextNow, you get unlimited talk & text, plus essential data, for $0/month. Stay connected without paying a penny on your phone bill.

Download Now Download Now

Download Now

Scan QR code or select store link

• 
• 
• 

1. QR Code Scams

While QR codes themselves are not new, the rising prevalence of them in phishing emails is.

What is a QR code scam?

These phishing scams come in many flavors, but the bait is the same – regardless of the context of the email, the ask is to scan a QR code to download an app or a tool.

Email sent to a TextNow employee from a scammer claiming to be IT.

This tactic involves embedding malicious links within those QR codes that can direct you to a website that's designed to either steal your information or install malware.

How to spot a QR code scam

The good news about this kind of scam is that it's really easy to spot – find the QR code. It can't be hidden or shown as anything other than a QR code.

How to avoid a QR scam

The simplest advice is to not engage/interact with any QR codes (or links!) in an unsolicited email, even if it looks like it's coming from a verified source.

In this case, since the sender masqueraded as IT support, the easiest step to take is to message IT support directly and ask them whether this is a legitimate request or not.

2. Business Email Compromise (BEC) Scams

The QR scam example listed above actually falls into two categories – a QR scam and a Business Email Compromise (BEC) scam, as it impersonates a trusted partner at work.

What is a Business Email Compromise scam?

In this scam, you will receive an email from a spoofed work address (an email address that looks like it's coming from either a colleague or department at work), and the ask within that email can vary. The most common one is impersonating an executive or the CEO and asking for a transfer of funds or purchasing of gift cards, under the guise of an urgent business matter. But some can get even trickier, like this one a TextNow employee received from their CEO, "Derek Ting."

Email sent to a TextNow employee from a scammer claiming to be the CEO, Derek Ting.

This one is especially tricky, because it takes you away from the ecosystem of your work email (where their replies may be identified as spam), and on to your mobile phone number, so that they can extract either sensitive information from you, or ask for a transfer of funds in a less regulated space.

The common phishing email people get (and have led to significant financial losses) is their CEO or other top executive asking them to buy gift/VISA cards for them, with links/codes they provide (which supposedly will be reimbursed.) So you pay to activate those gift card codes with your money, never get reimbursed because it's a scam, and they get to walk away with loaded gift/VISA cards for free.

How to spot a BEC scam

As scammers become smarter, spotting the scams becomes harder. While at first glance, these emails may appear legitimate, if you look closely at the address, it will never truly match your work's email signature. For example, it may say "[email protected]" but you know that your real IT department's emails come from "[email protected]."

Another way to spot it is through the context of the email itself. While AI is helping some scams appear more legitimate with better, sometimes even more personalized, writing, most scams will still read like they're a scam. There will be phrases or words used that are too forced, like "hope you are doing well," "kindly," and "warm regards." But they will also always have an urgency to them, and whenever you see that, take it as an immediate red flag.

How to avoid a BEC scam

The simplest way to tackle this type of scam is to directly message the person the email is impersonating to confirm it did actually come from them. It's very important to note that this does not mean replying to the email. Open up a new email draft and email that person (or department) directly. If your workplace uses tools like Teams, Google Chat, or Slack, use those for a quicker and more easily verified response.

3. Immigration Scams

This is an especially egregious one, as it preys on the vulnerable during an ongoing political issue.

What is an immigration scam?

There are a few different variations of this scam that span across social media, email, and phone. The commonly used tactic is to impersonate an official from an agency such as the U.S Immigration and Customs Enforcement (ICE), contact people via email or phone, falsely claim there are visa or immigration issues and pressure the victims to make urgency payments via gift cards, cryptocurrency, or wire transfers.

On social media, these same fraudulent parties pretend to be attorneys or law firms, offering help with immigration paperwork or guaranteeing work permits, green cards, or citizenship in exchange for payment.

How to spot an immigration scam

When it comes to anything that is government related, do not trust anyone or any communication that doesn't come from an official channel.

Some of these might be hard to spot, but know that you can verify an attorney's license via the American Immigration Lawyers Association or the US Department of Justice Accredited Representatives List.

As soon as you see that any payment is being asked for, especially if it's using a non-traditional method like a wire transfer or a gift card, immediately cease all communication.

How to avoid an immigration scam

Like in any other scam where the scammer is impersonating an established institution, always look up that said institution's official website (not the one listed or mentioned in the scam email/text) and contact them directly to verify if the offer is legitimate.

A guide to phishing scams

What is a phishing scam?

A phishing scam is any scam that tried to draw out your personal information. It will come in the form of an email or text message that asks you to follow a link to verify your information. This is usually under the pretence of verifying your account due to "fraudulent activity," such as from a bank, a credit card institution, or even a shipping company like UPS or Fedex.

How to identify a phishing scam

Don't feel bad if you fall for a phishing scam – more than 300,000 people did too globally in 2021 (the last year we could find a statistic on this).

The name of the game is to always be safe, not sorry. Even if the email or the text looks legitimate enough, call them yourself. Don't take the chance by clicking on an unknown link or giving away any personal information when you're not the one that contacted them first.

How to prevent phishing scams

While email and phone/text services have gotten a lot smarter in the past several years, combining AI and other algorithmic methods to stop spam and possible phishing content from ever going through, those on the other side – the scammers themselves – have also gotten smarter and learned how to circumvent some of those guardrails.

There is no perfect way to prevent a phishing email or text from coming through to your phone, which is why it's important to learn how to identify and avoid them when they do come in.

If you have any questions or comments, send us a note at [email protected]!

Frequently Asked Questions about phishing scams