Understand the Basics of Scams and How to Protect Yourself

abstract image alluding to phishing

Scammers are everywhere, trying to steal money or valuable personal information from victims. And with our modern reliance on technologies like smartphones and the internet, chances are if haven’t yet fallen victim to a scam, you’ve likely been targeted by one — even if you didn’t realize it.

Let’s look at a few scam basics so you aren’t caught flat-footed when bad actors come your way.

What are scams?

Simply put, scams are plans designed to get victims to willingly give money or valuable financial or personal information to the criminal. Scammers will use a variety of techniques to get victims to do what they want, usually playing on one’s natural impulses — everything from wanting to help others to the desire for a quick buck. These techniques are referred to as social engineering.

Modern scams usually try to manipulate victims’ emotions so they’re forced to make a quick decision without thinking too much or too long about the situation. Sometimes scammers use recent headlines to fuel their scams. Other times, they’ll pose as your favorite retailer or even a family member in need.

At the end of the day, they’ll tell you anything if they think it’ll get them your money or personally identifiable information (PII). 

Understanding the terms related to scams

Since we’re going to reference a few terms, it’s best to define them and provide a few examples of each.

Social engineering

The reality is there are many places where criminals can get useful personal information. As mentioned above, scammers are constantly coming up with new ways to convince you to hand over your money and PII. A few techniques scammers use include: 

  • Familiarity: If you’ve seen someone or heard their name before, you’re more likely to trust they’re legitimate (e.g., an email claiming to be from a familiar company or a call allegedly from a local politician’s campaign team). 
  • Hostility: It’s human nature to avoid conflict by complying with aggressive people. If you consider someone a threat, you may be more likely to do what they tell you (e.g., a call from somebody posing as a police officer demanding a fine be paid in exchange for getting rid of an arrest warrant). 
  • Playing detective: It’s easier than ever for someone to gather information about you these days. By looking at what you’ve posted on your social media accounts, fraudsters may be able to discover your location and interests. They can also rummage through your trash for credit card forms and bank statements.

Scammers frequently apply their social engineering techniques in email, phone and text messaging scams — respectively known as phishing, vishing and smishing. 

Phishing

Phishers create emails that seem legitimate and rely on you to click the link provided. These emails are designed to look official and often create a sense of urgency so victims act quickly, clicking an embedded link before thinking. Those links typically send you to another fraudulent page, usually bearing legitimate business logos or brand names to further convince you of its authenticity. Phishing emails can also launch damaging malware or spyware that’s activated after clicking a link, sometimes without you even being aware. 

Phishing websites are designed to look like legitimate sites in order to fool visitors into inputting information, such as a credit card number, email address, phone number, Social Security number, etc. Anyone who’s convinced the site is genuine is more likely to divulge personal information to scammers. 

Vishing

Vishing, or voice phishing, is a form of phishing by phone. Scammers will pose as a bank representative, friend of a friend, restaurant employee or another trusted person in an attempt to steal your money or PII. The difference between phishing and vishing is the platform the scam is presented through. Today, rather than answering unexpected calls, it’s easy for everyone to hide behind a call screener, making vishing slightly less common than email or text scams. 

Smishing

Smishing is when a scammer sends links by SMS or text message to unsuspecting victims, similar to a phishing email. Given the shorter nature of a text message, smishing attacks try to get the victim to click on the link by offering more details to claim a prize or refund — or contain messages designed to create urgency.

Social engineering scams in the wild

Scammers have gotten quite good in their social engineering tactics, which means even the savviest cybersecurity professional can be tricked. 

Here are a few real-world examples to illustrate how bad apples are using social engineering to scam victims.

Imposter scams

As the name implies, an imposter scam is when the criminal will call, text or email you pretending to be someone they’re not. They may profess to be someone you know or trust — like a family member — or present themselves as a company you do business with or an authority figure like a government official or law enforcement officer.

For every persona they might adopt, they’ll have a different story to tell, such as:

  • A family member who’s traveling and lost their wallet or needs bail money
  • A tech support person supposedly fixing a problem with your computer
  • An IRS agent demanding you make a payment or face serious consequences

Here’s one thing to watch out for: If they’re looking for money, they’ll usually ask you to send a gift card or wire money.

Romance scams

For those looking for love, online dating apps can be a wonderful way to connect. For scammers looking for their next victims, these apps are hotspots where they prey upon the lonely and perhaps vulnerable. Bad actors create fake profiles on these apps, sometimes using AI-generated photos, and start trolling the site for potential marks. They tend to target older people because they’re typically more trusting and have more money.

The scammer starts messaging their victim and establishes a relationship. Along the way, they collect personal details that can be used for future scams — sometimes against the victim’s friends and family. They’ll take the victim on an emotional journey, earning their trust and loyalty before making up a convincing story about how they need money. Victims will often offer money to their online suitors without ever having met.

Lottery/sweepstakes scams

If you get an email saying you’ve won the lottery, it’s likely a scam. Yet you’d be surprised how many people have fallen victim to this type of con. Criminals use the reputation of the lottery and human desire for instant gratification to trick their victims into thinking they’ve hit it big — sometimes fooling people who’ve never even bought a scratch ticket.

Lottery scam emails typically tell victims they’ve won a large sum of money. There’s a catch, though: In order to receive their winnings, they must send a processing fee. But the bad guys aren’t only looking for money; lottery scams also have been used to steal PII for future scams. 

Protection Measures

How can you protect yourself? Here are some quick facts about phishing, vishing and other scams: 

  • A lottery organization will not ask you for your personal information through an email 
  • Financial institutions will not ask for your personal information through an email 
  • Organizations do not give money prizes without a person’s current active participation

In addition, consider the following if you receive a suspicious email or phone call: 

  • If you don’t know the sender, delete the email 
  • If an organization or financial institution calls asking for personal information over the phone, hang up and look up the organization’s customer service number online. Then call that number to make sure the original call was from a legitimate source. 
  • Check emails and text messages for spelling and grammar mistakes. Phishing emails often originate from countries where English is not the primary language, so grammatical mistakes and typos can be warning signs. 
  • Do not click on any pop-up screens or links within the email. 
  • Do not call a phone number sent within a suspicious email. 
  • Do not reply to a spam email. 
  • Do not be afraid to ask why your personal information is necessary. 
  • Before clicking on a hyperlink, verify the URL first. Hover over the link to see if the URL looks legitimate. Be wary of “tiny URLs” that hide the actual URL. 

You can be a valuable contributor to the war against hackers and scammers by keeping up to date with the latest criminal scam techniques and sharing this information with others. If you think you’ve been a victim of a scam, file a report with the Federal Trade Commission (FTC).  

© 2026 TransUnion LLC. All Rights Reserved.