Fallen victim to online fraud? Here’s what to do…

This guest post is by Lisa Ventura, founder and CEO of the UK Cyber Security Association, a not-for-profit that raises awareness of the importance of cybersecurity for small and medium-sized businesses.

Online fraud is a huge challenge for businesses and consumers alike as cybercriminals continue to develop new mechanisms to separate innocent parties from their money.

As children we were warned not to talk to strangers or give them any personal information. Yet today we think nothing of sharing our details every time we make an online purchase.

More and more of us have become accustomed to doing more and more transactions online, especially since the COVID-19 pandemic hit last year, and it is easy to forget that there are people out there who will do anything to obtain money or personal information by deception.

How to spot online fraud

There are many types of online and identify scams, but here are some of the most common:

  • “Get rich quick” scams

With job uncertainty at an all-time high, attackers are preying on our vulnerabilities and financial worries during the crisis.

Some reports suggest that scams claiming you can “earn” lots of money from home with little effort and no risk have gone up by as much as 66% in the past year.

While we may all dream of earning big for doing very little, you should assume that anything that sounds to good to be true IS too good to be true.

Be especially wary of advertisements that tell that you can work whenever you like; stay away from jobs that involve handling money for other people; and watch out if you have to pay a fee to get started.

  • Fake shopping websites and “free” offers

Scammers set up websites that pretend to be the real deal and lure you in with “great offers” and “unbeatable savings” off the recommended retail price. Often these sites either ship fake items or simply take your money and don’t send anything at all.

Other shopping-based scams involve luring you in with a great deal, then “qualifying” you as the lucky winner of a high-value item such as a games console or a mobile phone. Everything is “free” except for a modest delivery charge that requires to put in your credit card data. The scammers then run off with your credit card details.

  • Phishing

The Naked Security team has written extensively about phishing, which is sadly still one of the most common and effective cyberthreats around.

Simply put, phishing involves sending you a message that tricks you into clicking a bogus link, opening a booby-trapped file, installing malicious software or simply giving out personal data that you ought to have kept you yourself, such a password, address or account number.

Phishing isn’t just limited to email – it can also take place via SMS text messages (when it is known as smishing), over social media, through other messaging apps such as WhatsApp, or even via voice calls (known as vishing).


(Watch directly on YouTube if the video won’t play here.)

  • Fake cybersecurity warnings

Sometimes when you are browsing the internet a pop-up appears out of nowhere saying that your computer is infected with viruses. Of course, there’s also a website you can visit for immediate help, and often a tollfree number to call so a “technician” can fix the problem for you right away.

If this happens to you, it’s almost certainly a scam. These fake ads and pop-ups are designed to get you to download and run “security” software for a not insignificant fee, or to pay to give remote access to a “technician” who will “remove” the non-existent security threat for you.

Only trust security information from the antivirus software that you are running. (And don’t forget to check, of course, make sure that your antivirus product is up-to-date, too.)

Can you get your money back?

If you bought an item from an online seller via a site such as Amazon or eBay, see if they can help or intervene.

In addition, you may be able to recover some of the funds you spent, depending on how you paid.

  • If you paid by debit card

If you used a debit card you may be able to get your bank to help you recover your money through the chargeback scheme. This is a transaction reversal made to dispute a card transaction and to secure a refund for the purchase.

Contact your card provider for details of their scheme in your country. However, don’t assume that you are going to get your money back.

  • If you paid by credit card

If you paid for goods or services with a credit card, most countries have regulations that give you have a greater protection if things go wrong. For example, UK consumers are protected under section 75 of the Consumer Credit Act, while Consumer Protection laws cover buyers in the US.

Unfortunately, whether you can make a claim or not depends on the type of scam you have fallen for, so please get in touch with your card provider for assistance.

  • If you paid by bank transfer

If you have been caught out by a convincing scam and unwittingly transferred money into another bank account, you should contact your bank immediately for help. They may help you try to recover the funds.

  • If you paid in cash, with cryptocurrency or by wire transfer

Unfortunately, if you paid in cash (or equivalent), you have almost certainly lost it all.

The only person who could refund your money in a case like this would be the scammer you just gave it to.

You may nevertheless want to report the fraud to the police in case they can take any action. If no one says anything, then it’s difficult for law enforcement to justify investigative or preventative action because it looks as though these crimes aren’t taking place.

What if you’re a victim?

Talking about what happened and hearing about the experiences of others who have been through similar experiences can help.

Support groups in the UK are available through charities such as Victim Support, Age UK and Citizens Advice.

Maintain your security hygiene

Here’s a recap of good security practice advice from the Naked Security team:

  • Reset your passwords if you’ve been phished, and if you know you’ve used the same password on other websites, change those too! 


(Watch directly on YouTube if the video won’t play here.)

  • Patch early, patch often. Why be behind the crooks when you could be ahead? Be sure to get operating system updates as well as security fixes for the apps you use and for any devices such as routers, webcams and thermostats that you may have at home.
  • Use a password manager and 2FA to make it harder for the scammers. A password manager stops you putting real passwords into fake sites, which helps prevent you getting phished. And using two-factor authentication (2FA) means that your password alone is not enough for scammers to log in to your account.
  • Report scams if you can. It might not feel as though you are doing much to help, but if many people provide some evidence, there is a least a chance of doing something about it. On the other hand, if no one says anything, then nothing will or can be done.
  Below are scam reporting links for various Anglophone countries:

  AU: Scamwatch (Australian Competition and Consumer Commission)       

  CA: Canadian Anti-Fraud Centre

  NZ: Consumer Protection (Ministry of Business, Innovation and Employment)

  UK: ActionFraud (National Fraud and Cyber Crime Reporting Centre)

  US: ReportFraud.ftc.gov (Federal Trade Commission)

  ZA: Financial Intelligence Centre