Common Types of Scams
Office of Information Security


According to a recent report by the Federal Trade Commission, victims lost nearly $448 million to all types of imposter scams in the year 2018. Unfortunately, the numbers continue to rise each year. The following list is by no means exhaustive, but it does represent several of the more common scams found in today’s threat landscape.

Gift Card Scams

Recently, there has been a rise in gift card scams, which is a specific type of spear phishing. In general, spear-phishing scams appear to come from a trusted source (spoofing) and target an individual or organization. With gift card scams, the goal is to engage people in dialogue, gain a victim’s trust, claim a time-sensitive emergency, and then dupe people into buying cards and emailing or texting them the redemption codes.

Unfortunately, there is very little that can be done to stop people from employing these tactics. Free accounts for spoofing are available from a wide variety of sources, social media is a great tool for mining data about individuals, and websites provide enough information about an organization to target specific departments.

The best available defense is to arm oneself with knowledge. For starters, you might take this time to review methods for recognizing common phishing attempts and apply those concepts to future communication at work and home.

Video: How Scammers Tell You to Pay (1:55)

Courtesy of the FTC


Phone Scams

A phone scam, sometimes referred to as phone phishing or vishing, employs similar concepts to email phishing to gain personal information, access to accounts, and collect money.

Always be cautious of high-pressure tactics. The worst of scams typically demand some form of monetary compensation within a 24 hour period, which is followed by a threat of police arrest, or another frightening outcome. Do not fall for this tactic. Whenever you are concerned or unsure about an unsolicited phone call, it is always best to end the call and call the agency or business directly.

Learn more about recognizing, mitigating, and reporting phone scams from the following resources.

If you believe you have been the subject of a phone scam, you can file an FTC Complaint with the Federal Trade Commission.


Sextortion is a form of blackmail where someone threatens to distribute information or images of you that are sexual in nature if you do not pay or provide sexual material back to them.

Often, the scam includes a password you recognize along with a claim that they have hacked your computer and installed malware. This is a bluff based upon exposed passwords from past data breaches.

  • The FBI suggests a few things you can do to avoid becoming a victim:
  • Never send compromising images of yourself to anyone, no matter who they are—or who they say they are.
  • Do not open attachments from people you do not know.
  • Turn off or cover your web cameras when you are not using them.

If you, or anyone else you know, receives an email claiming to have a video of you watching pornography:

  • Do not respond to the email.
  • Do not pay the demand in any form.

If you believe you are a victim of sextortion, the FBI suggests that you call your local FBI office, their toll-free number at 1-800-CALL-FBI, or report it to the FBI’s Internet Crime Complaint Center at

Video: Sextortion Scams (0:29)

Courtesy of Sophos

Tax Scams

Tens of millions of dollars have been lost to tax scams. IRS impersonators phish individuals, businesses, and tax professionals to steal personal information or demand payment of taxes by way of prepaid debit cards, gift cards, or wire transfers.

IRS Scams

To help protect yourself from identity theft, learn how to spot whether or not it’s really the IRS.

  • The IRS does not contact taxpayers in person, by email, phone, text message, or social media.
  • The IRS does not threaten people or negotiable amounts due.
  • The IRS does initiate most contacts through regular mail delivered by the United States Postal Service.

W-2 Scams

Because W-2 data is a high-value target, identity thieves continue to phish organizations to take advantage of mass fraud.

Typically, a bad actor probes an organization’s infrastructure by sending phishing attacks to those who appear to be top managers. Once someone takes the bait and provides relevant data, a fraudulent IRS tax return is submitted in the victim’s name and the money is stolen.

Video: W-2 Scams (1:55)

Courtesy of the IRS


Tech Support Scams

Tech support scams have been around for years. They are usually initiated by an email, browser popup, or phone call that states your computer has been compromised by malware, has been used in some illegal activity, or has been involved in a data breach. The perpetrators most often pose as Microsoft (or affiliate) and the victim is provided a phone number or website to contact.

These scams run the gamut from swindling users into logging into a website (to collect account name, password, credit card, SSN, etc.) to trick victims into granting remote access (to search and steal sensitive information, render the computer unusable, and then collect a fee to fix it, or worse, not fix it).

Video: Tech Support Imposter Scams (0:45)

Courtesy of the FTC


Other Scams

Additional Resources