Beware of these online scams [learn ways to protect yourself]

On desktop are a laptop with a padlock on the screen. Words

October is Cybersecurity Awareness Month. It is important to stay on top of protecting yourself from cybercriminals and online scams not only this month, but year-round; since being scammed or getting your personal information stolen can impact your financial wellness.

Here are three ways that cybercriminals try to access your personal information online and tips to protect yourself.

Online scams and cybersecurity threats

Unsafe email attachments

Documents are frequently attached to emails we receive at work or in our personal lives. The attachment can be your aunt’s stew recipe or a guest list for the office party from your boss. Cybercriminals know this and will pretend to be the person you know, such as your aunt or boss, and send you an email impersonating them with the hopes that you will open the unsafe attachments. Some of the most common attachments used for cyberattacks are Microsoft Word DOC files and PDF files. 

  • Fake DOC attachments: Older Microsoft Word DOC files are commonly used in cyberattacks because they can include macros. A macro, short for macroinstruction, is a set of commands that can control a DOC file and other programs. Cybercriminals might send you an email that looks legitimate, contains a DOC file, and gives an urgent reason for you to open the file. If you open it, a pop-up window will display, asking you to enable macros. If you accept, the macros can install malware on your device. (Malware is software that is specifically designed to disrupt, damage or gain unauthorized access to a computer system.)
  • Fake PDF attachments: PDF files are sent over email every day, making them perfect tools for cyberattacks. One popular type of attack is when cybercriminals put an image in a PDF file to catch your attention and trick you into clicking it, like a cooking video from social media or a cute cat video. Unfortunately, clicking the image could send you to a website designed to steal your sensitive information.

What can I do to stay safe?

  • If a suspicious email appears to be from someone you know, contact them over the phone or in person. Check to see if the email is authentic.
  • Avoid DOC files in general. They use an outdated format and contain too many security risks. The newer DOCX format is the current standard and is much safer.
  • Always think before you click. Cyberattacks are designed to catch you off guard and entice you into clicking impulsively.

Unexpected emails

If you have a personal email account, you likely receive a steady flow of messages daily, including notices from a bank, order confirmations or sales promotions. To keep up, you might look through your inbox as quickly as possible. Don’t forget to stay vigilant. Cybercriminals take advantage of full inboxes to send dangerous, unexpected emails.

“Unusual scam activity detected” emails

One of the most popular unexpected email scams is the fake banking email. Cybercriminals will send an email that appears to come from a local bank, claiming they have suspended your account due to unusual activity. Before taking action, consider whether it makes sense that you’re getting this email. Ask yourself questions like:

  • Do I have an account with this bank?
  • Is this how my bank typically contacts me when they detect unusual activity? 
  • When was the last time I checked my bank account?

Your new scam is on the way

In another scam, cybercriminals imitate a popular retailer’s order confirmation. The email states that your credit card was charged a large sum of money and your order is on the way. Even though a fraudulent charge is alarming, pause and ask yourself:

  • Do I shop at this retailer?
  • Have I ever entered my credit card information on their website?
  • Does the email include any accurate identifying information, like my name, credit card number or shipping address?

Without pausing to ask yourself questions like these, you might give cybercriminals exactly what they want — your personal information that they can use to steal your identity, deplete your account, or make unauthorized purchases.

What else can I do when I receive unexpected emails?

  • Stop and consider the context. If the email is about an order you didn’t place, it could be a scam.
  • Never click a link in an email that you aren’t expecting. Instead, open your internet browser and navigate to the organization’s official website.
  • Watch out for urgent messages, such as an email alerting you about an expensive credit card charge. Phishing attacks, an attempt to trick you into doing the wrong thing, rely on impulsive actions. So, always think before you click.

Social media threats

According to Pew Research Center, about 70% of Americans use social media platforms like Facebook, Instagram, LinkedIn, Pinterest or X (formerly Twitter), among others. Here are some tips for staying safe and avoiding cybercriminals when using social media.

Be careful what you post

Any information you post on social media could be used in a “spear phishing” attack. Spear phishing is when cybercriminals target you specifically. For example, if you post online about your rescue dogs, cybercriminals might send you phishing emails spoofing an animal shelter that’s asking for donations. The email could appear genuine, but cybercriminals are trying to trick you into giving them your payment information.

Keep it private

Cybercriminals might also try to phish you through a direct message. Some cybercriminals will even use online bot accounts to reply to your posts or message you automatically. Luckily, many social media platforms allow you to have a private account and restrict who can contact you. Be sure to use privacy features to protect your personal information from strangers and cybercriminals.

Get support if you have been harmed by a scam

LSS Financial Counseling has certified, trusted and nonjudgmental financial counselors who provide advice and support if a scammer has taken advantage of you. Call 888.577.2227 to schedule an appointment, email them or complete their short contact form

Mike Bohlken


Author Mike Bohlken is associate vice president for Information Technology at Lutheran Social Service of Minnesota (LSS). LSS Financial Counseling is a service of LSS.