Online scams cost Americans over $12.5 billion in 2023 according to the FBI's Internet Crime Complaint Center (IC3), and losses have continued climbing every year since. In 2026, scammers are more sophisticated than ever, using AI-generated content, deepfake voices, and social engineering at scale. Here are the 10 most common online scams right now and exactly how to protect yourself.
Phishing remains the single most reported cybercrime. The FBI's IC3 received over 298,000 phishing complaints in 2023 alone. Scammers impersonate banks, shipping companies (FedEx, USPS), and tech giants (Apple, Google) to steal login credentials.
How it works: You receive an urgent email or text claiming your account is locked, a package can't be delivered, or suspicious activity was detected. The link leads to a fake login page that captures your credentials.
How to avoid: Never click links in unsolicited messages. Go directly to the company's official website or app. Enable two-factor authentication on all accounts. Check the sender's actual email address, not just the display name.
Investment fraud caused the highest total losses of any crime type reported to the IC3 — over $4.57 billion in 2023, with crypto-related investment fraud accounting for $3.94 billion of that.
How it works: Scammers promote fake crypto tokens, Ponzi schemes disguised as "yield farming," or AI trading bots that guarantee returns. Many start with a small "successful" withdrawal to build trust before stealing larger deposits.
How to avoid: No legitimate investment guarantees returns. Research any platform on the SEC's EDGAR database. Never send crypto to someone you met online. If it sounds too good to be true, it is.
Romance scams, including the "pig butchering" variant, caused over $1.14 billion in losses reported to the IC3 in 2023. Victims are groomed over weeks or months before being asked for money.
How it works: Scammers create fake profiles on dating apps or social media. After building an emotional connection, they introduce a "can't miss" investment opportunity (often crypto) or fabricate emergencies needing money.
How to avoid: Reverse image search profile photos. Never send money to someone you haven't met in person. Be suspicious if they always have excuses to avoid video calls. Watch for love-bombing early in the relationship.
The FTC reported that online shopping scams were the #2 most reported fraud category in recent years, with social media ads being a primary vector. Losses from social media shopping scams alone exceeded $1.4 billion from 2021-2023.
How it works: Fake online stores advertise heavily discounted luxury items or trending products on social media. You pay but receive nothing, a counterfeit item, or something completely different from what was advertised.
How to avoid: Check the website's age using WHOIS lookup — scam sites are usually days or weeks old. Look for real contact information and a physical address. Pay with credit cards (not debit or wire transfers) for chargeback protection. Read reviews on independent sites, not on the store itself.
Tech support fraud accounted for over $924 million in losses reported to the IC3 in 2023, with victims over age 60 accounting for the majority of those losses.
How it works: A pop-up warns your computer is infected, or someone calls claiming to be from Microsoft, Apple, or your ISP. They convince you to grant remote access, then install malware, steal data, or charge hundreds for fake "repairs."
How to avoid: Microsoft, Apple, and Google will never call you unsolicited. Close pop-up warnings using Task Manager (Ctrl+Alt+Delete) rather than clicking anything on the pop-up. Never grant remote access to anyone who contacts you first.
Job scams surged during the remote work boom. The FTC received reports of over 100,000 job scam complaints in 2023, with reported losses exceeding $490 million — nearly triple the amount from just two years prior.
How it works: Fake job postings on LinkedIn, Indeed, or via email offer high pay for remote work. They may ask for upfront payment for "training materials," request your SSN for a "background check" before any real interview, or send a fake check and ask you to wire part of it back.
How to avoid: Legitimate employers never ask you to pay to get hired. Verify job postings on the company's official careers page. Be wary of interviews conducted only via text or chat. Never share your SSN or banking info before receiving and verifying a formal written offer.
Scammers impersonating the IRS, Social Security Administration, or law enforcement generated over $394 million in reported losses to the FTC in recent years. These scams exploit fear of authority.
How it works: You receive a call, email, or letter claiming you owe back taxes, your Social Security number has been "suspended," or there's a warrant for your arrest. They demand immediate payment via gift cards, wire transfer, or crypto.
How to avoid: The IRS communicates primarily by mail and never demands immediate payment by phone. No government agency accepts gift cards as payment. The SSA will never threaten to suspend your Social Security number. Hang up and call the agency directly using the number from their official website.
Account compromise and identity theft were behind over $742 million in losses reported in 2023. Social media accounts are prime targets because they provide access to your contacts for further scamming.
How it works: Scammers gain access through phishing, credential stuffing (using passwords leaked from other breaches), or SIM swapping. Once in, they message your friends asking for money, post fake investment opportunities, or lock you out and demand ransom.
How to avoid: Use unique passwords for every account (use a password manager). Enable two-factor authentication with an authenticator app, not SMS. Don't click "Is this you?" links sent via DM. Review your account's active sessions regularly.
The FTC has taken enforcement actions against numerous companies running subscription traps, and the FTC's "Click to Cancel" rule (finalized in 2024) was created specifically to combat this widespread problem.
How it works: You sign up for a "free trial" or "$1 sample" that requires a credit card. Hidden in the fine print are recurring charges of $50-$200/month. Cancellation is made intentionally difficult with dead-end phone trees, chat-only support, and processing delays.
How to avoid: Read the full terms before entering payment info. Use virtual credit card numbers for trials. Set calendar reminders before trial end dates. Check your credit card statements monthly for unfamiliar recurring charges.
Deepfake-related fraud is the fastest-growing scam category in 2026. A 2024 Deloitte report projected that AI-generated content could enable $40 billion in fraud losses by 2027. Voice cloning and video deepfakes now require as little as 3 seconds of audio to replicate someone's voice.
How it works: Scammers clone a family member's voice using AI and call claiming an emergency. They create deepfake videos of CEOs or celebrities endorsing fake investments. They generate realistic but fake identity documents for fraud.
How to avoid: Establish a family code word for emergency calls. Verify unexpected requests through a separate communication channel. Be skeptical of any video or audio urging immediate financial action. Look for subtle deepfake tells like unnatural blinking, audio sync issues, or warped backgrounds.
If you've been targeted by any of these scams:
Stay informed and help others by checking suspicious websites, phone numbers, and companies on Scam.Wiki before engaging with them.
Search Scam.Wiki Database