Front Page: NCSC-FI
Front Page: NCSC-FI

How to protect yourself against online scams

There are lots of scammers after your money or information online. Scam messages are frequently sent by email, text messages and telephone. You can run into an online scammer virtually anywhere: on chatting, dating, shopping and sales platforms and online shops.

How to recognise an online scammer?


They give you promises they cannot keep

Scammers are mainly fishing for your money, online banking or email IDs or credit card information in various ways. You should be highly suspicious if someone contacts you unexpectedly, indicating any of the following:

  • an amazing and unique offer, winning the lottery, getting an inheritance, a business and investment opportunity
  • a surprising message from an unknown admirer who wishes to be with you
  • you are offered an opportunity to earn money easily.

You are threatened and blackmailed

A scammer can blackmail and threaten you with things such as losing your reputation and possessions.

Scammer may claim that

  • they hold sensitive materials of you
  • they are going to crash your company's or organisation's online service with a denial of service attack or hacking
  • they hold information about your company or organisation obtained via hacking
  • they are in a hurry and are asking you to act quickly.

You end up on a scam website

The address of a fake website may be nearly identical with that of a genuine site, as all it takes is a one-character difference. The content of a fake website also looks almost authentic, but once again, the details reveal the scam. The site may be missing translations and company information. Counterfeit e-commerce sites often claim to offer dramatic discounts on branded products and only a card payment option.


Using being in a rush or exceptional circumstances as an excuse for requiring your actions or information

A bank or a representative of the authorities will never ask you to provide your username or password by email. Do not click or provide your information if

  • you are asked to log in your online bank or email account via a link in a message sent to your email account
  • you or your organisation receive a surprising and urgent invoice whose sender presents themselves as a managing director you know, for instance
  • you receive an email to which an (urgent) “invoice” has been attached, but actually includes malware
  • a person presenting as an IT support person asks you for your user ID, password or remote connection to your computer.

How do you protect yourself against a scam?


Do not blindly trust email sender information

The address may be fake, the sender's computer may have been hacked, or someone may have guessed the person's email password. Banks, collection agencies or the authorities do not request their customers to log in to their website by e-mail. Instead of clicking on the link in a message that appears suspicious, use your browser to go directly to the website of the service you are looking for.


Do not trust all websites

For example, familiarise yourself with the terms and conditions of an online shop and the website itself. Do not enter your credit card information or online banking details on a suspicious website without consideration.


Check the destination address on your browser

Online scammers register domain names for their phishing sites that are almost identical with original domain names in form and name (e.g. vs. Read the website address carefully.

Enter the address directly in the browser address bar and make sure you type it correctly.


Have you enabled encrypted communication on your browser?

You can particularly check the encryption of online banks from the lock icon on your browser's address bar and by looking for an online address starting with https://. If there is no lock icon in the address bar, this is not the website of a real online bank. You should be careful because a lock icon or having an address starting with https:// is no guarantee of the reliability or authenticity of a website these days. Communication encryption can also be used to deceive you.


Change a hacked password

If your password has been hacked, change it immediately. If you have used the same password for other services, also change their passwords.


Use a different password for different services

Create a separate password for each service you use. Invest in important passwords you use to reset forgotten passwords. These include your email password, for instance.

What to do if you get scammed


Report the incident to the police

If you have been scammed and this has led to you to, say, transfer money to a romance scammer, report the incident to the police.


Also inform the parties concerned

If you are a victim of payment fraud or a scam made by someone pretending to be a bank or financial institution, you should also report it to the financial institution. Even though the banks and companies that scammers pretend to be are not behind the scams, they are interested in receiving information about the scams so that they can warn their other customers.


Prevent further damage

If your password or credit card information has ended up in the wrong hands, change your password and contact your bank to cancel the card.