There’s no doubt that the online world has made our lives faster, easier and more convenient. We can shop, do our banking and even talk to a potential date in the blink of an eye. Yet along with those benefits are some dangers to be aware of with unscrupulous scammers looking to steal our personal information and our money. We've talked to experts on scams and cybersecurity, so click through to find out more about the tell-tale signs to look out for and how to keep yourself safe.

Phishing is one of the oldest online scams in the book, but it's still all too common. Phishing is essentially where a fraudster impersonates a legitimate company, such as PayPal or Amazon (an Amazon scam email is pictured), and sends people an email that tells them to click on a link. The email might be telling the sender to correct a mistake in their login details, may say they have a fee to pay, or that they have won money. However, the link will direct them to a bogus login page that allows attackers to steal their personal information.

According to Robert Pritchard, founder of consultancy firm The Cyber Security Expert, these scams can be difficult to spot. “Some are super obvious because they’re really poorly spelt and don’t make any sense. Yet others are perfect. There’s no consistent thing to look for.” It seems impossible, but there is one thing they all have in common: a sense of urgency. “These emails always use hooks, wanting you to make a decision quickly or get you worried about something,” Robert adds. This email looks like it's from a genuine address –alert@outlook.office365.online.com – and it mentions the customer by name. However, it's not a genuine email, and the poor use of grammar is the main giveaway. The link to 'RECOVERY DETAILS' takes you to a page that asks you to enter personal information, details the scammers plan to steal.

So you’ve received an email that you think may be a scam – what now? Deborah Vickers of financial website Money Guru says: “Don’t provide any sensitive data to anybody.” If you’re not sure if an email or a phone call is legitimate, verify it. And it's not just realistic-looking emails that can catch you out. Recently, UK resident Doug Varey was tricked out of $5,200 (£4k) after he clicked on a pop-up advert for, ironically, computer security protection. It offered 12 years' worth of protection at $723 (£556), which he bought, but then the so-called security firm called him up saying someone was trying to take his data, and advising him to pay the $5,200 (£4k) to end the issue. The fraud case was investigated by the British and Indian Police, along with Microsoft, who recently managed to shut down a criminal operation in Kolkata following a four-year investigation.

It sounds a little like phishing, and that’s because it is. Yet pharming is a little more sophisticated, meaning it can be harder to get caught out. Essentially, it’s where a legitimate website, often an online banking or ecommerce site, is manipulated to direct you to a fake site. The bogus site either installs malware on your computer or harvests (‘pharms’) your personal data. In May this year an artist named Guo O Dong turned malware into an art installation (pictured), called The Persistence of Chaos, which sold at auction for $1.35 million (£1.1m). 

Unfortunately, with pharming there aren’t many clear-cut signs. Check the URL of the site you want to visit, to make sure it’s spelt correctly, and ensure it’s prefixed by ‘https’ – the ‘s’ stands for ‘secure’. Pictured is a scam text sent in by one of our loveMONEY readers supposedly from the Royal Bank of Scotland, but if you look carefully the 's' is missing from 'https' in the link. Often pharming comes from an initial phishing scam, so it’s crucial to always be super-cautious before clicking any links in emails or text messages.

If the email has come from an unknown sender, don’t click on any links. A good example is this email pictured, which is supposedly from UK supermarket Tesco. However, the sender's email reads rtfritz@ptd.net and it is addressed to a generic 'Customer'. Robert Pritchard says: “If you’re unsure if an email is legitimate, and it’s nothing at all to do with you, then just delete it. Go with your web browser the way you log in normally, which you trust, so you know you’re not being lured to a fake site."

In the same way that not all websites are what they say they are, sometimes fraudsters create fake versions of legitimate apps to take your money and data. They do this through ‘trojans’, named after the Greek trojan horse, which is malicious software hidden in apps that infects your phone and stays active in its memory, performing background tasks such as opening fraudulent webpages without your knowledge.

According to Robert Pritchard, your susceptibility to trojans probably depends on what type of phone you have. “If you’re using an iPhone, you’ll probably be safe, but on the Android store there’s a bit more malicious software.” Certain apps might be more likely to hide trojans too: “Be cautious about downloading free games, especially if you’ve seen something online saying, “play this game!”. The apps which activate your torch on an Android phone can have malicious software too”.

There are two key things you need to do. Firstly, Robert says, “only download the apps you really need”. So free games, photo editing software or horoscope apps might be worth deleting unless they really seem legit. Secondly, Robert stresses the importance of downloading from a reputable provider. Checking the number of downloads or ratings an app has had can be one way of doing this.

Bank transfer scams are on the rise, with the amount of money stolen from UK bank accounts by criminals having increased by 40% in the past year, according to banking body UK Finance. In the US, thousands of people have seen their money disappear due to a scam involving the popular digital payment service Zelle, which is embedded in many bank accounts. Zelle allows customers to send money instantly to others using an email address or phone number and helped users transfer $119 billion (£94bn) in 2018. Many people don't even realize that they use Zelle as it is pre-built into several banking apps, including those from Chase Bank and Bank of America. But it has become a target for scammers, who make spoof calls to access users' bank accounts, and their money.

But bank transfer scams are getting more sophisticated, says Brian Higgins, security specialist at Comparitech.com. “It’s very easy these days because there’s so much intellectual property available online. Scammers can just take logos, letterheads, letter footers off the internet and create a letter or email that looks legitimate. The places you need to look aren’t in the content, it’s everywhere else – it’s in the email header, it’s in the email addresses that people use,” says Brian. Often, scammers will monitor your emails before creating an email address that’s almost exactly the same as one you’ve corresponded to in the past – perhaps they’ll change an “o” to a zero, for example. The changes will often be very subtle.

Let’s say you get an email, which you think is from your bank, saying that your account details have changed. What should you do about it? “If there is any change of details, especially if you’re dealing with large sums of money, phone up your bank and ask them”, says Brian. “Just because the internet is there, doesn’t mean you have to use it for everything. Alternatively, go into your bank”. Likewise, if your bank calls you, don't provide any personal information, but contact them the way you normally do, even if that means hanging up and calling your bank again. 

Facebook has more than 2 billion global users and Instagram has more than 1 billion. With so many of us using social media every day, it’s become an easy target for scammers. One common Facebook scam that’s been doing the rounds recently looks like this: a friend sends you a message with a link in it, saying, "Is this you?" If you click the link, it’ll direct you to a fake Facebook login page, which is actually run by fraudsters wanting to steal your data. There are also plenty of bogus Instagram accounts promising money in return for following or clicking on a link to a malicious site.

Discover Facebook's timeline and the staggering numbers behind its success

Deborah Vickers says: “If you’re thinking it’s too good to be true, it probably is. In terms of Facebook or Instagram impersonation scams, the hijacker is pretending to be that person.” In a particularly sinister scam this June, scammers set up fraudulent accounts claiming to send aid to Sudan, such as the “Sudan Meal Project” (pictured).

“With emails you can check the email address, but with social media, scams can even come from people you are friends with,” says Deborah. If you receive a suspicious message from a friend, let them know that you think their account may have been hacked, and delete the message. If it’s too late and you’ve already clicked on the link, report the scammers to the social media site and change your login details.

Fraudsters have no qualms about playing with your heart to get hold of your money, and sadly rather than falling in love many people have fallen for scams when using dating websites. In fact, Americans and Canadians lost approximately $1 billion (£789m) to romance scams between 2015 and 2017 according to a study by BBB. In the US in 2016, over 15,000 cases were reported to the FBI's Internet Crime Complaints Center (IC3) – 2,500 more than 2015 – and the losses totaled over $230 million (£181.6m).

It can be hard to spot a dating scammer, and often fraudsters have researched you and spent time working out the right things to say. However, there are a few things to be aware of. Unlike real daters, scammers typically don't want to meet up and want to hide behind the fake persona they have created. The FBI has found that scammers with fake profiles often say that they work in the construction industry and are working on projects outside of the country to explain why they can't meet in person – and this also gives them a good story as to why they need your financial help. Some scammers will engage in phone calls to create a stronger connection and make the relationship seem real, or will promise to meet up but then cancel on you. Others may ask for inappropriate photos to blackmail you later down the line.

If you have suspicions about someone you are speaking to, the FBI recommends that you search their name and reverse image search their profile picture on the internet to check if the results seem legitimate (pictured). To prove that someone is genuine you are looking for more than a Facebook profile that a scammer could have easily set up, but an established presence that would be hard to fake. Also, ask lots of questions when you talk to them. You should never send money to someone you don't know personally, but if you already have and suspect it's a scam contact the authorities, such as the FBI's IC3 or the UK's ActionFraud reporting center.

In 2017, UK anti-fraud organization Action Fraud set up a fake ticket selling website to show how easily people fall for such scams. The fake website, called Surfed Arts, duped 1,571 fans who thought the site was real and clicked on it. When they did, they were taken to the Surfed Arts website, which advised them they couldn’t buy tickets and gave tips on how to avoid fraud in the future. Meanwhile in the US, fake ticket selling scams are rife too: a poll of 1,000 adults by ticketing vendor Aventus found that 12% of respondents had purchased a concert ticket online that turned out to be a scam. 

With many third-party sites such as StubHub and the UK's Viagogo selling on tickets to real events such as an Ed Sheeran show it can be difficult to sort the real from the fake, particularly if you're desperate to see that show. But as with any scam, if it seems too good to be true it probably is. These websites will often advertise tickets to events that are sold out everywhere else, and they’ll often be at marked-down prices – so those are two big clues to look out for. Also, check there are full contact details available on the website, which should mean an email address and a legitimate phone number.

Fortunately, these types of scams are pretty easy to avoid. “Just make sure that if you can find a provider that you know is valid, go to their website”, says Robert Pritchard. If you think you’ve bought a ticket through a fraudulent website, report it to the police. While you may not be able to get your money back, it might prevent others from falling into the same trap.

Ransomware is every bit as scary as it sounds. Essentially, in a ransomware attack, hackers will use malicious software to get into your device. Then they’ll encrypt your data, turning it into code, which will block your access to your computer. In order for you to get back in, hackers will ask you to pay a ransom, often in the form of a cryptocurrency such as bitcoin. A link will appear telling you to pay a certain amount in a cryptocurrency, and showing you where you can get it.

Like many other types of cybercrime, ransomware attacks are becoming more targeted and harder to spot. “Back in the day criminals just used to fire off an email to as many people as possible,” says Brian Higgins. “It’s a lot more sophisticated now, because there’s so much information about people online, on sites like LinkedIn and Facebook. If a cybercriminal gang decided that a particular business had a lot of money, rather than sending out 100,000 speculative emails, they would pick a person in that organization and look them up online before launching a ransomware attack.”

Prevention is key in the case of these types of attacks. “The main piece of advice is to make sure your data is backed up, away from your main network, so if you are subject to a ransomware attack and your main network stops working, you can go back to your back-up,” says Brian. You can back up your device either through an external drive, using an internet service which you may have to pay a monthly fee for, or just use cloud storage such as Dropbox, Google Drive or Microsoft OneDrive.

Crypto-what? It’s a bit of a mouthful, but cryptojacking is basically when cybercriminals download software onto your device to secretly mine cryptocurrency. How? By either sending you an email that contains a link which downloads the software when you click on it, or by hiding the code in an advert or on a web page that again activates it when you click on something. It’s a cybercrime that's on the increase, with cybersecurity company McAfee Labs reporting in August that there was a 29% rise during the first quarter of 2019.

How the Winklevoss twins beat Facebook and became Bitcoin billionaires

“It’s difficult to spot”, says Brian. “Years ago, if your computer had a virus, it was pretty obvious because it was very slow and clunky. But these days, because of the sophistication of computers as well, you wouldn’t necessarily even know that your computer was being used to mine cryptocurrency”. That being said, you should keep an eye out for if your computer seems to be running slowly or overheating as these could be signs of a crytojacking attack.

As is the case for ransomware scams, prevention is key. “Make sure that you scan your networks regularly”, says Brian. “There’s free software available online that you can download. I scan my computer once a month, just to make sure”. It’s also worth improving your web browser’s security by using a good quality VPN (Virtual Private Network), which adds another layer of security to public and private networks, increasing your privacy by replacing your IP address with one from the VPN provider. Some VPNs are even designed especially to prevent ransomware scams and cryptojacking.

Discover The scariest online scams and hacks of 2018