Carnegie Mellon University
July 16, 2019

How to Spot and Avoid Common Scams

Have you ever gotten an email from someone claiming to be royalty? In their email, they tell you that they will inherit millions of dollars, but need your money and bank details to get access to that inheritance. You know this email isn’t legitimate, so you delete it, yet there are many more scams being perpetrated by criminals that sound more believable and aren’t as easy to spot.

Learning to identify and avoid these scams is the first step in protecting yourself from these schemes. Senior Citizens are often particularly vulnerable to some of these fraud campaigns. The world today is full of cybercriminals launching both phishing emails, and the tried and true phone scams that never fell out of fashion. Protecting not only your finances but also your data from these scams is more important now than ever.

Phone Scams

Scammers who operate by phone can seem legitimate and are typically very persuasive. To draw you into their scam, they might:

  • Sound friendly, call you by your first name and make small talk to build your trust.
  • Claim to work for a company or organization you trust such as a bank, a software, or other vendor, the police department, or a government agency
  • Threaten you with fines or charges that must be paid immediately.
  • Mention exaggerated or fake prizes, products, or services such as credit and loans, extended car warranties, charitable causes, or computer support.
  • Ask for login credentials or personal sensitive information.
  • Request payments to be made using odd methods, like gift cards or bitcoin.
  • Use pre-recorded messages, or robocalls.

If you recieve a suspicious phone call or robocall, the easiest solution is to hang up. You can then block the caller's phoen number and register your phone number on the National Do Not Call Registry.

Email Scams

Phishing emails are convincing and trick many people into providing personal data. These emails tend to be written versions of the of the scam phone calls described avove. Some signs of phishing emails are:

  • Imploring you to act immediately, offering something that sounds too good to be true, or asking for personal or financial information.
  • Emails appearing to be from executive leadership you work with requesting information about you or colleagues that they usually do not request (for example, W2s).
  • Unexpected emails appearing to be from people, organizations, or companies you trust that will ask you to click on a link and then disclose personal information. Always hover your mouse over the link to see if it will direct you to a legitimate website. 
  • Typos, vague and general wording, and nonspecific greetings like "Dear customer".

Beware that many scams and phishing emails look legitimate! An email pretending to be a company might contain pictures or text mimicking the company's real email. If you're unsure about an email you received, there are some steps you can take to protect yourself. 

  • Do not click links or open attachments in emails you were not expecting.
  • Do not enter any personal, login, or financial information when prompted by an unsolicited email.
  • Do not respond to or forward emails you suspect to be a scam.
  • If in doubt, contact the person or organization the email claims to have been sent by using contact information you find for yourself on their official website.


The information provided in the MS-ISAC Monthly Security Tips Newsletter is intended to increase the security awareness of an organization's end users and to help them behave in a more secure manner within their work environment. While some of the tips may relate to maintaining a home computer, the increased awareness is intended to help improve the organization's overall cyber security posture. This is especially critical if employees access their work network from their home computer. Organizations have permission and are encouraged to brand and redistribute this newsletter in whole for educational, non-commercial purposes.