The Type Of Scam That Causes More Financial Loss Than Any Other

Scam artists are an inventive bunch. Numerous confidence schemes have become so iconic that spotting the outline of a fraudulent actor is sometimes extremely simple: The Nigerian prince approach, for instance, which involves the promise of a large financial reward after handing over a small upfront contribution. Sometimes this can also involve paying a 'tax' or 'fee' to have the funds released, while other approaches involve a more classic 'loan me some money today...' trade. Even though many scams have been well played out, there are always new twists on the classics and even brand new schemes being cooked up on a regular basis. 

Phishing attacks, in particular, have become a prominent method of parting victims with their hard earned cash, but in many instances this approach isn't as direct a path to theft as other approaches. Instead, thieves are stealing credentials in order to take control of users' accounts. These account takeovers represent the most dangerous scheme currently making the rounds. Not only is the tactic difficult to identify and stop in many cases, the approach has also become the most costly scam for victims. With that said, phishing is just the tip of the spear when it comes to the world of cybercrime, a classification of fraud that accounted for almost 83% of all financial losses in 2024, according to the FBI.

Thieves can't do anything online without help from one or more points of access. So, when it comes to your sensitive information, they have two options: They can attempt to hack into the institution itself, or attempt to crack credentials for individual users. While it might seem more efficient to hack into a bank, that requires immense technical skills and involves a lot more visibility and risk. Instead, cybercriminals often pose as trusted entities in an effort to get consumers to open up to them.

These approaches may come through email contact, social media, or even by phone. Once a cybercriminal has your login details they can set off a chain reaction throughout your digital life. According to a 2019 Google survey, 65% of people use the same password for multiple accounts, and 73% use the same passwords for both their personal and work accounts. Nearly half of all internet users never change their passwords, and over 1 in 10 use the same exact password for everything they do online. This means that a compromised Facebook or Etsy account can easily become a five-alarm fire in which your credit cards and bank accounts are hijacked. Once a criminal has your credentials, they can move quickly to lock you out of key digital access points, like your own email address. This makes restoring your security incredibly difficult and time consuming. Meanwhile, they'll enjoy unfettered access to virtually all corners of your life, and finances.

Fortunately for consumers approached by scammers, account takeovers are essentially a phishing exercise. These thieves pose as legitimate points of contact from a business or organization, but the reality is that they are easy to see through — as long as you're looking. When receiving an email that seem suspicious, there are a number of things to look for. The email address itself may look similar to a legitimate business, but there will typically be something wrong in the spelling or naming convention. AI tools are being used to power many email scams today, which means errors will likely be obvious to eagle-eyed consumers.

Another approach that lives online involves brand ambassador pitches and other influencer-focused messages. Social media is a place of great collaboration, but it's also a place that has become a cesspool for scammers to hide within. One particular social media scam involves fake brand accounts sending messages about working with them to promote their products. These thieves might then send you forms asking for your social security number and other personal details. With that said, depending on your following, an unsolicited brand deal can be a big red flag that something is amiss. A third scam approach involves the YouTube comments section, where cryptocurrency investment ads run rampant. If you send money to one of these investors, don't expect to get it back, instead, you'll likely end up being targeted by an equally fraudulent offer to 'recover' your money.