73% of U.S. Adults Targeted by Online Scams – How to Stay Safe

The Rise of Online Scams in the Digital Age

Online scams have become increasingly sophisticated, targeting a wide range of individuals across the United States. According to a recent survey conducted by the Pew Research Center, over 9,000 U.S. adults reported experiencing at least one form of online scam or attack. These scams come in various forms, including credit card fraud, online shopping schemes, and ransomware attacks—malicious software that locks users out of their systems until a ransom is paid.

The prevalence of these scams highlights the growing need for digital awareness and security measures. A significant portion of those surveyed—about 24%—reported falling victim to scam emails, text messages, or calls that tricked them into revealing personal information. Additionally, an estimated 32% of respondents said they had been targeted by a scam within the past year.

Contrary to common belief, older adults are not the only ones vulnerable to these schemes. In 2021, the Federal Trade Commission noted that Gen X-ers, millennials, and Gen Z adults were 34% more likely than those aged 60 and older to report financial losses due to fraud. This suggests that younger generations, despite being more tech-savvy, are still susceptible to online deception through social media ads, investment scams, and fake job opportunities.

Emerging Threats: Scams Through Your Calendar and Authentication Apps

Scammers are continuously evolving their tactics, finding new ways to exploit digital platforms. One such method involves unsolicited calendar invites. Iskander Sanchez-Rola, director of artificial intelligence and innovation for Norton, explains that scammers use online calendars like Google or Outlook to send automatic invitations without user approval. These invites can appear legitimate, leading users to believe they have accepted the meeting, which may result in clicking on a malicious link or downloading malware disguised as a software update.

This type of scam often targets work-related email accounts and calendar apps. Warning signs include unsolicited calendar invites, misspellings in the link or sender address, and appointments that seem to be sent only to you. To protect yourself, adjust your calendar settings to prevent automatic updates. For Microsoft Outlook users, follow specific instructions to change settings, while Google users can limit which invitations appear on their schedule.

If you suspect a scam, avoid replying directly to the invitation. Instead, reach out to a trusted contact from the organization to confirm the meeting's legitimacy.

Another emerging threat is multi-factor authentication (MFA) scams. MFA apps, also known as "Two Step Verification," provide a code or prompt to verify account access. However, scammers can exploit this system by sending multiple verification requests, wearing down users until they accidentally approve a login they didn’t request.

Warning signs of an MFA scam include unexpected verification codes or multiple notifications without user prompting. To stay safe, pause before clicking on any notification. Use MFA apps that generate verification codes instead of sending push notifications, as the latter can be manipulated by scammers. Regularly changing passwords also helps reduce the risk of stolen credentials being used for extended periods.

Recognizing and Avoiding Email Scams with HTML Attachments

Email scams remain a persistent threat, particularly when they involve unknown HTML attachments. These files can redirect users to phishing pages or trigger malware downloads. Derek Manky, Chief Security Strategist and Global Vice President of Threat Intelligence at Fortinet, notes that even though this technique is old, it is still widely used.

HTML files contain code that can execute malicious scripts, such as JavaScript, which could install data-stealing tools or launch phishing pages. Fraudsters often mimic trusted names or services to trick users into opening attachments. Warning signs include unsolicited emails from unknown senders and suspicious-looking attachments.

To avoid falling victim, always exercise caution before opening any email attachments. Check for typosquatting in the URL, where domain names have minor variations from legitimate ones. If in doubt, verify the sender’s identity through alternative means before proceeding.

Staying Safe in a Digital World

As online threats continue to evolve, staying informed and proactive is essential. By recognizing the signs of scams and taking preventive measures, individuals can significantly reduce their risk of becoming victims. Whether it's adjusting calendar settings, using secure MFA methods, or carefully handling email attachments, small steps can make a big difference in protecting personal information in today’s digital landscape.