Skip to main content

Be an Educated Consumer

As a consumer, the most important thing is to be educated! It is essential to know your rights, and stay informed on how to keep your personal and financial information safeguarded against scams. Be on the lookout for red flags - Recognizing the common signs of a scam could help you avoid one.

Known Scams:

  • Grandparent Scam
  • Tax/IRS Scam
  • Online Dating and Romance Scams
  • 'One-Ring' Phone Scam
  • Phishing Scams
  • Skimming
  • Online Shopping Scams


Grandparent Scam

Multiple grandparent scam scenarios have been reported and the number of reported incidents continues to increase. In 2021, the Federal Trade Commission received over 12,700 complaints from people ages 60 and older about scammers claiming to be family members or friends in trouble to trick people in providing money. These reports added up to $23.8 million in total losses.

Common Elements of a Grandparents Scam:

  1. Impersonation of Family - Scammers exploit grandparents' love by pretending to be a grandchild or relative in need of emergency cash. This scam starts with a call or text from a fraudster posing as a panicked grandchild or family member who is in trouble and requires immediate financial assistance. In some scam scenarios, the scammer impersonates an arresting police officer, a lawyer, or a doctor, who is calling on behalf of the relative in trouble.
  2. Urgent and Immediate Need for Money - To create a sense of urgency, the caller may claim to be hospitalized, in jail or stuck in a foreign country.  In all cases, the scammers ask that money be sent immediately. Scammers often try to pressure victims into transferring money through a mobile payment app, by wiring money, or by purchasing gift cards or money orders. A new variation of this con has surfaced recently where the scammer pressures victims to put money in an envelope to be picked up at their house by a courier. Several incidents of courier pickups have been reported throughout New York State over the past year.
  3. Insistence on Secrecy - The caller insists that parents or other family members not be informed. The scammer may claim there is no time to speak to others or that the grandchild will be embarrassed if other family members know about the situation. The scam artists know that once you contact another family member, you will likely discover the scam.

How To Avoid the Ever-Evolving Grandparent Scam:

  • Resist the urge to act immediately no matter how dramatic the story
  • Don’t engage with the caller or reply to the text. Contact the grandchild or family member directly to confirm the story.
  • Don’t give your address, personal information, or cash to anyone who contacts you. Scammers will likely ask you to send them a gift card, wire money, or offer to pick up cash at your home. They prefer these methods because they are difficult to trace.
  • Check your social media privacy settings since most social media is public by default, and be careful of what information you put online. Social media is an easy place for scammers to find personal information they can use to prey on the fears of grandparents.
  • To learn more about scams targeting older consumers, please see these tips to learn more about how to protect against fraud targeting seniors.

This information was brought to you by The New York State Division of Consumer Protection.


Tax/IRS Scam

Per the Internal Revenue Service; Thousands of people have lost millions of dollars and their personal information to tax scams. Scammers use the regular mail, telephone, or email to set up individuals, businesses, payroll and tax professionals. The IRS doesn't initiate contact with taxpayers by email, text messages or social media channels to request personal or financial information.

New York taxpayers need to be vigilant against scams targeting taxpayers not only during tax season, but also year-round.

While taxpayer scams can take on a variety of forms, the following are examples of scams to look out for:

Phone calls from individuals posing as officials from the Internal Revenue Service (IRS).

In most cases, a victim of this scam will be instructed by the caller to promptly submit payment for money owed to the IRS through a pre-loaded debit card or wire transfer. If the victim is hesitant, the scammer may threaten police arrest or license revocation. The scammer may also send bogus IRS e-mails or have others call pretending to be from the DMV or local police. For this scam, the actual phone number of the IRS, DMV and local police may register on the caller ID screen through a technique called “spoofing”. The caller may already know your name and be able to recite the last four digits of your Social Security Number.

The New York State Division of Consumer Protection warns consumers to be wary of phone calls requesting money or personal information. To prevent falling victim to this type of scam, please take note of the following tips:

  • Keep in mind that the IRS will typically first initiate contact with a taxpayer concerning a tax issue via mail. The IRS does not request personal or financial information through email and will not ask for credit card numbers over the phone.
  • Call the IRS at 1-800-829-1040 if you think you owe taxes or need help with a payment issue.
  • Hang up the phone immediately if someone claiming to be from the IRS unexpectedly calls and threatens police arrest, deportation or license revocation.
  • Report anything suspicious to the Treasury Inspector General for Tax Administration at 1-800-366-4484 and the Federal Trade Commission (FTC). Please visit the FTC website at and add "IRS Telephone Scam" to the comments of your complaint.

Scam artists fraudulently posing as tax preparers.

Scammers may make false claims on others’ tax returns, or even steal their refunds. They will often attempt to take advantage of those who might not otherwise have to file tax returns, such as the elderly or low-income households. Working with a phony or dishonest tax preparer also poses the threat of identity theft.

If you choose to file your tax return using a tax preparer, take precautions to protect your refund and prevent identity theft by keeping the following tips in mind:

  • Work only with those whom you have researched thoroughly. Avoid preparers who claim they can obtain larger refunds than other preparers can, as well as those who base their fee on a percentage of your refund.
  • Make sure your tax preparer is willing to sign your return and provide their IRS Preparer Tax Identification Number (PTIN). The preparer must also provide you with a copy of the return.
  • Look over your return carefully – you are legally responsible for what’s on it. Similarly, never sign a blank return.
  • If you suspect a return preparer filed or altered a return without your consent, report it to
  • the IRS by downloading Form 14157 and Form 14157-A on the website. You can order them by mail at 800-TAX-FORM (800-829-3676).

To report fraudulent activity by a tax preparer with contact the NYS Tax Department’s Office of Professional Responsibility at (518) 530-HELP (option #2) or file a tax preparer complaint online

This information was brought to you by the New York State Division of Consumer Protection.


Online Dating and Romance Scams

Consumers are being alerted to exercise caution on internet dating sites. While online dating is a popular way to meet new people, you may also encounter scammers who are looking to take your money.

Many of these scammers are from foreign countries but are posing as someone else. They often use pictures from the internet for their profiles and disguise their voice on the phone. Sometimes these con artists will send small gifts to express deep affection towards to their victims. Eventually, they request a large sum of money, usually as a loan, to be wired to them for things ranging from business investments, property, debts, and more. Once they receive the money, they usually stop all contact with the victim or sometimes ask for even more until the victim becomes suspicious. Unfortunately, even when victims realize they are being scammed it is very difficult to track down the perpetrator and only small percentages ever see their money again.

Protect yourself from online dating scams by following these tips:

  • Never loan money to someone, particular overseas, that you have not met.
  • Be cautious of people online who say they are American but are abroad and are trying to get home due to a traumatic life incident, even if it is to come visit you.
  • Do not give out personal information to someone online, especially if you have not met them before.
  • Use trusted online dating sites, but still exercise caution.
  • Avoid people online who ask for money. They are almost always scammers.

Romance scams occur when a criminal lies about their identity and uses romantic interest to manipulate or steal from the victim. Thieves use different variations of these scams to deceive unsuspecting daters. One common variation used is sextortion, where scammers encourage victims to send intimate images of themselves then demand money to keep it a secret and threaten to expose the victim to their contacts, family, friends and colleagues if payment isn’t sent.

Although almost any age group can be lured into romance scams, the following groups are most frequently targeted:

  • Teens (especially teen boys)
  • College Students
  • Men and Women over age 40
  • Seniors, especially widows, widowers and recent divorcees

Common Elements of a Romance or Sextortion Scam:

  • Fake Profile Pictures: Scammers create the illusion of someone you would be attracted to and trust. They seek opportunities to meet someone online and create profiles on a wide range of online platforms including social media, dating sites, messaging apps and porn sites. They often use pictures from the internet for their profile and may disguise their voice on the phone.
  • Build Trust: Scammers are patient and will communicate for weeks or months until they’ve earned your trust.
  • Unavailable to meet in person: Scammers may propose an in-person meeting, claiming they will travel to see you, but there will be a last-minute emergency preventing it from happening. Be suspicious of anyone who says they want to meet but then always makes excuses for why they can’t.
  • Request Money: Scammers often start by requesting small amounts of money and paying it back quickly to build trust. Eventually, the scammers will request a large sum of money, usually as a loan, to be wired to them for things ranging from business investments, property, debts, illness and more. They may even ask for money for airfare so they can visit you. Once they receive the money, the scammer will often ask for more or create a new reason they need to borrow money. This will continue until the victim becomes suspicious, at which point the scammer will usually stop all contact and disappear.
  • Request Explicit Images or Videos: Some online encounters end in unwanted behaviors including extortion. Scammers may request or coerce victims into sending intimate, explicit images or videos of themselves. They may even coerce victims to perform intimate acts on camera.

Tips to Avoid Romance or Sextortion Scams:

  • If someone you haven’t met in person asks you for money, assume it is a scam, even if they say they need it for an emergency or traumatic life event. Never give or loan money to someone that you have not met in person.  
  • Do not give out personal information to someone online, including payment and banking information, especially if you have not met them before.
  • Use trusted online dating sites, but still exercise caution. Beware of online interactions that quickly ask you to leave a dating service or social media site to communicate directly.
  • Be cautious of people you meet online who say they are an American abroad or a deployed soldier.
  • Schedule a video-chat early in the relationship to ensure they are the person they are presenting in their profile.
  • Research anyone in whom you have an interest. Ask questions. Look them up online. Verify details where you can.
  • Do a reverse image search of the person’s profile picture. If it is linked to another name or details that don’t line up, it’s likely a scam.
  • Familiarize yourself with privacy settings of all your online platforms and consider limiting who has access to your personal information, contact lists and location.
  • Turn off or cover your web cameras when you’re not using them.
  • To thwart sextortion scams, talk to your children and teens about online safety and online luring. Many sextortion incidents occur on Instagram or Snapchat. Remind them that pictures or videos can be saved by others and used later for blackmailing. Check out additional resources for talking to children and teens on the FBI website.

New Yorkers who have fallen victim to a romance or sextortion scam should report it to the Federal Trade Commission at or the FBI’s Internet Crime Complaint Center at  Notify the social networking site or app where you met the scammer, too.

This information was brought to you by the New York State Division of Consumer Protection.


'One-Ring' Phone Scam

For illegal robocallers, the goal isn't always getting you to answer. Sometimes, it's getting you to call back.

Every so often, your phone may ring once and then stop. If that happens to you, and you do not recognize the number, do not return the call. You may be the target of a "one-ring" phone scam.

One-ring calls may appear to be from phone numbers somewhere in the United States, including three initial digits that resemble U.S. area codes. But savvy scammers often use international numbers from regions that also begin with three-digit codes – for example, "232" goes to Sierra Leone and "809" goes to the Dominican Republic. Scammers may also use spoofing techniques to further mask the number in your caller ID display.

If you call back, you risk being connected to a phone number outside the U.S. As a result, you may wind up being charged a fee for connecting, along with significant per-minute fees for as long as they can keep you on the phone. These charges may show up on your bill as premium services, international calling, or toll-calling.

Variations of this scam rely on phony voice-mail messages urging you to call a number with an unfamiliar area code to "schedule a delivery" or to notify you about a "sick" relative.

How to avoid this scam

  • Don't answer or return any calls from numbers you don't recognize.
  • Before calling unfamiliar numbers, check to see if the area code is international.
  • If you do not make international calls, ask your phone company to block outgoing international calls on your line.
  • Always be cautious, even if a number appears authentic.

Filing a complaint with the FCC

If you are billed for a call you made as a result of this scam, first try to resolve the matter with your telephone company. If you are unable to resolve it directly, you can file a complaint with the FCC at no cost.

Filing a complaint with the Federal Trade Commission

If you feel that you are a victim of an international phone scam, you can file a complaint with the FTC.

This information was brought to you by the Federal Communications Commission


Phishing Scams

Scammers use email or text messages to try to steal your passwords, account numbers, or Social Security numbers. If they get that information, they could get access to your email, bank, or other accounts. Or they could sell your information to other scammers. Scammers launch thousands of phishing attacks like these every day — and they’re often successful.

Scammers often update their tactics to keep up with the latest news or trends, but here are some common tactics used in phishing emails or text messages:

Phishing emails and text messages often tell a story to trick you into clicking on a link or opening an attachment. You might get an unexpected email or text message that looks like it’s from a company you know or trust, like a bank or a credit card or utility company. Or maybe it’s from an online payment website or app. The message could be from a scammer, who might

  • say they’ve noticed some suspicious activity or log-in attempts — they haven’t
  • claim there’s a problem with your account or your payment information — there isn’t
  • say you need to confirm some personal or financial information — you don’t
  • include an invoice you don’t recognize — it’s fake
  • want you to click on a link to make a payment — but the link has malware
  • say you’re eligible to register for a government refund — it’s a scam
  • offer a coupon for free stuff — it’s not real

Here are signs that this email is a scam, even though it looks like it comes from a company you know — and even uses the company’s logo in the header:

  • The email has a generic greeting.
  • The email says your account is on hold because of a billing problem.
  • The email invites you to click on a link to update your payment details.

While real companies might communicate with you by email, legitimate companies won’t email or text with a link to update your payment information. Phishing emails can often have real consequences for people who give scammers their information, including identity theft. And they might harm the reputation of the companies they’re spoofing.

How To Protect Yourself From Phishing Attacks

Your email spam filters might keep many phishing emails out of your inbox. But scammers are always trying to outsmart spam filters, so extra layers of protection can help. Here are four ways to protect yourself from phishing attacks.

1. Protect your computer by using security software. Set the software to update automatically so it will deal with any new security threats.

2. Protect your cell phone by setting software to update automatically. These updates could give you critical protection against security threats.

3. Protect your accounts by using multi-factor authentication. Some accounts offer extra security by requiring two or more credentials to log in to your account. This is called multi-factor authentication. The extra credentials you need to log in to your account fall into three categories:

  • something you know — like a passcode, a PIN, or the answer to a security question.
  • something you have — like a one-time verification passcode you get by text, email, or from an authenticator app; or a security key
  • something you are — like a scan of your fingerprint, your retina, or your face.

Multi-factor authentication makes it harder for scammers to log in to your accounts if they do get your username and password.

4. Protect your data by backing it up. Back up the data on your computer to an external hard drive or in the cloud. Back up the data on your phone, too.

What To Do if You Suspect a Phishing Attack

If you get an email or a text message that asks you to click on a link or open an attachment, answer this question: 

Do I have an account with the company or know the person who contacted me?

If the answer is “No,” it could be a phishing scam. Go back and review the advice in How to recognize phishing and look for signs of a phishing scam. If you see them, report the message and then delete it.

If the answer is “Yes,” contact the company using a phone number or website you know is real — not the information in the email. Attachments and links might install harmful malware.

What To Do if You Responded to a Phishing Email

If you think a scammer has your information, like your Social Security, credit card, or bank account number, go to There you’ll see the specific steps to take based on the information that you lost.

If you think you clicked on a link or opened an attachment that downloaded harmful software, update your computer’s security software. Then run a scan and remove anything it identifies as a problem.

How To Report Phishing

If you got a phishing email or text message, report it. The information you give helps fight scammers.

Spoofing and Phishing 


Spoofing is when someone disguises an email address, sender name, phone number, or website URL—often just by changing one letter, symbol, or number—to convince you that you are interacting with a trusted source.

For example, you might receive an email that looks like it’s from your boss, a company you’ve done business with, or even from someone in your family—but it actually isn’t.

Criminals count on being able to manipulate you into believing that these spoofed communications are real, which can lead you to download malicious software, send money, or disclose personal, financial, or other sensitive information.


Phishing schemes often use spoofing techniques to lure you in and get you to take the bait. These scams are designed to trick you into giving information to criminals that they shouldn’t have access to.

In a phishing scam, you might receive an email that appears to be from a legitimate business and is asking you to update or verify your personal information by replying to the email or visiting a website. The web address might look similar to one you’ve used before. The email may be convincing enough to get you to take the action requested.

But once you click on that link, you’re sent to a spoofed website that might look nearly identical to the real thing—like your bank or credit card site—and asked to enter sensitive information like passwords, credit card numbers, banking PINs, etc. These fake websites are used solely to steal your information.

Phishing has evolved and now has several variations that use similar techniques:

  • Vishing scams happen over the phone, voice email, or VoIP (voice over Internet Protocol) calls.
  • Smishing scams happen through SMS (text) messages.
  • Pharming scams happen when malicious code is installed on your computer to redirect you to fake websites.

Spoofing and phishing are key parts of business email compromise scams.

This information was brought to you by the Federal Trade Commission and the Federal Bureau of Investigation.


Skimming: Fuel Pumps and ATM/POS Terminals

Skimming occurs when devices illegally installed on ATMs, point-of-sale (POS) terminals, or fuel pumps capture data or record cardholders’ PINs. Criminals use the data to create fake debit or credit cards and then steal from victims’ accounts. It is estimated that skimming costs financial institutions and consumers more than $1 billion each year.

Fuel Pump Skimming 

  • Fuel pump skimmers are usually attached in the internal wiring of the machine and aren’t visible to the customer.
  • The skimming devices store data to be downloaded or wirelessly transferred later.

Tips When Using a Fuel Pump

  • Choose a fuel pump that is closer to the store and in direct view of the attendant. These pumps are less likely to be targets for skimmers.
  • Run your debit card as a credit card. If that’s not an option, cover the keypad when you enter your PIN.
  • Consider paying inside with the attendant, not outside at the pump.

ATM and POS Terminal Skimming 

  • ATM skimmer devices usually fit over the original card reader.
  • Some ATM skimmers are inserted in the card reader, placed in the terminal, or situated along exposed cables.
  • Pinhole cameras installed on ATMs record a customer entering their PIN. Pinhole camera placement varies widely.
  • In some cases, keypad overlays are used instead of pinhole cameras to records PINs. Keypad overlays record a customer’s keystrokes.
  • Skimming devices store data to be downloaded or wirelessly transferred later.

Tips When Using an ATM or POS Terminal

  • Inspect ATMs, POS terminals, and other card readers before using. Look for anything loose, crooked, damaged, or scratched. Don't use any card reader if you notice anything unusual.
  • Pull at the edges of the keypad before entering your PIN. Then, cover the keypad when you enter your PIN to prevent cameras from recording your entry.

  • Use ATMs in a well-lit, indoor location, which are less vulnerable targets.
  • Be alert for skimming devices in tourist areas, which are popular targets.
  • Use debit and credit cards with chip technology. In the U.S., there are fewer devices that steal chip data versus magnetic strip data.
  • Avoid using your debit card when you have linked accounts. Use a credit card instead.
  • Contact your financial institution if the ATM doesn't return your card after you end or cancel a transaction.

The Erie County Bureau of Weights & Measures employs Deputy County Sealers who routinely check gas pumps as part of their daily responsibilities. This ensures consumers who shop in Erie County, NY are protected against skimming devices. If a skimming device is found on a gas pump, the Deputy County Sealer immediately contacts State and Federal agencies. Immediate reporting to law enforcement ensures that any skimming device is properly removed and an investigation is initiated.  

This information was brought to you by the Federal Bureau of Investigation.


Online Shopping Scams

Fake websites and apps

Scammers often create fake websites that are so similar to the sites of popular retailers, it easily tricks consumers into providing payment information. The scammers take your information and your money, but you never receive the products. Scammers have also developed fake apps that contain malware. When you download the app, the malware steals personal information from your device or locks it, holding it for ransom until you pay the scammers. Other types of fraudulent apps ask you to login using your social media or email accounts that could expose your personal information for the scammers to steal.

Be careful of apps or websites that ask for suspicious permissions, such as granting access to your contacts, text messages, stored passwords, or credit card information. Also, poor grammar or misspelled words in an apps’ description or on a website is a red flag that it is not legitimate.

Email links

Avoid clicking on links in unsolicited emails or emails from unfamiliar sources. The links may lead to an illegitimate website attempting to get you to enter your credit card or other personal information. Some links may download malware (malicious software, such as computer viruses) to your computer when you click on them that can steal your banking information, including login identification, passwords, and credit or debit card numbers. These emails typically look very similar to ones sent by well-known retailers, banks, and other entities.

Be on the lookout for emails that have typos or other obvious mistakes. In addition, be skeptical of email attachments described as coupons, rebates, or payment forms – they could include malware. And avoid email offers that seem “too good to be true.” If an email promises popular items for free or a surprisingly low price, it is probably a scam.

Making payments on unsecure sites

Before paying for a purchase online, make sure the website you’re on has “https” at the beginning of its URL with a lock symbol:

lock with url http://

This means the site has a protected network connection. Websites with “http” at the beginning of the URL with no “s” are more vulnerable to attacks by scammers who steal credit card information by monitoring network traffic. Also be aware of pop-up windows that appear while you are on a website asking for your credit card information to receive coupons or to win free items. Legitimate companies do not ask for your personal information for those purposes.

Using public wifi to shop or access sensitive information

Wireless connectivity, also known as wifi, allows your laptop, PC, or mobile device to connect to the internet without a physical wire connection. Many restaurants, hotels, libraries, and other places offer free public wifi, which is convenient when you’re on the go. However, these networks may not be secure (since they either do not require a password or provide the same generic password to all customers for access) and may expose your personal and banking information to scammers looking to steal names, social security numbers, and bank account numbers.

Avoid using public wifi to make purchases online, login to your financial accounts, or access other sites that have sensitive information about you. It’s also a good idea to stick with websites that have “https” encryption (discussed above) when in public places.

Package delivery confirmation scams

This scam is especially popular during the holidays when people receive gifts through the mail that they may not be expecting.

The scammers call or email claiming to be from the U.S. Postal Service or a major shipping company and state that you have a package waiting for delivery. To ensure the package is meant for you, you are asked to provide personal information, which the scammers steal to use to open credit accounts in your name. In response to this scam, the U.S. Postal Service explained it does not call people and ask for personal information if there is a problem with a delivery. Visit Fake USPS Phone Calls for more information.

This information was brought to you by the Federal Deposit Insurance Corporation.


How To Avoid a Scam

Block unwanted calls and text messages. Take steps to block unwanted calls and to filter unwanted text messages.

Don’t give your personal or financial information in response to a request that you didn’t expect. Honest organizations won’t call, email, or text to ask for your personal information, like your Social Security, bank account, or credit card numbers.

If you get an email or text message from a company you do business with and you think it’s real, it’s still best not to click on any links. Instead, contact them using a website you know is trustworthy. Or look up their phone number. Don’t call a number they gave you or the number from your caller ID.

Resist the pressure to act immediately. Honest businesses will give you time to make a decision. Anyone who pressures you to pay or give them your personal information is a scammer.

Know how scammers tell you to pay. Never pay someone who insists you pay with cryptocurrencya wire transfer service like Western Union or MoneyGram, or a gift card. And never deposit a check and send money back to someone.

Stop and talk to someone you trust. Before you do anything else, tell someone — a friend, a family member, a neighbor — what happened. Talking about it could help you realize it’s a scam.

This information was brought to you by the Federal Trade Commission.