Scam Red Flags Checklist

This reference outlines the most common warning signs of scams and digital fraud observed across social media, e-commerce, banking, job portals, and messaging platforms.
It is designed for readers who want quick, factual guidance on what to look for before clicking, responding, or sharing information online.

1. Unrealistic Offers or Rewards

Fraudsters attract attention with promises that appear effortless or unusually rewarding.
If something feels “too good to be true,” it usually is.

Examples:

  • Cash gifts, prizes, or iPhones for completing surveys.
  • Investment returns that exceed normal market rates.
  • Job offers with high salaries and no interviews.

What to do:

  • Always research the company or campaign name before engaging.
  • Avoid paying any “registration” or “processing” fees.

2. Urgent or Threatening Messages

Scams often create a false sense of urgency to make victims act quickly.
These messages rely on fear, authority, or emotional pressure.

Common phrases:

  • “Your bank account will be suspended.”
  • “Act now or lose your package.”
  • “We detected unusual login activity.”

What to do:

  • Stop and verify through official contact points (not reply or link).
  • Real institutions never rush you into decisions or penalties.

3. Suspicious Links and Attachments

Malicious links are one of the most common infection and phishing vectors.

Indicators:

  • Domains with misspellings (e.g., dllmahb.shop instead of dilmah.com).
  • Shortened or random URLs sent by strangers.
  • Files labeled “invoice.pdf” or “payment.zip” from unknown senders.

What to do:

  • Hover over links before clicking to reveal the real URL.
  • Don’t open attachments unless you requested them.

4. Requests for Personal or Financial Data

Legitimate entities never request passwords, PINs, or OTPs via chat, call, or email.
This is one of the clearest red flags.

Typical scenarios:

  • Courier services asking for card details to “release” a package.
  • Banks requesting verification through links in SMS messages.
  • KYC or identity “updates” through third-party sites.

What to do:

  • Enter credentials only on verified, HTTPS websites.
  • Contact the company through the official app or phone number.

5. Impersonation of Trusted Organizations

Fraudsters frequently clone the look of brands, NGOs, or even government offices.

Warning signs:

  • Slight changes in logos, brand colors, or domain names.
  • Emails from free domains (e.g., gmail.com, outlook.com) claiming to be official.
  • Social media pages created recently with few followers.

What to do:

  • Cross-check URLs and social media verification badges.
  • Visit the official site directly instead of following shared links.

6. Emotional Manipulation

Emotions such as fear, greed, sympathy, or attraction are used to bypass rational thinking.

Common cases:

  • “Emergency” messages pretending to be from relatives or friends.
  • Romance or relationship scams asking for money or privacy.
  • Charity appeals with unverified stories and emotional photos.

What to do:

  • Pause before sending funds or personal details.
  • Verify identities with a phone or video call.

7. Fake Job, Internship, or Survey Offers

Fraudulent recruiters use WhatsApp or Telegram to promise remote work, part-time data entry, or referral bonuses.

Red flags:

  • Tasks involving liking or sharing posts for payment.
  • Requests to pay “security deposits” or buy digital packages.
  • Payment through unofficial wallets or personal bank accounts.

What to do:

  • Check the company’s LinkedIn or official careers page.
  • Avoid giving ID copies or selfies until identity is verified.

8. Fake Shopping & Delivery Sites

Fake e-commerce stores mimic well-known retailers or use domains resembling legitimate brands.

Red flags:

  • Extremely low prices and free shipping on all items.
  • No contact number, return policy, or business registration.
  • URLs ending with unfamiliar domain extensions like .shop, .cyou, .top, etc.

What to do:

  • Search reviews and WHOIS records of the domain.
  • Prefer cash on delivery or established platforms.

9. Investment, Crypto & Loan Scams

Fraudulent investment platforms and crypto “projects” are widespread, especially on social media.

Red flags:

  • Guaranteed or fixed returns.
  • Influencers promoting unknown financial apps.
  • Lack of company registration or contact details.

What to do:

  • Check Central Bank or SEC warnings before investing.
  • Never transfer funds to personal wallets or unlicensed brokers.

10. Identity Theft & KYC Abuse

Scammers collect ID cards and selfies through fake verification or account setup requests.
These are later used for SIM registration, loan fraud, or mule accounts.

What to do:

  • Never upload NIC/passport photos on unverified links.
  • Blur or watermark your ID before sharing for legitimate reasons.

11. Social Media Giveaways & Brand Imitations

Fake brand pages run “giveaways” to collect personal info or drive traffic to phishing sites.

Warning signs:

  • Duplicate pages with minimal content.
  • Comments disabled or engagement limited to bots.
  • Requests to register through external links.

What to do:

  • Verify official social media accounts through the brand’s main website.
  • Report impersonating pages immediately.

12. Technical Support or Recovery Scams

Fraudsters pose as “support staff” claiming to fix malware or recover locked accounts.

Red flags:

  • Cold calls about “virus infections.”
  • Remote-access apps like AnyDesk or TeamViewer requested.
  • Demands for payment through gift cards or crypto.

What to do:

  • End contact immediately.
  • Seek help only from verified service providers.

Summary

Most scams rely on speed, trust, and lack of verification.
If something feels rushed, emotional, or oddly beneficial — stop, verify, and report.

Stay informed. Stay skeptical. Stay secure.