Internet users surely do offer some kind of personal information whenever they create an account on the Internet (NortonOnline, 2022). Furthermore, information like date of birth, social security number, or security questions are things that the user has shared online without giving it much consideration at all. 

Furthermore, NortonOnline (2022), suggested that since it is normal to provide personal information on the web, scammers have developed various tactics, taking advantage of the user by tricking them into disclosing their private information. In addition to the prevalence of these attacks, there is a multitude of creative ideas, users need to be aware of that are used in online scams.

This article aims to shed light on the top 10 most creative ideas scammers have used over the years to fool users.

1) The Nigerian Prince Email Scam

This scam begins with the recipient receiving a suspicious email purporting to be associated with foreign officials or executives (AARP, 2022). In addition to that, the email asks for the recipient’s assistance in obtaining the funds out of the sender’s country in exchange for a portion of a multimillion-dollar inheritance. 

In addition to that, during the COVID-19 pandemic, Federal Law Enforcement Officials and cybersecurity experts have seen an influx in the creativity of these scammers. For instance, Bisson (2020), illustrated that these scams appear in the form of bogus claims for enhanced unemployment benefits and stimulus packages.

2) The Macau Scam

According to iMoney Editorial (2022), the Macau scam is said to have started in Macau where the first victims were initially from. The hoax frequently begins with a phone call from a person posing as an officer from a bank, government, law enforcement, or collection agency. 

The con artist will inform the prospective victim that they have an outstanding debt or payment, usually giving them a short period of time to settle the debts and payments (Buro247, 2021). Otherwise, they are said to have serious repercussions. The victims will then be requested to pay off their outstanding fees, to be released from their ‘obligations’.

3) The BigPay Scam

BigPay is an AirAsia-owned payment system that enables customers to pay with their mobile application or prepaid card. So, the BigPay scam follows a trend where scammers frequently pose as BigPay employees and request the victim’s personal information and OTP in order for the victim to get an upgrade on their card or receive a prize (Buro247, 2021). Despite the company’s repeated declarations of these frauds since 2021, offenders still take up this strategy to scam their victims.

Further, Buro247 (2021), highlighted some of the features of this scam which include scammers requesting for the OTP that had just appeared on the victim’s phone and the scammer presenting a red, limited-edition, or platinum card, in addition, to the usual blue card.

4) The Buro Malaysia Scam (Social Media)

Social Media scams are also on the rise and just as popular as email phishing scams. For instance, Buro247 (2021), stated that scammers attempted to be a part of the BURO Malaysia management team in order to access the Buro Malaysia Official account on Instagram.

From the lessons behind the Buro Malaysia Scam, some of the warning signs include, the sender’s email being a personal email, the email address is misspelt or containing extra space characters like a hyphen, period, or underscore (Buro247, 2021). Further, the email usually contains a dubious or truncated link in the email.

The Official Buro Malaysia reminded their clients to be aware of fake Buro accounts on social media. These accounts are usually private and unverified by the social media platform.

5) The Citibank Scam

This scam is also one of the most sophisticated scams recorded in History. Frankly, online banking services frequently preach about strong security measures and password-protected account access. However, even these reputable online banking services fall victim to Internet fraud (, 2019). 

For instance, (2019) illustrates, a scammer that created a pop-up that looked almost identical to the official Citibank page in the year 2003, and this pop-up initially prompted Citibank users to verify their banking information which then redirected these users to a server in Russia which had zero associations with Citibank.

6) The Google Docs Scam

Further, Woods (2022), warns that this hoax is currently one of the most prominent phishing schemes and has a more dangerous twist because the sender frequently assumes the identity of a person that they know.

This is done by a scammer that sends the user an email encouraging them to click on the link to view the said ‘document’. Additionally, the user is then redirected to a bogus ‘identical’ version of Google’s email login page (Woods, 2022). Once the user accepts the invitation and chooses a particular account to proceed to enter the Google Docs, the scammer now has full control of the account. 

7) The PayPal Scam

According to Woods (2022), PayPal, which accounts for 200 million customers, seems to be a quick and profitable instrument for online criminals with access to a platform that is directly connected to the victim’s credit card or bank account.
Furthermore, these emails usually contain the PayPal logo and a ‘legit’ footer note. This scam operates by inducing panic among its victim by sending them warning emails like “There are ongoing issues with your account, click here to resolve the issue” (Woods, 2022).

8) The Dropbox Scam

The cloud-sharing and storage platform Dropbox has experienced an increase in its use over the last few years. At the same time Woods (2022), explains that Dropbox has seen a surge in unscrupulous imitators.

To illustrate, a bogus Dropbox landing page is used by scammers to send unauthorized phishing emails that warn the recipients that their ‘file’ is too large (Woods, 2022). They provide the victim with an alternative to view the file. Mostly by prompting the victims to click on the link sent via the unauthorized email.

9) The Email Account (Outlook) Upgrade Scam

As of May 2022, Microsoft Outlook has seen attempts by scammers trying to steal users’ email login credentials. Furthermore, the subject line was grammatically incorrect along with the choice of poor wordings.

The email content had references to the user’s low bandwidth and inability to upgrade their account credentials (Wood, 2022). Hence, prompting the user to click on the link provided. Additionally, Wood (2022), illustrates when the user clicks on the link, they are redirected to a sophisticated look-alike of the Outlook Login page. The victim’s email and password would have already been done harvesting upon entering their login credentials to rectify the ‘issues’.

10) The Unlicensed Money Lending Scam

A myriad of con artists is out there pretending to offer loans to get into possession of the victim’s money. Some warning signs to look out for are paying processing fees upfront to acquire the loan and then vanishing as soon as they take the maximum amount of payment from the victim (iMoney Editorial, 2022).  


In short, the top 10 creative online scams listed above ranged from scammers posing as bank or government officials to illegal lending companies hoping to deceive the individuals that fell prey to their creative online scams. There is a lot more that needs to be done to prevent individuals and employees from being victims of these scams.  Additionally, the objective of this article was to increase employee awareness and understanding of common online scams happening in the cyber world.


Condition Zebra is a CREST-certified and ISO 27001:2013 company that offers Professional Cybersecurity Solutions and Cybersecurity Training for SMEs in various industries, including Financial Services (Banks & Insurance), Government Ministries & Agencies, and Government-linked companies.

If you’re looking to leverage our expertise, that is to get the best solutions that demonstrate the highest levels of knowledge, skills, and competence, then reach out to us today!

How we can help:

1) Free Phishing Security Test

Every internet user is encouraged to play their role in educating themselves about the dangers of these online scams. Condition Zebra provides a safe space to do Email Phishing Simulations through their Free Phishing Test that IT teams can implement for all their employees.

Find out what percentage of your employees are at risk and how many of your users are clicking on phishing links.

Click here for a Free Phishing Security Test 

2) Train your users

Introducing, KnowBe4 Security Awareness Training Platform, the world’s largest library of security awareness training content, including interactive modules, videos, games, posters, and newsletters. Automated training campaigns with scheduled reminder emails

The significance of cybersecurity awareness training for employees cannot be overstated. If they are well taught and aware of the types of attacks they may face, they will know what action to take. This will protect them against any type of attack, regardless of its severity.

Click here to learn more about IT Security Awareness Program


AARP (2019) What you need to know about Nigerian prince scams, AARP. AARP. Available at: (Accessed: December 23, 2022). 

Bisson D. (2020) Covid-19 scam roundup – April 14, 2020, Tripwire. Available at: (Accessed: December 23, 2022). 

Buro247 (2021) 5 common types of scams in Malaysia and the red flags to know to avoid them, BURO. Available at: (Accessed: December 23, 2022). (2019) Internet scams: Top 20 hilarious and creative scams, Internet Scams: Top 20 Hilarious and Creative Scams. Available at: (Accessed: December 23, 2022).

iMoney Editorial (2022) 7 common money scams in Malaysia you need to know about, iMoney Malaysia. Available at: (Accessed: December 23, 2022). 

NortonOnline (2022) 20 types of phishing attacks + examples and prevention tips, Norton. Available at: (Accessed: December 23, 2022). 

Woods, E. (2022) The most common examples of phishing emails, usecure Blog. usecure ltd. Available at: (Accessed: December 23, 2022). 

How To Create An IT RFP

Share this: