What is a scam?

A scam is a fraudulent activity in which the perpetrator deceives the victim through manipulation, deceit, and lies. More often than not, the objective is to swindle money with various types of scams perpetrated through digital means such as emails and websites

How do scams work?

Scammers can be very creative and resourceful when scamming people, which can make it harder to recognize. Below is a summary of the most often used types of scams.

Chain email

Chain emails are often harmless but can carry reputational damage if sent from a business email address. They often promise money from a high-profile celebrity if you forward the email to so many people. While no data or money is usually stolen, you may come across as naive and untrustworthy. Chain emails may also be used to harvest data such as email addresses. The data is then sold off to 3rd parties, including spammers.


In a cold call, a scammer calls your telephone number claiming to be someone they are not – such as technical support from a major IT company. They often invent bogus claims such as malware infection or billing issues in an attempt to gain access to your computer. They may also ask for money, usually in the form of gift cards.


In a phishing attack, the scammer will send a fake email pretending to be someone else, such as your bank. In the email, they ask for sensitive information or may ask you to perform a risky activity such as logging in to a website – which is fake and controlled by the scammer.


Whaling is a bit like phishing but specifically impersonates someone of authority – like a boss – to get the victim to share data out of fear. Another good reason to be an approachable boss.


In catfishing, the scammer creates a made-up identity with the aim of deceiving someone. Catfishing is mostly prevalent on dating websites and is often used to extort money from the victim who may divulge personal information.

While these are some of the most common types of scams, they are not the only ones. WordPress website administrators and owners should be careful of whom they trust with their website and data especially if you are hiring developers or technicians to do work on your website or purchasing software such as plugins and themes.

How to avoid scams

When it comes to avoiding scams, the good news is that most scammers put very little effort into the scam. Spelling mistakes are often atrocious and one of the biggest giveaways when it comes to detecting scams.

Some scammers do put effort into the scam and here is where you need to pay extra attention.

Security policies

It is of vital importance to enact security policies and ensure everyone abides by them. These policies should preempt scamming attempts by including policies such as all requests requiring phone verification.


Education is a very important aspect of scam prevention. Very few, if any, users willingly fall victim to scams – more often than not it’s a lack of education and training. Educating your WordPress users can help you strengthen your defense lines as everyone will keep an eye out for spam and recognize it.

Trust by verify

Before requiring all users to wear tinfoil hats before logging in to your website, consider enacting verification policies. Verifying information is often a simple activity and can save you a lot of time, and ultimately your business.

Implement 2FA

With two-factor authentication on WordPress, even if a user’s password is inadvertently leaked, the scammer will still not be able to gain access since they will also need the user’s phone. While this will not stop the scam, it can help you limit what the scammer is able to achieve.

Stay in the loop

Subscribe to the Melapress newsletter and receive curated WordPress management and security tips and content.

Newsletter icon

It’s free and you can unsubscribe whenever you want. Check our blog for a taste.

Envelope icon