Monthly Scam Test

Header
March 31, 2026

June Edition B

Q1  ·  Two days after Prime Day, you get a text: "Your Amazon package could not be delivered. Click here to reschedule." You did order something recently. What should you do?

A) Click the link since you are expecting a package anyway

B) Ignore the text and check your order status directly through the Amazon app or website

C) Reply "STOP" to the text

D) Forward the text to a friend to ask if it looks real

Correct Answer: B) Ignore the text and check your order status directly through the Amazon app or website

Why? Scammers send fake delivery texts after Prime Day because they know millions of people are expecting packages. Instead of clicking the link, always check your order directly in the Amazon app or on Amazon's official website.

Q2  ·  A TikTok video shows a doctor recommending a "metabolism reset" gummy. The comments are full of praise and a countdown timer says the discount ends in 10 minutes. What is the biggest red flag?

A) The product is a gummy, not a pill

B) The artificial urgency from the countdown combined with an unverifiable "doctor" endorsement

C) The video is under one minute long

D) It was posted on TikTok instead of Instagram

Correct Answer: B) The artificial urgency from the countdown combined with an unverifiable "doctor" endorsement

Why? Fake supplement ads often use pressure tactics like countdown timers and questionable "doctor" endorsements to rush people into buying before they have time to research the product. These are classic scam warning signs.

June Edition A

Q1 · You ask ChatGPT where to buy a product. It recommends a website with good reviews and a professional-looking storefront. You're ready to check out. What should you do before entering your card details?

A) Trust the recommendation — ChatGPT wouldn't suggest a scam site

B) Cross-check the website on ScamAdviser and look for independent reviews outside AI search results

C) Check if the site has a padlock icon in the browser

D) See how many products are listed on the homepage

Answer: B) Cross-check the website on ScamAdviser and look for independent reviews.

Why: AI tools can be manipulated by scammers who poison search results and reviews. A professional-looking website isn't proof that it's legitimate. Always verify the site independently before making a purchase.


Q2 · A package arrives at your home, but you never ordered anything. Inside is a cheap item and a QR code labelled "Register Your Product." What should you assume first?

A) A company is giving away free samples

B) It's a brushing scam, and the QR code could lead to a phishing website

C) The courier delivered the wrong package

D) It's a reward from a previous purchase

Answer: B) It's a brushing scam, and the QR code could lead to a phishing website.

Why: Brushing scams use unsolicited packages to create fake sales records and verify personal information. The QR code may direct you to a phishing page designed to steal passwords, payment details, or other sensitive information.

May Edition B

Q1 · You find a Facebook Marketplace listing for a designer prom dress at 80% off. The photos look professional, the seller has a profile, and the site it links to looks polished. What should you do before paying?

A) Buy immediately — 80% off deals don't last long
B) Run a reverse image search on the photos and check the domain age of the linked site
C) Check if the seller has Facebook friends in common with you
D) Ask the seller for more photos before paying

Answer: B) Run a reverse image search and check the site’s domain age.

Why: Scam shops often steal photos from real stores and hide behind brand-new websites that disappear after taking payments.


Q2 · You Google a well-known software brand and click the first result. The site looks identical to the real one — same logo, same layout. You're about to download. What's the biggest warning sign something is wrong?

A) The page loaded slightly slower than usual
B) The URL in the address bar is slightly different from the real brand's domain
C) The download button is a different colour
D) The page has no footer links

Answer: B) The URL is slightly different from the real brand’s domain.

Why: Scammers clone real websites almost perfectly, but the fake domain usually gives them away with tiny spelling changes or extra characters.

MAY Edition A

Q1. You get a call from your bank's exact phone number. The caller knows your name, the last 4 digits of your card, and says there's suspicious activity on your account. They ask you to confirm your full card number to "freeze the transaction." What do you do?

A) Confirm your card number — they already know so much
B) Hang up and call your bank back using the number on the back of your card
C) Ask them to email you the details instead
D) Give only the first 4 digits to test if they're real

Answer: B) Hang up and call your bank back using the number on the back of your card.

Why: Phone numbers can be spoofed, and scammers often already have partial information from data leaks. A real bank will never pressure you to reveal your full card number on an unexpected call. Always verify by calling the official number yourself.


Q2. You land on a website and a CAPTCHA box appears asking you to press Windows Key + R, paste a code, and hit Enter to "verify you're human." It looks like a normal security check. What's happening?

A) A legitimate accessibility feature for keyboard users
B) A fake CAPTCHA designed to run malware on your device — close the page immediately
C) A standard Windows security update prompt
D) A browser compatibility check — safe to proceed

Answer: B) A fake CAPTCHA designed to run malware on your device — close the page immediately.

Why: Real CAPTCHA tests never ask you to open the Run command or paste code into your computer. This trick is used to install malware, steal passwords, or give scammers remote access to your device. If a site asks you to run commands, close it immediately.

APRIL Edition B

Q1. You get a call from someone claiming to be a sheriff's deputy. They say you missed jury duty and a warrant has been issued for your arrest — unless you pay a $500 fine immediately via gift card to clear it. What do you do?

A) Pay the fine — you don't want to get arrested
B) Ask for their badge number and department, then hang up and call the court directly using the official number
C) Ask them to send the warrant by email first
D) Pay half now and negotiate the rest later

Answer: B) Ask for their details, hang up, and call the court directly using the official number.

Why: Real law enforcement won’t demand instant payment — and definitely not via gift cards. Urgency + unusual payment methods = scam.

Q2 · A popup appears on your iPhone: "Apple Security Breach — Your Apple ID has been compromised. Call Apple Support immediately: 1-800-XXX-XXXX." The logo looks real and the number seems official. What's the right move?

A) Call the number in the popup right away
B) Close the popup, go to apple.com/support directly, and use only Apple's official contact number
C) Restart your phone and call the number if the popup returns
D) Screenshot it and send it to the number to verify

Answer: B) Close the popup and go to Apple’s official support page directly.

Why: Legit companies don’t use random popups with phone numbers. Those alerts are designed to rush you into calling scammers.

April Scam Test

Q1  ·  A loud alarm goes off on your laptop and a fullscreen popup appears: "CRITICAL VIRUS DETECTED — Call Microsoft Support NOW: 1-800-XXX-XXXX." Your screen is frozen. What do you do?

A) Call the number immediately — it looks official

B) Force-close your browser using Task Manager or force-quit, then run your real antivirus

C) Click the "X" button on the popup to close it

D) Pay the fee shown — it's probably a real subscription renewal

Answer: B) Force-close your browser (Task Manager / force quit), then run your real antivirus.

Why: That popup is classic scareware — clicking anything or calling the number just pulls you deeper in

Q2  ·  You get a text from "PennDOT" saying your driver's license will be suspended in 24 hours unless you pay an outstanding fine through a link. The link looks official. What's the biggest red flag?

A) Government agencies never contact you by text with payment links

B) The fine amount seems too small

C) It came from an unknown number

D) The message has no spelling errors

Answer: A) Government agencies don’t send texts demanding urgent payment via links.

Why: That urgency plus the payment link combo is the real giveaway — not spelling or formatting.

March Scam Test

Would you hang up in time?

4 real scam scenarios. Read each one and pick your answer — then hit the button to see how you did.

Q1 · A caller says they're from the immigration department and your visa has an urgent issue. They demand your passport number immediately to avoid deportation. What's the most suspicious sign?

A) They mentioned deportation

B) Cold call + immediate demand for personal info on the spot

C) They knew your name

D) They have an official-sounding department name

Answer: B) Cold call + immediate demand for personal info on the spot
Why: Legit government agencies don’t cold call and pressure you for sensitive details immediately. The urgency + request is the biggest red flag.

Q2 · The caller's voice sounds slightly robotic but very formal. They give you a badge number and say you can verify it online. What do you do?

A) Look up the badge number they provided

B) Hang up and call the agency's official number from their website

C) Ask them to send an email instead

D) Ask for their supervisor

Answer: B) Hang up and call the agency's official number from their website
Why: Scammers can give fake badge numbers and fake verification sites. The only safe move is to independently contact the agency using their official contact details.

Q3 · A "customs officer" says a package in your name was intercepted with illegal items. They need a processing fee to clear your name. This is:

A) A legitimate customs procedure

B) A package interception scam — there is no package

C) A tax compliance issue

D) A delivery rerouting fee

Answer: B) A package interception scam — there is no package
Why: This is a classic scare tactic. There’s no package — just a story to pressure you into paying a “fee” to fix a problem that doesn’t exist.

Q4 · The caller warns you not to tell anyone about the investigation or you'll be arrested. This tactic is designed to:

A) Protect your legal rights

B) Isolate you so no one can warn you it's a scam

C) Comply with data protection law

D) Verify your identity securely

Answer: B) Isolate you so no one can warn you it's a scam
Why: Secrecy is a huge red flag. Scammers want to cut you off from friends or family who might help you realize what’s going on.

For more of this, you can head over to Scam Univeristy

Report a Scam!

Have you fallen for a hoax, bought a fake product? Report the site and warn others!

Help & Info

Top Safety Picks

Your Go-To Tools for Online Safety
Disclaimer: Some of the links here are affiliate links. If you click them and make a purchase, we may earn a commission at no extra cost to you.

  1. ScamAdviser App : That site looks legit. That's exactly how they get you. Modern scams are frighteningly convincing. ScamAdviser scans sites and blocks fraud calls automatically. Free on iOS & Android.
  2. NordVPN : NordVPN delivers powerful, seamless protection for your online life - whether you're at home, on public Wi-Fi, or traveling abroad. Recognized as one of the fastest VPN services available, it combines lightning-fast speeds with advanced encryption to keep
  3. Incogni : Incogni automatically removes your personal data from data brokers that trade in personal information online, helping reduce scam and identity theft risks without the hassle of manual opt-outs. Reclaim your privacy now!
  4. Private Internet Access (PIA) : PIA gives you a no-logs VPN built on the latest encryption standards and WireGuard protocol — meaning your browsing activity stays yours alone. Fast, private, and transparent. Take back your privacy today!
  5. Surfshark VPN : One subscription, unlimited devices. Surfshark is the fastest VPN out there — covering your phone, laptop, tablet and more with a stable, secure connection for browsing, streaming and working. Get Surfshark now!
  6. Proton VPN : Independently audited and built with a strict no-logs policy, Proton VPN is trusted by over 3 million users worldwide. It’s been named Best VPN by Wired, PCMag, and Vice—offering strong encryption for anyone who takes their privacy seriously. Give Proton

Popular Stories

In a nutshell: A good VPN protects your privacy with strong encryption, a strict no-logs policy, and fast protocols like WireGuard. The best VPNs also offer wide server coverage, leak protection, and easy-to-use apps for all devices. For 2025, the top providers are NordVPN, ExpressVPN, Surfshark, Proton VPN, Private Internet Access, CyberGhost, and Mullvad—each excelling in speed, security, or value. In an age where every click is tracked, a Virtual Private Network (VPN) is no longer just a luxury—it's an essential tool for digital privacy and security. A VPN works by creating a secure, encrypted tunnel between your device and the internet, masking your real IP address and protecting your sensitive data from prying eyes. But with hundreds of providers out there, how do you sort the secure from the suspect? This guide breaks down the non-negotiable features of a quality VPN and highlights the 7 top-rated services for 2025. What to Look for in a Good VPN: The 4 Non-Negotiable Pillars 1. Ironclad Security Features Strong Encryption: AES-256, the gold standard. Secure Protocols: OpenVPN, WireGuard, NordLynx, Lightway. Avoid PPTP. Kill Switch: Ensures no accidental IP leaks. Leak Protection: Covers DNS, IPv6, and WebRTC. 2. Verified Privacy Practices No-Logs Policy: No activity or metadata tracking. Independent Audits: Verification by third parties. Safe Jurisdiction: Prefer countries outside the 5/9/14 Eyes alliances. 3. High-Speed Performance Fast Protocols: WireGuard and equivalents. Large Server Network: Less crowding, more reliable speeds. 4. Essential Usability Features Multi-Device Apps: Windows, Mac, iOS, Android, routers. Simultaneous Connections: One account, many devices. Unblocking Power: Netflix, Hulu, BBC

This article has been updated by Jamie James on June 9 with the latest data and analysis we have found using real user reports and experiences submitted to ScamAdviser. Just received that terrifying notification? Or perhaps you've noticed suspicious activity in your accounts? Take a deep breath. Your email, password, phone number, home address, payment details, or identity documents may now be in places you cannot control. But the next steps do not have to be confusing. What matters most is how quickly you act, order, and know which exposed data creates the biggest risk. This guide explains what to do after a data breach, how to check the damage, and how to protect yourself from identity theft, account takeover, and follow-up scams. Quick Summary Verify the data breach notice through the company’s official website before clicking any links. Secure your primary email account first because it controls many password resets. Change the exposed password and every reused or similar password. Enable multi-factor authentication on email, banking, payment, cloud, and social accounts. Contact your bank or card issuer if payment or bank account details were exposed. Freeze or protect your credit if sensitive identity information was compromised. Watch for phishing messages, fake refund offers, and scam websites that use your leaked details. Starting with Data Breach Numbers The numbers don't lie: according to a 2024 report, the number of data breach victim notices has grown by a staggering 211% year-over-year. This isn't just a distant threat; it's a stark reality many individuals fa