Erica Lahoda Web Girl
Facebook Instagram linkedin Find Us Menu
Do you need a Web Girl?

Hack or Scam?Is it a Hack, a Scam, or just Spam?

Recently I have encountered several requests to help with a possible hack, either on someone's email, or their social media. Often it turns out to not be a hack, but something related to a spam or scam. It's important to know the difference, and how to spot it.


A hack is when someone has figured out, or stolen, your password and has been able to log into your email, or social media account. They may send out spam emails to your contact list, or post links to dubious websites to your Facebook. Sometimes they will change your password, and contact email on file, so that you cannot log back in or recover the account.

If a hacker discovers an email/password combination that works on a site like Facebook, they will then try that combination on every other social media website out there. Often users will use the same password across multiple sites because it's easier, but that puts all your online accounts at risk.

Some hackers will try to hack a website's security (such as Facebook, or a recipe site, or a news site) and try to steal whole lists of logins. If they manage to steal that information, then the email/passwords combinations will then be tried on all sorts of online sites to see if they work anywhere else.


A scam could be a variety of things, but require the end user to believe the scammer, in order to steal money.

Microsoft Doesn't Call About Viruses:

This could be through an email or website, and may say that you have contracted a virus, and have phone a number highlighted, often a toll free number. You would then be tempted to call that number and provide personal information to the person on the other end. The scammer will attempt to gain remote access to your computer or phone and steal more information that could be used to access your banking. DO not call any 800, 888 or other number that 'pops up'.

Fake Invoice for a Common Online Shopping Site:

Another common email scam will look as though it is from a known site, like Amazon, Norton, or Paypal. It will be 'confirming' a charge to your credit card for a few hundred dollars. The end user will sometimes panic because they know they did not purchase anything, and will be tempted to call the phone number to 'cancel' the order. Do not call the number. Instead, first think if you have actually used Amazon or Paypal recently. Log in and check those accounts for the 'purchase', then check your credit card. Likely there is no charge.

No Real Entity asks for Gift Cards as Payment:

One scam that has risen in popularity lately is to scare the end user into purchasing gift cards and providing photos of the back of the cards, stealing that money, and disappearing. The threat of arrest due to 'unpaid taxes' is a common one. One that I've seen quite often is that the scammer will find out information on your business or non-profit through the website, and make a new GMail account, and then email from that account, pretending to be your company owner, or president, asking for gift cards, and to keep it quiet as it will be a surprise for staff. It doesn't matter that they have the boss's name spelled correctly, or it has a signature with the boss's name. That is easily faked. What is important is looking at the from email address. If you are unsure, contact that person they are pretending to be directly, and confirm the request for gift cards.

Facebook Cloning vs Facebook Hacking:

An easy Facebook scam is to clone someone's account. This is when a new Facebook account is created, and your name is used, and then your Profile Photo and Header are copied and uploaded to this new account. That information is public and available to everyone. Then the scammer will then attempt to friend all of your friends. Anyone who accepts will then be messaged and the scammer will start with small talk, then try to get your personal information, such as phone number. Or they will send you links to click on. Do not click on anything. If you are unsure if the person is real, engage in more small talk, but ask questions the real person would know. Then report and block them if you find out they are a scammer. 

Because your profile photo and header is public, and likely your friend list, your account could be 'cloned' at any time. The best defense is to make allllllllll your information and lists private. So only people you have friended can see your friend list.


A spam is simply just that, spam (or junk mail). It's emails from possibly dubious sites trying to sell you something that may be fake. Some may be from legitimate businesses, but many are not, and they are just  hoping you will click on a link so they can trick you. Spam emails could turn into a scam if you go to click on anything. 

Do not try to 'unsubscribe' from any of these emails if you did not subscribe in the first place. This will just let the spammer know the email is live, and they may try to send you more emails or share/sell the list of active email addresses. Just report it as spam, and delete and ignore the email, and even block the email it came from.


How do I avoid Scams or Hacks?

Tips for spotting a scam, and avoiding a hack:

  • Do not use the same password for every online account, especially social media and banking. A different password for each is best.
  • Yes, everything has a password. Your email or facebook password may be saved to the browser so you do not have to enter it each time, but it's impossible to have an email, or a social account without a password. You need to know all your passwords.
  • Don't be afraid to write your passwords down in a notebook. Keep it safe.
  • Passwords really should be 8 to 16 characters long, and not be all letters, or all numbers. A combination is better. Random is best. Random Password Generator
  • Never call an 800 or 888 number on a popup on a website that says you have a virus. If you can't close the window, just reboot the computer.
  • Microsoft will never call your home phone and say you have a virus. Just hang up.
  • Never go out and buy gift cards for anyone who says that you owe them money. Even if they say the Sherriff is on his way to arrest you. 
  • If in doubt if your bank / credit card company is really calling you, say you'll call them back, but get the phone # off the real website, or a recent statement, not from the caller.
  • Check links on an email. Don't click on them. Hover the mouse over them, and a preview of the link will be shown somewhere on the bottom of the window. If it looks really weird, don't click on it.
  • Silly spelling mistakes, or several spelling mistakes is often a sign of a spam / scam email
  • NEVER fill out those "fun" Facebook quizzes that ask for your home town, first pet's name, first best friend, etc. Those are to steal your 'security questions' answers.
  • Never hurts to limit the amount of personal information shared on the internet. With our society so intertwined with the internet, it can be hard. Be cautious.
  • Never be afraid to ask someone else if it's real or not. Doesn't cost anything to ask us for our opinion on something.

Quesnel Computer Guys