Have you been scammed lately? Chances are you’re not alone

With a loss of €56,283 in cryptocurrency investments, 2025 did not start well for a Limassol man who fell victim to a cyber fraud in the first week of the new year. Then, as the months went on, more and more cases of unlucky Cypriots have found themselves in similar trouble, tricked by scams, helplessly watching their savings disappear and with little chance of getting their money back.

And while quite a few of them made it on to the news with the police issuing warnings to the public – the Cyprus Mail has reported on over 30 cases since the beginning of the year – the true scale of how much damage scams have done remains unclear.

The scams can range from a couple of hundred euros paying off a fake traffic fine to thousands as in the case of the Limassol man.

According to the cybercrime department of the police, concrete information on how many scams have been reported is currently unavailable.

No matter how much money you have in the bank being scammed hurts: for some it’s their pride, for others their very financial future.

Spoiler alert: being scammed is not a matter of credulity. Chances are you’re not too naïve, but the scammers are pretty damn good at what they’re doing.

Despite their seemingly limited financial and ethical resources, scammers appear to have an endless supply of creativity. The scale ranges from impersonating government officials, setting up fake websites to pay traffic fines, the electricity authority (EAC) or even claiming to be the Cyprus Mail and posing as our journalists or Sir Stelios Haji-Ioannou – with the never-changing aim to trick people into paying money.

“Scams are usually sent as ‘urgent’ and ask for immediate action to be taken, may contain spelling/grammar mistakes, request the receiver to insert personal information and/or codes/passwords and are received from a strange/unknown/unusual sender,” an expert at the police’s cyber-crime unit told the Cyprus Mail.

She added that such scams, hidden in messages often included links which did not lead to official websites, may contain attached files containing viruses and were often addressed with general terms without mentioning the name of the recipient.

“We ask the public to be aware and vigilant and take into account the ‘patterns’ mentioned above,” she urged.

But even being aware and careful only protects you to a certain extent.

“I was setting up an Etsy-shop online, when I got an email from what I thought was the platform asking me to verify my account,” 55-year-old Carmella told the newspaper.

Etsy is an international online-platform that allows handicraft-minded people to sell their art and/or products online with little effort. You set up your page, modify it with pictures, prices and a verification of your banking details to prove you are an actual human – and not a scam, so to say. As is common with other platforms, this verification is carried through by Etsy withdrawing a tiny sum of a few cents from your account to see if it actually exists, and once that is done with, you’re good to go.

“I was busy at home, I saw the email and since I was already familiar with the procedure I clicked confirm without thinking or double checking,” Carmella says. It was a scam. Her moment of inattentiveness ended up costing € 230, a little sum compared to other scams, but painful enough.

Carmella’s case is a prime example of the professionalism of modern scammers – and it shows why scams work.

Rebuilding an email layout really isn’t too difficult in a world as digitalised as ours and with the scammers finding their ways to harvest personal data from unsuspecting users, these kinds of scams, called phishing, have increased in recent years.

Phishing, scamming, fraud – does one size fit all?

Well, to answer the question right away, that is not precisely the case. In fact, there is several kinds of what can broadly be described as scamming.

As experts from the cyber-crime department of the police explained, these include phishing, smishing, vishing and so-called task scams.

Phishing, the experts explain, refers to an attempt to steal sensitive information, typically in the form of usernames, passwords, credit card numbers, bank account information or other important data to utilise or sell the stolen information – just as in Carmella’s case.

Then there is smishing, which the experts describe as a ‘social engineering attack’. The smishing tactic uses fake mobile text messages with the aim to trick people into downloading malware, sharing sensitive information or sending money to cybercriminals – part of which would also be true for Carmella’s case.

As a third method of scamming, the experts name vishing, or voice phishing. This type of phishing attack has scammers use phone calls to trick individuals into revealing personal information, including passwords or credit card numbers, by pretending to be a legitimate entity.

The fourth amongst the most common scams are task scams. These trick people into thinking they can earn money by completing simple online tasks, like liking videos or rating product images with a promised commission for every task completed.

The four methods might be different in their approach, but in an century in which personal data is treated as a currency, they share one motive: a profit at your expense.

Scammers often work from across the globe

“Although there is a very good level of cooperation with other countries and organisations the location of the suspects in such cases is very difficult,” the police experts said, adding that one of the biggest issues in investigating such cases is that they often have an international dimension.        

When a scam is reported, checks are made, the scammers are blocked, and the public is warned. Legal action follows, though arrests happen only from time to time. As for victims, reimbursement is attempted, but this often depends on where the scammers are.

The police say these cases are not easy to investigate. Challenges include the scammers’ anonymity, the use of encryption and the need to request data from other countries, especially when it comes to Asia and Africa, responses were not always guaranteed.

But scams don’t just target individuals, state institutions can also fall victim to scammers. Under the Deputy Ministry of Research and Digital Policy, the directorate of cybersecurity works to strengthen the public sector’s defences through staff training and early-warning systems.

The digital security authority supports these efforts with workshops, awareness campaigns, and a public tool for reporting suspicious phishing links. The platform – getsafeonline.dsa.ee.cy – allows users to flag potential scams and helps authorities track emerging threats.

You’ve been scammed, now what?

Say worst comes to worst and you fall victim to a scam, where do you turn for help?

The police recommend first reporting the case to them and a legal expert from Elias Neocleous law firm, explaining the broader legal framework to the Cyprus Mail, very much agree.

“Generally speaking, there are consumer protection rights in place – for example, if you get scammed in a store, whether online or physical. But when it comes to financial fraud, different rules apply, and that’s what makes things more difficult.”

Lawyers advise victims to gather evidence, report the scam to the Consumers’ Association, and if they suspect a scam via an actual purchase, to contact the store or platform involved.

“We received many complaints from the victims of scams or fraud schemes, mainly on the internet or telephone. In recent months, fraudulent investment programmes have been appearing more and frequently on social media, promising very large profits in a very short period of time, even large profits in one day,” said Virginia Christou, the legal advisor for the Cyprus Consumers Association (CCA).

The CCA, she said, urges people who have already fallen victim to scamming ‘investment programmes’ to send the details of their case to the CCA via the email [email protected] and – if they haven’t already – to report the scams to the police.

If a regulated entity is involved, the legal experts say complaints may even be filed with CySec, the government’s financial education hub which aims to empower the public with key financial knowledge, or the Central Bank of Cyprus (CBC), depending on the case. Aside from the police the CBC also issues warnings about impersonation scams.

“Unless the individual behind the scam can be identified, the likelihood of recovering the funds is very low.”

And while the risk of being scammed can never be fully eliminated, the legal experts say that risk management tools like two-factor authentication can help mitigate it.