Most people think scams are obvious. They’re not.

Modern scams don’t look fake. They look urgent, personal, and familiar — especially if you’re a journalist or human rights defender.

This guide shows how scams actually appear on SMS, WhatsApp, and email, and how to spot them before they compromise your accounts or put your contacts at risk.

First, understand how scams really work

Scammers don’t try to “hack” you.
They try to make you help them.

They rely on:

• Urgency
• Authority
• Trust in contacts or institutions
• Fear of missing something important

If a message pushes you to act fast, that’s not an accident.

Common scam #1: “I need help urgently”

What it looks like (WhatsApp / SMS):

> “Hi, I’m in trouble and can’t talk. Please send this code quickly.”

Why it works:

• Comes from someone you know
• Creates urgency
• Stops you from thinking

What’s really happening:

• They want your verification code
• That code gives them control of your account

Rule:
No legitimate service or contact ever needs your code. Ever.

Common scam #2: Fake security alerts

What it looks like (Email or SMS):

> “Unusual login detected. Verify your account immediately or it will be locked.”

Often includes:

• A link
• A familiar logo
• Official-sounding language

What’s really happening:

• The link leads to a fake page
• You enter your password
• They take over the account

Rule:
Never click links from security alerts.
Open the app or website manually instead.

Common scam #3: Impersonating organizations or editors

What it looks like (Email / WhatsApp):

> “We are reviewing your recent investigation. Please confirm access.”

Why journalists fall for it:

• Sounds professional
• Matches their work
• Targets current projects

What’s really happening:

• They want credentials
• Or to send you a malicious document

Rule:
Unexpected requests + pressure = stop and verify.

Common scam #4: Document or link traps

What it looks like:

> “Please review this document urgently”
> “Here are the photos you requested”

These may include:

• Google Drive links
• PDFs
• ZIP files

What’s really happening:

• Credential harvesting
• Malware installation
• Account access via cloud sync

Rule:
If you didn’t ask for it, don’t open it — even if it looks real.

Common scam #5: SIM-swap setup messages

What it looks like:

> “Your number will be transferred shortly. Reply YES to confirm.”

What’s really happening:

• Someone is trying to hijack your number
• SMS codes will soon go to them

Rule:
Unexpected telecom messages are always high risk.

The biggest myth: “I would never fall for this”

Most compromised accounts belong to:

• Experienced professionals
• Tech-literate users
• People under pressure

Scams work because they match your real context:

• Your job
• Your contacts
• Your schedule
• Your stress level

How to protect yourself (practical rules)

• Never share verification codes
• Don’t click links under pressure
• Verify requests through a second channel
• Be extra careful when tired, busy, or traveling
• Assume attackers know something about you

These rules reduce risk — but they’re still generic.

Your risk is personal

Ask yourself:

• Which accounts are linked to my phone number?
• How many platforms rely on my email?
• Do people trust messages coming from me?
• Would my compromise put others at risk?

Scam exposure is not the same for everyone.

This is where Hexabelt matters

Hexabelt doesn’t just explain scams.

It:

• Assesses your personal exposure
• Identifies which scam types are most dangerous for you
• Shows where one mistake would cascade into bigger damage
• Gives clear next steps, not vague advice
• Lets you get instant help from an AI Security Agent

Instead of guessing, you see your actual security risk.

Take action now

If you deal with sensitive information, contacts, or investigations:

• Check your security risk with Hexabelt
• Get instant, personalized guidance
• Fix the most dangerous gaps first