|This page in a nutshell: If something seems too good to be true, it probably isn't. Do not fall for scams that use tactics like phishing, as you may be putting your accounts and your security at risk.|
Scams are attempts to gain someone's confidence to win personal information. Wikipedia is a site, and, like any other sites, scammers can attempt to gain confidential information by pretending to be Wikipedia. This page is intended to help you protect yourselves against common scams.
Some common scams for any site include:
- "You have won x lottery"
- "You need to reenter your username and password to continue using site x."
- "Your account has been hacked and you need to verify your identity by clicking on this link."
You have not won the lottery
You did not win the lottery. Neither Wikipedia nor Wikimedia runs any lotteries. Do not reply back with your personal details.
You can only win the lottery by purchasing a lottery ticket, so do not fall for scams that use the names of lottery companies maliciously.
One common trick that scammers use is writing out the link as it would appear if the email was legitimate. When you hover your cursor, if the link in the bottom left of your browser does not match the link that your cursor is hovering over, then the email is likely a scam.
In the above email, there are several misspellings, including account, password, susceptible, and recommend. Also, if you hover your cursor over the link, you will see that the link directs to example.com and not wikipedia.org, which is one bad sign. Sometimes, scammers use links that look very identical to actual sites, such as en.wikipedia.org.2345676543456787654345678.com/wiki/Special:Login. These are very hard to identify since our eyes naturally see en.wikipedia.org, which sounds promising. However, at second glance, you realize that you are being directed to 2345676543456787654345678.com, which is likely a hacking site! If you just straight up clicked on the link, any of the following would happen:
- A popup may appear that prompts you to "fix your computer". There is no way to close the popup, forcing you to click on it. When you click on it, you voluntarily install adware, viruses, Trojans, or rootkits.
- The site exploits your browser to install malware.
- The site appears normal, but when you submit your username and password, hackers compromise your account.
Imagine what all this would mean! Now, they can add any malicious scripts to your userspace, abuse administrator privileges if you are an administrator, or attempt to scam other Wikipedians by abusing the email feature. If you were good about hovering your cursor, then you would have avoided all this trouble!
If you lose control of your Wikipedia account to a hacker or scammer
Report it to administrators immediately. The longer you wait to report it, the more disruption that can occur on Wikipedia. See this page for more information about user account security.
To report a scam
Use your government agency's scam report form to alert about common scams.
- US FTC Complaint form
- Canada Anti-Fraud Center
- UK Fraud Report
- UK Unsolicited phone calls
- Australia ScamWatch
You can also report email scams to your provider. Follow these steps
- Click on the report button under more options or on the email status bar.
- Choose from the drop-down what is wrong with the email
- Finalize the email report.