Your IP: Unknown · Your Status: Unprotected Protected


Blog In Depth

Online bait and switch scams explained

Feb 07, 2020 · 3 min read

Online bait and switch scams explained

Imagine you’re searching for a tablet to buy. Suddenly, an ad pops up – a brand new iPad for just 150 dollars! This bargain can’t be missed. You excitedly click on the ad, and then something odd happens. Your browser starts downloading something but there’s no trace of the deal. It was a bait and switch attack. Learn what it is and how to prevent it below.

What is bait and switch?

Bait and switch advertisement is when a merchant advertises a too-good-to-be-true deal but does not fulfill the promise. After you see a deal and arrive at a sales point, a seller might explain that the item is not available or that it costs more. They also might persuade you to buy a more expensive or inferior product without having the advertised offer available.

Is bait and switching illegal?

Bait and switch advertising is illegal and is classified as a fraud. However, there are some borderline cases. If a salesman persuades you to buy another product, but the original offer is still available, that's not a case of bait and switch. Neither are cases when a product is out of stock due to limited availability (if the ad mentions this limitation). The original offer must be impossible to fulfill for an ad to be classified as an example of bait and switch.

Bait and switch online

Bait and switch scams also work in the online world. By employing reliable-looking ads, they may direct you to a harmful website, malicious app download, or a fraudulent offer designed to steal your data. It may also initiate clickjacking, browser-locking, or other attacks.

Hackers may use reliable-looking ads to lure you into malicious sites. An ad might display an attractive deal but redirect you to a website full of malware. Ad blockers, anti-malware plugins, and your common sense will help protect you. NordVPN’s CyberSec feature prevents malicious redirects to known scam sites on its blacklist.

Cybercriminals may also hijack websites, inject their content into them, and advertise those sites. This is an example of a more sophisticated bait and switch technique. Sometimes even site owners might not notice that their page is being abused like this. However, if you see a website you know advertising or displaying unusual content (e.g., a bank offering to download a game app) or containing some fishy links, this is a red flag.

How to prevent being baited

Here are a few tips for avoiding this attack:

  • Use your common sense. If an offer is too good to be true and the seller does not look reliable, then it’s probably a scam. Always do some research on merchants to see whether they are reliable. Check their website, their URL, and customer feedback as well;
  • Use anti-malware, ad-blocking software and browser extensions like NordVPN’s CyberSec to protect you from malicious redirects, pop-ups and malware;
  • If a trusted website advertises something out-of-the-ordinary, be sure to research it to see whether the offer is genuine. Also, be careful when navigating such a website to avoid being a victim of website hijacking;
  • If an ad uses vague phrasing or has grammar mistakes, this is the first red flag that something might be not right;
  • Stick to the websites and retailers you know and trust.

Try NordVPN – our CyberSec feature can help protect you from bait and switch attacks while our VPN gives you the security and privacy you deserve.


Paul Black
Paul Black successVerified author

Paul is a technology and art enthusiast who is always eager to explore the most up-to-date issues in cybersec and internet freedom. He is always in search for new and unexplored angles to share with his readers.


Subscribe to NordVPN blog