Kalle Björn, Sr Director, Systems Engineering Middle East, Fortinet, highlights the main types of Internet fraud and tactics increasingly used by cybercriminals to target organisations.
The term ‘Internet fraud’ generally covers cybercrime activity that takes place over the Internet or on email, including crimes like identity theft, phishing and other hacking activities designed to scam people out of money.
Internet scams that target victims through online services account for millions of dollars’ worth of fraudulent activity every year. These figures continue to increase as Internet usage expands and cybercriminal techniques become more sophisticated.
Types of Internet fraud
Cybercriminals use a variety of attack vectors and strategies to commit Internet fraud. This includes malicious software, email and instant messaging services to spread malware, spoofed websites that steal user data and elaborate, wide-reaching phishing scams.
Internet fraud can be broken down into several key types of attacks, including:
- Phishing and spoofing: The use of email and online messaging services to dupe victims into sharing personal data, login credentials and financial details.
- Data breach: Stealing confidential, protected, or sensitive data from a secure location and moving it into an untrusted environment. This includes data being stolen from users and organisations.
- Denial-of-Service (DoS): Interrupting access of traffic to an online service, system, or network to cause malicious intent.
- Malware: The use of malicious software to damage or disable users’ devices or steal personal and sensitive data.
- Ransomware: A type of malware that prevents users from accessing critical data then demanding payment in the promise of restoring access. Ransomware is typically delivered via phishing attacks.
- Business email compromise (BEC): A sophisticated form of attack targeting businesses that frequently make wire payments. It compromises legitimate email accounts through social engineering techniques to submit unauthorised payments.
To avoid hackers’ Internet fraud attempts, businesses and employees need to understand the most common examples of Internet fraud and tactics.
Email phishing scams
Email-based phishing scams are among the most prevalent types of Internet fraud, which continues to pose a serious threat to Internet users and businesses. Statistics from Security Boulevard show that 97% of users could not spot a sophisticated phishing email, and 78% of users understand the risk of hyperlinks in emails but click them anyway.
Email-based phishing scams are constantly evolving and range from simple attacks to more sneaky and complex threats that target specific individuals. They see cybercriminals masquerade as an individual that their victim either knows or would consider reputable. The attack aims to encourage people to click on a link that leads to a malicious or spoofed website designed to look like a legitimate website or open an attachment that contains malicious content. Attackers will often express the need for urgency from their victims. This includes telling them that their online account or credit card is at risk, and they need to log in immediately to rectify the issue.
Greeting card scams
Many Internet fraud attacks focus on popular events to scam the people that celebrate them. This includes birthdays, Christmas and Easter, which are commonly marked by sharing greeting cards with friends and family members via email. Hackers typically exploit this by installing malicious software within an email greeting card, which downloads and installs onto the recipient’s device when they open the greeting card.
The consequences can be devastating. The malware could result in annoying pop-up ads that can affect application performance and slow down the device. A more worrying result would be the victim’s personal and financial data being stolen and their computer being used as a bot within a vast network of compromised computers, also known as a botnet.
Credit card scams
Credit card fraud typically occurs when hackers fraudulently acquire people’s credit or debit card details to steal money or make purchases.
To obtain these details, Internet fraudsters often use too-good-to-be-true credit card or bank loan deals to lure victims. For example, a victim might receive a message from their bank telling them they are eligible for a special loan deal, or a vast amount of money has been made available to them as a loan. These scams continue to trick people despite widespread awareness that such offers are too good to be true for a reason.
Lottery fee fraud
Another common form of Internet fraud is email scams that tell victims they have won the lottery. These scams will inform recipients that they can only claim their prize after they have paid a small fee.
Lottery fee fraudsters typically craft emails to look and sound believable, which still results in many people falling for the scam. The scam targets people’s dreams of winning massive amounts of money, even though they may have never purchased a lottery ticket. Furthermore, no legitimate lottery scheme will ask winners to pay to claim their prize.
How to protect your organisation and your employees from Internet scams
Employees are an organisation’s first line of defence against email-borne cyberattacks. Cybersecurity awareness training helps employees know the threats they face, which reduces an organisation’s cyber-risks and increases the chances of keeping their data secure. Make sure employees understand how to spot potential signs of an attack and the consequences of not following email security best practices.
Employees can protect themselves and avoid being caught in a phishing line by remaining vigilant of the common types of Internet fraud listed above. It is vital to never send money to someone met over the Internet, never share personal or financial details with individuals who are not legitimate or trustworthy and never click on hyperlinks or attachments in emails or instant messages. Once targeted, employers should report online scammer activity and phishing emails to the relevant department within the organisation and the authorities.