In today’s growing digital age, Cybersecurity is becoming one of the key areas for concern.
Cyberattacks are a deliberate attempt to exploit computer systems and/or networks in order to compromise data. These attacks are generally carried out through the Internet and email, or at times via mobile or telephone communication methods. These attacks lead to cybercrimes such as information and identity theft.
As technology continues to expand and evolve, the rate of cybercrimes has rapidly increased and, in turn, become more sophisticated. At the same time, organisations are getting better at protecting their infrastructure from attack. In response to this, criminals are finding it easier to attack customers and users of services.
The global cost of cybercrime has almost doubled from US$1.4 billion in 2017 to US$2.7 billion in 2018, as per the FBI’s annual Internet Crime Report. This means that businesses around the globe are losing thousands if not millions of dollars every day to online and digital fraudsters.
Considering the above information, we have compiled a list of common types of online scams affecting millions of individuals and businesses:
Phishing is one of the most common types of scams targeting users.
Phishing is a fraudulent attempt, usually made via email, to steal victims’ personal information, such as bank account numbers, passwords and credit card information. Because the fraudster is impersonating a legitimate organisation, such as a bank or government agency, or an individual the victim is familiar with, these often attempt to look and feel genuine.
Here are the common types of phishing:
Spear Phishing targets a specific individual or an organisation seeking unauthorised access to personal information using social engineering techniques.
Smishing or SMS phishing uses text messages on mobile phones instead of emails to deceive an individual into providing their sensitive information to the fraudster.
Pharming is a combination of “phishing” and “farming”, where the victim is redirected to a fake website. It is a two-step process where the hacker installs a virus or Trojan on the user’s device, and the code diverts the user to a malicious website, misleading them into providing their personal information.
Whaling targets high-profile business executives and upper management into divulging confidential company information. Fraudsters usually impersonate senior management or “C-level” executives, hoping to leverage their authority in order to gain access to their sensitive information.
How to stay safe
- Think before you click! If you have received a phishing email, do not click on any links or reply to them. Instead, mark it as junk mail and inform your security department.
- If you are unsure of a link’s authenticity, hover your mouse over the link to see the entire URL before clicking on it.
- Check for spelling and grammar mistakes in the email, and look out for keywords such as ‘urgent’.
- Check your online accounts regularly to ensure you have not been scammed, and change the passwords for any accounts you think might be at risk.
- Ensure your password is secure by choosing an appropriately complex combination. E.g. ensure it contains more than eight characters, and includes letters, numbers, upper and lower case, as well as special characters if permitted.
- Limit your risk by having different passwords. Any accounts/websites with financial information (including payment details) should have a unique password.
Remote Desktop/Phone Scams
The goal of a remote desktop fraudster is to gain remote access to a victim’s device via a legitimate remote desktop software, such as TeamViewer, and steal their personal information.
A phone scam is a fast-emerging type of scam where fraudsters call unsuspecting victims claiming to be from a trusted organisation, such as a bank, the police or a utility provider. These fraudsters try to convince victims to help with a common issue, such as an Internet connection or a computer’s performance.
The victim is then persuaded to download and install remote access software, and allows the fraudster to gain access to their sensitive information stored on their mobile or desktop devices, often without the victim’s knowledge.
How to stay safe
- Try not to engage in a conversation and hang up immediately.
- Call the organisation directly using the official contact details.
- If you have given remote access to the perpetrator and realise you are being scammed, disconnect from the Internet immediately and turn off your device.
- Change all your online account passwords using a different device.
- Invest in third-party security software from a reputed brand and run a complete scan of your device.
- Protect yourself by enabling two-factor authentication to your login process.
Investment scams usually involve being contacted about an investment opportunity by fraudsters, who sound credible and have professional looking websites. They may even feature endorsements by famous people.
These scams often promise a high return with minimal risk to your investment. Investment opportunities can be in the form of a high performing foreign company shares or an ICO (Initial Coin Offering) for an emerging cryptocurrency such as Bitcoin. Since international investment cryptocurrencies are not regulated in many countries, any lost money is unlikely to be recovered.
How to stay safe
- Be wary of investment opportunities that promise a high return with minimal risk. Research the company before you make any investments.
- Never deposit money into the account of someone you do not know, particularly if they have an offshore account.
- Check whether the company is legitimate by visiting Financial Markets Authority website for a list of licensed entities and suspected scam/unregistered business list.
- If you are a victim of an investment scam, stop contact with the fraudsters, and contact your bank immediately if you have sent or deposited any money.
As per the above report, the fraudster gains access to a business organisation’s email account and advises customers of a change in bank account details, or requests an individual or a business to pay fake invoices.
The perpetrator gains access to a business’ email accounts and observes their emails for a period, specifically for payment information. Once they have enough details, they send an email from the business’ email address asking the customer to pay into a different bank account.
How to stay safe
- Ensure company email passwords are strong.
- Double-check with the business or organisation if you’ve been notified of changes to their payment details or of a new bank account.
- Enable multi-factor authentication on email and bank accounts.
- Review your payment process regularly.
- If you are suspicious, call the business to check the payment details.
Romance scams prey on the vulnerability of people looking for a partner. These fraudsters set up fake profiles on dating websites and may also use social media such as Facebook to lure lonely victims.
These individuals usually claim to work overseas such as military or oil rigs that keep them outside of the country for a long duration. They go to great lengths to develop a relationship with the victim to gain their trust and confidence.
One they win the individual’s trust, they ask for money to cover transportation costs to visit the victim.
How to stay safe
- Beware of people confessing love or strong feelings in a very short time of meeting online. Take your time in getting to know the person.
- Do not give personal or financial information if you haven’t met the person.
- Be wary if the contact is hesitant on meeting or avoids video calls.
- Do not share intimate photos or videos online, as they may be used later for blackmail to extort money.
Safety starts with you
These are but some of the common fraud pitfalls found in the online world. Some scams have been around for a while, others are new, while different ones are certain to appear in the future.
The core message underpinning the above trends and countermeasures is the importance of being cautious and questioning any unfamiliar online activity. However, with fraudsters becoming cleverer in their scams, it is becoming harder to stay safe and secure while online.
Contact us for more information on cybersecurity and how we can help you to protect yourself and your business.