Digital fraud: An ever-growing enemy

Fraud is a constantly growing criminal practice and in this article you will learn about the 7 most common types and how to avoid them.

Digital fraud has become one of the fastest growing types of cybercrime today and its variations have also grown with it.

‍

In fact, at Bayonet we estimate that some forms of Internet fraud, such as phishing, have in the online market in Latin America since the pandemic. And with this great increase in crimes comes the numerous victims defrauded, being mostly regular online buyers.

‍

Online fraud is complex and has many branches and types as well as operating models and patterns Of attack. In this article we will tell you everything about it, how it works and its types.

‍

‍

What is digital fraud?

Digital fraud, cyber fraud or computer fraud is a category of fraud that encompasses all those fraudulent and deceptive activities carried out by digital means or communication and with the use of a computer.

‍

A clear example of these means is the Internet and most of the popular platforms or websites that are handled in it, for example:

• Plataformas de entretenimiento
• Social media
• Download sites
• Emails
• Messaging apps
• Popular programs and software
• Ecommerces
• Entertainment platforms

‍

As well as its attack patterns, the fraud model itself will depend a lot on the cybercriminal's goal and the means they use to try to defraud their potential victims.

‍

For example, ecommerce fraud can be carried out through data theft (or phishing) and then use that private data to make fraudulent e-commerce purchases that can later turn into chargebacks.

7 Common Types of Online Fraud and How to Avoid Them

There are dozens of types of digital fraud and the many variations that these types have in turn. However, below we will tell you which are the most relevant and common types today, that is, the ones you should pay attention to.

Phishing

The word "phishing" comes from the English "fishing", which means fishing, as it alludes to the attack patterns of phishers. In addition, to try to "fish" their victim they use a particular bait and pose as a trusted entity, such as a bank, a company, a company and even an e-commerce.

‍

There are variations of this online fraud, but all They consist of getting (through dishonest and deceptive actions) the victim to perform an action that will later harm them, for example, downloading malware. Some of the "baits" used by phishers are the following:

• Unrealistic promotions and discounts
• Fictitious prizes and winnings
• Interesting links (optimized with clickbait)
• Important form
• sUrgent messages
• Emergency notices (for example, alleged unauthorized transactions from your bank account)
• Free training and products

However, the means used by criminals to communicate with their victims often vary and hence there are so many ramifications of this crime.

‍

Email is commonly used by these fraudsters, although they also extend to the use of text messages, calls phone calls, social networks, messaging apps, fake websites, fraudulent ecommerces and malicious apps.

On the other hand, the reason for committing this digital fraud and the objectives that phishers have against their victims can be:

• Impersonate their identities on social media or other media
• Make unauthorized purchases and charge them to victims' cards
• Install malware or infect victims' devices with viruses
• Conduct fraudulent transactions to steal their money

‍

How to avoid it

To prevent phishing we advice you:
‍

1. Be cautious with emails where they encourage you to take any action
2. Check the sender's email and make sure it ends with their domain name and not gmail.com or yahoo.com, for example, @banco.com
3. If they say they belong to an institution or company whose services you acquired, verify that this is the case by making a direct call with your advisor or with the customer service team
4. Do not click on any link provided within suspicious emails without first verifying the sender
5. Do not provide your personal information, download content or fill in a form until you are completely sure that it is not an online fraud
6. Constantly update your antivirus and the browsers you use
7. Do not give your private data to unsafe websites (http://)
   

‍

Pharming

Pharming is a type of phishing that is characterized by redirecting users from a particular site to the fake website of the cybercriminal. To do this, the fake website imitates the real website, whether it is an ecommerce, a business site or another platform.

‍

Pharming can only be carried out in 2 ways:

1. Hacking DNS servers to change the original IP addresses for those belonging to the fake website
2. Attacking a particular device and modifying the host file

Generally, it is very difficult to detect this type of digital fraud while it is happening, since they are usually very well planned and the similarities between websites are high.

How to avoid it

There are several ways to detect pharming and then stay away from fake websites and stay safe. Some signs to watch out for are:

• Wrong, different, or suspicious URLs
• Spelling and grammatical errors, inconsistencies, and little information on pages
• Different graphic layouts and appearances
• Poor quality or poorly edited images
• Weak, inconsistent, or missing privacy policies and legal information
• Address that begins with http://

On the other hand, it is recommended that you download a good antivirus and keep your browser updated to avoid inconveniences.

Data theft

Data theft is an Internet fraud that obviously consists of the theft of private and personal information, such as:

• Social media
• Account passwords
• Bank passwords
• Card numbers

The same can happen because of phishing, although not in all cases; an example of this is the hacking of the database of electronic stores to steal the private information of their clients.

‍

In this way, the cybercriminal does not have any contact with his final victims nor does he need to "fish" for their information directly. On the other hand, when the theft of data and personal information is carried out directly (with fake emails, for example) it is classified as phishing.

how to avoid it

Mainly, you should not give your personal data to anyone, neither to a website that you barely know nor to people with whom you have little trust. To detect a suspicious website that wants to steal your data, you can follow the same advice on how to avoid pharming.

‍

identity theft

Identity theft is a digital fraud that can be carried out in various ways. On the one hand, identity theft is used during phishing, when the criminal poses as a trusted entity.

‍

And on the other hand, a cybercriminal can impersonate a person when they have already stolen their information to defame them on their networks. with their own profile or carry out illicit actions under the name of the victim.

how to avoid it

Since phishing uses phishing as the main means of stealing personal information and passwords, the tips to prevent phishing apply perfectly in this case.

‍

In addition to them, it is advisable that you strengthen your passwords with complex and varied characters . Also, do not repeat passwords of some accounts in others and change them if they access your accounts without your authorization.

malware installation

The word “malware” is a combination of the words “malicious” and “software”, which clearly implies that malware is a malicious program. It usually has a few purposes, such as data theft or the spread of a computer virus.

‍

Malware can be installed by a cybercriminal on a user's device through phishing techniques or by directly hacking the device.

‍

how to avoid it

Likewise, the tips to prevent phishing apply in this case. However, emphasis should be placed on updating and improving antiviruses, since they detect when a program is suspicious and if it may be infected with viruses.

URL PHISHING

This type of digital fraud is based on the creation of false and imitating websites, generally to steal personal data or credit fraudulent purchases. It differs from pharming in that it does not change IP addresses or modify host files. In contrast, URL phishing takes advantage of popular URLs to create its own that closely resembles that of a real, trusted website.

‍

For example, if the fake website tried to mimic Amazon's URL, amazon.com, the mimic URL would look something like this: amazon.com@offers.com. they go to the domain .com@offers.com.

‍

Fortunately, certain browsers, such as Mozilla Firefox, have eliminated this problem and have made this form of digital fraud much more obsolete.

how to avoid it

Mainly, pay attention to the URLs and verify that they are safe (https://), that their domains and names are the real ones and that they do not have strange characters.

Also, you could take some tips on detecting pharming as they apply in this case.

NIGERIAN PHISHING

This last type of digital fraud is well known around the world, especially for involving very close contact between the victim and the scammer. Furthermore, it is highly practiced, and despite the fact that its name indicates Nigeria as the place where such fraudulent activity originated, this fraud is committed by many cybercriminals around the world.

‍

It is characterized by hooking its victims with very complicated stories in where they need a considerable sum of money to solve some important problem. In exchange, they offer very generous rewards, which obviously do not arrive, hence it is an Internet fraud.

how to avoid it

Because it is characterized by having such a close relationship, we advise you not to lend money or provide your personal information until you are 100% sure of exactly who you are talking to.

‍

It is not enough to see a photograph or see their face on video, because these “proofs” can be easily tampered with. In addition, be extremely suspicious when they promise you a great reward, that is, easy money.

‍

Remember that in this type of digital fraud they obtain your money by making you believe that it is to cover commissions or solve some small inconvenience before "rewarding" you more than anything.

‍

Additionally, You can find out more about the common stories used by Nigerian phishing scammers and practitioners.

how does fraud affects online SMEs?

Despite the fact that these digital frauds usually have common users as victims, SMEs and other entities can also be seriously harmed.

‍

For example, there are several categories of phishing aimed at defrauding entrepreneurs (whaling), employees (spear phishing) and clients (CEO fraud) of a company. Not to mention internal fraud, which in itself is a problem.

‍

Furthermore, fraud in ecommerce is different because it tends to negatively affect the business more, since most fraud turns into chargebacks.

‍

On the other hand, in the Theft of data from SMEs, whether they are private data of the same or of their clients, the problem can always be aggravated if action is not taken in time and with the necessary measures.

‍

If you are interested in knowing how to prevent fraud in companies.

be careful & avoid digital fraud

As we said at the beginning, digital fraud has become increasingly common, and sadly, it shows no signs of abating any time soon.

‍

For this reason, it is necessary that both users and managers of ecommerces and other websites take the necessary measures and precautions. And not only that, since fraud can also be detected in the process, for example, when internal fraud occurs in a company or when a fraudulent purchase is made in an ecommerce.

‍

Whatever the case, online fraud must be prevented and detected for our own safety and that of our customers.