We refer to cyberfraud as all those crimes or scams that are committed on the internet, whether through a website or the applications we use. Cyberfraud is big business: according to a report from the European Central Bank (ECB), fraudulent transactions amount to 1.8 billion euros annually. In 2019, cybercrimes grew by 36% compared to 2018. According to the Ministry of the Interior, 12 frauds and threats are reported online every hour.
This intensification is due to the increase in internet usage. More and more of us are conducting transactions online. Cybercriminals are aware of this and take advantage of it to steal your personal information, such as banking details, for example. Today, we will explain the most common types of cyberfrauds and how to combat them.
In order to detect a fraud or scam on the internet, it is important to know which ones are the most common and what they entail.
Scams related to online shopping are the most common type of scam, and these can be found on both fraudulent websites and authenticated platforms like Facebook Marketplace or eBay (which, as we know, has everything).
How do these types of scams work?
Usually, cybercriminals encourage users to buy products that don't actually exist. They create a website that mimics the format of real or official websites to appear like an authentic company and lure you into their trap.
How to detect and avoid it?
Once we navigate the site, a 'not secure' message appears in the top bar. This means that the attacker has not obtained an SSL certificate, which ensures that it is safe to browse the web, and therefore, it does not guarantee the security of your data. That's why we always recommend browsing only on official and secure websites that have this certificate. You can tell that a site is secure if there is a padlock or 'HTTPS://' in front of the URL.
Phishing is one of the most common practices that cybercriminals currently use to steal credentials or banking information from internet users.
What does it consist of?
We refer to phishing as all those malicious emails that reach a user and aim to 'fish' their private information by inviting them to click on a banner, malicious URL, or download an infected file. These types of attacks are almost imperceptible, which is why many users end up falling for them.
They typically appear under the name of well-known companies so that you don't doubt their authenticity and carry out the action they want, with the aim of infecting your system and stealing your information.
How to detect them?
To detect a malicious email, you can look at several elements.
If a headline is too good, like 'Travel to Japan for €100,' I'm sorry, but it's too good to be true. They likely just want you to click on the promotion to infect you.
When an email is poorly translated or has many spelling errors, be suspicious and don't click on any links.
Pay attention to the sender. If it seems suspicious that someone is sending you specific information when they never do, there's a cybercriminal behind it."
Cybercriminals know all the tricks, and at times, they use online dating websites to obtain private information from other users.
What does this fraud consist of?
Cybercriminals create fake profiles with very attractive images and attention-grabbing information. When they receive chat requests, they start talking to their victims and gain their trust. When they see fit, the offender invents a story, such as having an emergency and not having the money to deal with it, so that the other person feels sorry or guilty and is compelled to send them money. It's a slow but effective type of scam.
The internet is full of advertising with attractive headlines to grab users' attention, like 'Make easy money' or 'One year of free Netflix or Movistar Plus.' Nowadays, these types of headlines are not as effective, as users are becoming more aware of their dangers. That's why cybercriminals have become more sophisticated and now also launch these types of attacks through platforms like LinkedIn, with fictitious job offers that integrate genuine hiring opportunities, making it seem authentic to users, leading them to click on it. This way, the cybercriminal achieves their goal.
In order to detect cyberfraud, it's important to be aware of the most commonly used techniques by cybercriminals. Stay informed, be cautious about where you navigate, and when you receive a file, run a malware scanner on it before opening. It's the small details that will help you avoid a disaster, such as information theft.
For example, if you receive an email from someone in the accounting department, sending a document on behalf of the marketing department, be suspicious, as it's not the usual practice. Ignore the message; if it was genuinely important and not a phishing attempt, they will reach out to you again.
One of the most common attacks to obtain personal data is emails of the kind, 'There are issues with your Netflix subscription. Please re-enter your information to reset it.' Be cautious whenever you receive a message like this and first verify if what they're asking for is true.
Furthermore, be extremely cautious with your personal access and user credentials and passwords. Avoid saving them in notes, contact lists, Word documents, or Excel files. It's best to memorize them or, as a last resort, write them down on paper and update them periodically.
Ensure that your data is not visible on the internet and limit the data shared publicly to prevent theft.
If you detect a cyberfraud or believe you may have been a victim of one, it is crucial to report it as soon as possible. Each country has an anti-fraud authority dedicated to investigating these types of crimes and taking legal action against cybercriminals.
In Spain, to report this type of scams, you can do so through the National Police or the Civil Guard.
To prevent these types of frauds or scams, it's essential to implement relevant cybersecurity measures and solutions. Additionally, with ESED, using our ESED Training solution, we educate your team on how to detect these scams and protect your company's information. For more information, you can contact us.