Online fraud or: “misfortune a mouse click away”
Increasingly often, we’ve come across cases where clients have fallen victim to sophisticated online fraud. Since virtually anyone can potentially become a victim of social engineering, let this article be a warning of this dangerous phenomenon.
Undoubtedly, the best defence against online fraud is prevention by educating the general public. And it important to keep in mind that online fraud occurs in equal measure during personal and work transactions. A report recently issued by Europol summarises the most common forms of online financial fraud.
For instance, fraudsters may pretend to be a potential victim’s superiors (usually a high-ranking person in the corporate hierarchy) and try to persuade them to pay a fictitious invoice or make an unauthorised transfer of funds from the company's accounts to the account of the fraudster (‘CEO scams’). Victim are led to believe that the instructions come from an actual person whom they often know. Yet, a seemingly identical telephone number or email address hides a fraudster. To prevent these types of fraud, vigilance and, ideally, a two-person check before making a requested transaction is key. Fraudster also often trick their victims by pretending to be a contractor or a client, and manipulate them into making a payment for goods or services to the imposter’s own bank account.
‘Phishing’, ‘vishing’ or ‘smishing’ are popular types of attacks in which attackers try to lure personal, financial, business, security or other information from their targets through telephone calls, SMS or emails, usually requesting the victim to click on a link or download an attachment. Attackers rely on addressees often being too busy and deceived by the apparent trustworthiness of the person contacting them (usually pretending to be a bank officer). These attacks are the most common form of social engineering and usually target clients of banks.
Other types of online fraud include, for instance: fake bank websites aiming to obtain access data to bank accounts from clients; personal data theft through social networks accounts; or investment scams promising ‘lucrative’ investment opportunities.
Generally, all the mentioned types of online fraud have been on the rise. Therefore, anyone active online should:
- be alert,
- check your online and bank accounts regularly,
- watch out for warning signals (no bank would ever ask its clients for sensitive information; over-advantageous offers are always suspicious, as are urgent and unusual requests marked as confidential, which are also in conflict with corporate policy; a stranger requesting your personal data on social networks; etc.),
- protect your personal and security information,
- report suspicious incidents (to the police, the bank, the social network operator).
First and foremost: To detect that you are at risk of becoming the victim of online fraud, you must be able to recognise the signs. Being appropriately informed is therefore your most effective weapon.