Threats of internet fraud: Europol Report
In the era of digitization, online frauds are becoming an increasingly sophisticated and widespread problem. They affect both individual users and entire sectors of the economy. The Europol report “Online Fraud Schemes: A Web of Deceit” thoroughly examines this complex issue, shedding light on various methods and scales of online fraud.
Europol emphasizes in its report that online fraud poses a serious global threat. Cybercriminals leverage advanced techniques and continually adapt their methods to changing conditions. They exploit the gap between evolving technologies and users’ awareness. Victims are often exploited multiple times, increasing criminals’ profits and deepening the losses of those affected.
In its report “Online Fraud Schemes: A Web of Deceit,” Europol divides popular online fraud schemes into two categories: those targeting individuals and private/public sectors. These include investment frauds, BEC, phishing campaigns, and attacks on payment systems, including logical ATM attacks, skimming, shimming, and account takeover (ATO).
As indicated by Europol, investment frauds are among the most lucrative types of scams.
Imagine receiving an investment offer promising very high profits—much higher than those achievable in traditional financial markets. Sounds great, right? But there’s a catch. In investment scams, these “amazing” offers are usually false. Criminals create fake websites, send emails, or use social media to persuade you to invest in products that don’t actually exist. Once you invest, they start demanding additional fees, claiming they’re needed to release your profits. In reality, they block your access to your money and vanish with the collected funds.
Business Email Compromise (BEC)
Frauds In BEC frauds, criminals impersonate individuals you usually trust—such as your boss, colleague, or business partner. Using seemingly genuine emails, they request money transfers to new bank accounts or payments for fake invoices. Often, they leverage information obtained through phishing (e.g., via fake emails or websites that look real) to make their request seem more credible. Believing they’re following genuine instructions, victims transfer money to the fraudsters.
These campaigns are primarily conducted via emails but also through SMS. Messages contain requests for money transfers or impersonate well-known companies or government institutions.
Victims receive false information about overpayments, tax demands, reports of detected crimes, or promises of significant cash rewards, goods, or services. Scammers find or purchase contact lists and email addresses online. The increased availability of phishing kits sold online allows a greater number of criminal networks to succeed in their phishing attacks. This is irrespective of the organization’s level or technical knowledge.
Regarding frauds in this category targeting individuals and entities, it’s also worth examining the aspect of leveraging current events.
Fraudsters are like actors who change their roles depending on what’s happening in the world. When a significant global situation arises—such as a pandemic or a natural disaster—they use it to play on people’s emotions. For instance, they might create fake fundraisers for alleged disaster victims or sell products promising protection against the current threat (like fake protective masks during a pandemic). People, wanting to help or protect themselves and their loved ones, often don’t realize their good intentions are being exploited by fraudsters.
Attacks on Payment Systems -In the digital age, payment systems have become targets of various criminal attacks. Here are some more extensively described common forms of attacks on payment systems, taken from the Europol report.
Logical Attacks on ATMs:
This type of crime is referred to as “ATM hacking.” Criminals use special devices or software to make ATMs dispense cash without requiring a bank card. These are logical attacks on ATMs, also known as “Black Box” or “jackpotting” attacks. The criminals aim to take control of the ATM system and dispense money without authorization.
This method involves stealing data from payment card chips. Criminals place small devices on ATMs or payment terminals that copy information from the card’s magnetic stripe when it’s used. Then, this stolen data can be used for unauthorized transactions or to create a fake card copy.
Shimming is a more sophisticated version of skimming that focuses on stealing data from payment card chips. Criminals place thin devices inside card readers that intercept and copy information from the card’s chip during transactions. This information can then be used to create counterfeit chip cards, allowing fraudsters to conduct transactions at the victim’s expense.
Account Takeover (ATO)
Account takeover is a method where criminals gain access to victims’ online accounts, mostly bank accounts or social media profiles. They can achieve this through various techniques, often through phishing, i.e., sending fake emails or messages that prompt victims to disclose their login details. After gaining access to the account, criminals can steal financial funds, personal data, or even operate on behalf of the victim, leading to further fraud or identity theft.
Online frauds are a growing threat that requires continuous attention from both law enforcement agencies and internet users. Understanding criminals’ methods is crucial for effectively combating them. It’s important for both individual internet users and institutions to be aware of these threats and employ appropriate protective measures.
Inviting you also to read the article: https://verificators.com/en/surveillance-how-to-protect-yourself-from-it/
Author: Patrycja Kruczkowska – Data Analyst”