So far, in the year 2022, Americans have reported 2,404,826 cases of fraud. The approximate financial losses following these scams have reached a mind-numbing $3,866.2M.
The majority of the mentioned reports (603,591) refer to identity theft — the worst-case scenario following fraud.
When reading the news that portrays particular cases of such scams, the intentions of the criminals seem blatantly obvious because we know all the details. As such, it can be difficult to understand how people even fall for the scams in the first place.
What are some of the most widely used internet scams everyone should be aware of? Which online fraud prevention measures can reduce the number of successful scams?
Let’s start with the most popular approach.
Email Phishing Is Still the #1 Method
Experts estimate that 45% of all emails are spam — those include commercial spam emails as well.
It’s 2022, and we still haven’t weeded out email scams because they’re evolving. Nowadays, there are over 20 known types of phishing.
The kind of phishing that relies on quantity — sending template-based emails to any email address available — is filling inboxes everywhere as we speak. But most phishing is not that straightforward.
Sophisticated email phishing, on the other hand, is much more dangerous and more likely to result in financial losses or even identity theft.
The attackers get to know everything about the victim from their social media and company websites. After that, they tailor a message that will bypass email filters and urge the target to take action — be it to send their credentials through or complete a money transfer.
To build trust, these emails might impersonate figureheads within a company, medical institutions, or even banks — entities that the victim inherently trusts.
One of the latest cases of email phishing attempted to obtain Microsoft user credentials. The emails have been sent to 21,000 victims working at national healthcare centers, bypassing email filters and urging them to click on the included link.
Healthcare workers who clicked on the link in the body of the email opened a fake Microsoft login website. Their email had been autofilled, and all they had to do was type in their password — which would then be obtained by the criminals.
How to Protect Your Email
Most email providers offer filters that send suspicious messages straight into the spam folder. They can recognize patterns found in templates of emails sent to many people, such as commonly used greetings and grammar mistakes.
However, it’s also necessary to train people to think like IT experts as well as cybercriminals when opening their inboxes.
For instance, this might include contemplating what an IT specialist would do, but also how could the requested information could be exploited in the hands of threat actors. Could sensitive data lead to identity theft?
Is the info something that the bank would request via email? A bank would never email you asking for your password, account number, social security number, address, or even your name. All the mentioned data can lead to identity theft.
Social Media Scams
One of the common scams that target people and urges them to make a request is occurring on social media.
In 2022, specialized social media such as Tinder and LinkedIn have been all the rage with cyber criminals. As they approach their victims, they know exactly what their victims seek (employment, love) and use that to their advantage.
In a recent case that resembles the Tinder Swindler, a woman lost over $5000 — her entire savings. Her swindler pretended to be a worker in a well-known organization, claimed that he wanted to marry her, and convinced her to take out loans and sell family jewelry.
Another common love scam that has been headlining the news at least once a year since 2019 is known as the Jason Statham scam in which fraudsters convince women they’re having an online affair with the actor.
How to Defend Yourself On Social Media
The reason it’s difficult to recognize and accept that the scam is taking place is that social media scams are built on trust. They’re successful because they’re personal.
As social media scams get more press, people are getting more suspicious and familiar with the possible ways they might be approached and scammed.
Google searches for the person who contacted you — since scammers tend to reuse their fake names, they might already be headlining the news somewhere.
The rule of thumb with such scams is that if it’s too good to be true, it probably is.
A Case For the Bots
Threat actors, in most cases, try to scam people by contacting and manipulating them directly, and many frauds do not involve sophisticated hacking.
Regardless, with the rise of automated malicious hacking, it’s possible to scam many people with the use of bots that scan for vulnerabilities on websites or by sending requests.
For example, a recent automated charity scam has been using bots to convince victims to donate money and pocketed over $110 millio from its victims during a telefunding scheme.
How to Prevent Automated Scams
Online fraud prevention requires tools that can detect and remove bots on the spot.
These tools use their own bots to safeguard websites, APIs, and applications from automated scams.
Also, automated account takeover protection registers attempts at compromised access and blocks it before it grants the hacker into the network.
Social engineering is still one of the most widely used tactics by cybercriminals. They target people and exploit their need for acceptance and generosity.
However, even with automated (bot) attacks, they can target humans in a way that taps into deeper needs of finding love, exploiting empathy, or evoking fears of losing one’s finances.
Online fraud prevention starts with cybersecurity tools that block suspicious emails or remove malware from the device. But it also has to be complemented with awareness training of possible victims.