Technology

Online scams: the most widespread, how to recognize them and advice on how to defend yourself

In recent months, also thanks to the pandemic, we are witnessing a significant increase in online scams which, in an attempt to surprise us, have updated their modus operandi to current events. Here’s how to recognize them and tips for staying away from the main fraudulent activities

020, together with the Covid-19 pandemic, has brought a considerable increase in cybercrime : if the most serious phenomenon in relation to victims is certainly child pornography, there is no doubt that the largest number of violations concerns online scams , who, as usual, have updated the modus operandi taking inspiration from current events.

Purchase fraud made use, for example, of false advertisements concerning medicines and vaccines , hygiene products , virus test kits or emails apparently sent from a ministry announcing non-repayable contributions to be collected, bonuses or suspension of taxes that linked to the internet address of a clone site.

Naturally, there has been no shortage of coronavirus-themed charity scams online .

All activities that link the illicit processing of personal data to fraud, such as phishing , smishing or attacks on networks and systems with data breaches , have had a notable boost .

Index of topics

Online scams: the numbers of the criminal phenomenon

As can be seen from the European Commission ‘s EU Cybersecurity Strategy for the Digital Decade , around two fifths of EU users would have experienced security issues, while in the last three years a third of users would have received emails or fraudulent phone calls requesting personal data.

WHITEPAPERStrategies that are good for business and cyber security

Cybersecurity

Disaster recovery

Read the privacy policy

  • I consent to the communication of data to third parties belonging to the following product sectors: services (including ICT/digital), manufacturing, commerce, public administration. The data will be processed for marketing purposes through automated and traditional contact methods (all as specified in the information)

In Italy, the analysis of the Criminal Analysis Service of the Central Directorate of the Criminal Police on the trend in crime during the pandemic period has confirmed even more clearly the impact of the measures aimed at limiting people’s movements: if, on the one hand , the crime rate in relation to 100 thousand residents is decreasing in 2020 with 3,038 crimes, compared to 3,826 in 2019 and the crimes committed in 2020 are 20% lower than those in 2019, while cyber scams in 2020 are higher than those of 2019 of 17.8%, in contrast to the majority of crimes committed in 2020.

The month of May 2020, in particular, in parallel with the consolidation of e-commerce and the prolongation of the confinement, recorded the maximum number of IT frauds in our territory: 9,427.

The most widespread online scams

How did we arrive at this situation and what are the tendencies of a criminal phenomenon that so often targets us?

We can distinguish online frauds into three types which see an increasing weight, compared to other factors, of the identity assumed by the fraudster:

  1. in the first it has a reduced importance for the purposes of the offence, so much so that it can coincide with the real one;
  2. in the second the victim knows by reputation the person or organization whose identity the fraudster steals, there are no direct relationships between the two subjects, or they are occasional or occasional. In this case, the scam aims to involve people without resorting to particular mutual authentication procedures;
  3. in the third, however, the declared fictitious identity (for example, because it seems to refer to one’s bank or credit card) is decisive for the scam because it is directed at a particular victim, who refers it to a context in which there are current relationships and trusted directors and, in addition to the declared identity, further information must be found for the deception to be successful. In this last case, the scam is more complex to organize (preliminary activities are necessary) and the hypothesis of computer fraud almost always occurs (640 ter of the Criminal Code); Despite this, it is spreading because it is more profitable and quicker to implement, despite the periodic countermeasures implemented by the banks and other credit companies involved.

Purchase fraud, romance scams and fake lotteries

Examples of the first type are purchase fraud (the foreigner who sells objects at significantly advantageous prices which will not arrive on time or will turn out, at best, to be of very poor quality), or even “romantic” scams , even they are increasing during 2020: here the physiological need to relate is exploited, expressed more or less consciously by the victim, who is pushed, through a convincing narrative, to provide help (almost always economic) for alleged personal difficulties – for example for a sick relative – leveraging the previously established relationship of trust.

Less frequent, however, are emails announcing the win of a large sum in a little-known lottery, usually in a foreign country; naturally after the first contact you are asked to pay a small sum to “release” the winnings, to be paid into a foreign personal account.

Fraudulent donations and Nigerian scam

The second group includes scams carried out by those who pretend to belong to a charity, soliciting fraudulent donations; we could also include in this typology – due to the use of diplomatic or ministerial heading – a real scam cult, that of the Nigerian prince or Nigerian scam .

I allow myself a historical digression, having worked on it on several occasions: it was born almost 30 years ago, normal letters apparently coming from African territory were used (strictly counterfeit stamp, only later were emails used) to simple citizens, people of rank or authority public, including police offices.

The stories in ungrammatical Italian were sometimes very detailed, with references to political persecution or the need to save a disputed inheritance. In essence, a very wealthy person would ask to use the recipient’s account to move millions of dollars abroad, with the utmost discretion, with the promise of a large percentage, often 40%.

The proposed settlement is often presented as a harmless crime, or as a way to escape wrongful embezzlement by the persecutors; punctually requests were made to advance sums to avoid artfully presented bureaucratic obstacles.

Phishing, vishing, smishing and abusive access to databases

Frauds of the third type are the most sophisticated, requiring the acquisition of information through unauthorized access to databases, phishing techniques (they use a message which, reporting registration or security problems, invites you to provide your confidential access data to the service, usually referring, with a link, to a website of the banking institution which only appears to be), vishing (through the telephone: voice phishing) or smishing (in this case SMS are used).

The techniques sometimes add to each other and the recent repetition of police operations in this sector makes it clear that the approaching post-pandemic could consolidate the increase in these violations : just a few days ago, seven people were arrested in the province of Naples with a preventive seizure of 94,700 euros for computer fraud. In this case, the fraudsters managed to obtain telephone numbers to which they could send SMS (smishing) which was then followed by a phone call (vishing) made by alleged banking operators.

The calls appeared to come from the bank’s customer service and the victims, informed of a possible attempt to withdraw money from their credit cards, handed over their access pins into the hands of the scammers in the belief that they were used to temporarily block them, so that this would not would happen; naturally the pin was then used to withdraw from ATM cash registers.

Spoofing

Spoofing is a cyber attack based on identity falsification. A hacker gets hold of a series of data with the aim of impersonating someone reliable and known to the victim. A fairly common case occurs through sending emails that appear to come from someone trusted, or using the IP or DNS to ensure that your network is rerouted to fraudulent sites.

Online scams and bank fraud: the story of a real case

The victim of a variant of these scams involved me to remedy it and only the timeliness of the reaction prevented it from being successful, I therefore believe it is useful to illustrate it in detail.

In the case in question, an SMS arrived on the mobile phone, apparently coming from the victim’s bank, reporting an anomalous access to mobile banking, inviting them to follow the procedure indicated in the attached link.

The link opened a clone site of the financial institution where there was an area to type in the PIN and log in; once entered, the writing “The procedure was successful” appeared.

Shortly afterwards, the victim received a phone call (initially from a private number) from the scammer who, posing as an employee of the credit institution, communicated, in perfect Italian without dialect inflections, that a transfer of 7,000 euros had been made from the current account, asking if it had been duly authorised.

Obviously he received a denial, but also a request to clear up doubts about his identity as a bank operator; at this point, the criminal asked to end the conversation, in order to use a visible number. No difficulty in this regard: on the web there are easy-to-use services and apps that allow you to make a call by displaying a telephone number that is not yours.

After a few minutes, the new phone call came, the voice of the interlocutor is the same, but this time the bank’s customer service number appears on the screen: once the victim’s trust has been gained, it is now easy to obtain the credentials and access the account, not to block the transfer of 7,000 euros, as declared to the account holder, but to implement it in favor of a rechargeable credit card.

The conversation ended with a reassurance: the unauthorized operation had been cancelled, although it would still be visible for a few hours. In any case, we were advised to trash the bank app and do a thorough scan with an antivirus other than the one installed, all operations aimed at making blocking the transfer complex and in any case delaying it as much as possible, so that, from “entered”, the transfer would be transformed into an irreversible “executed”.

How to remedy online scams

To remedy these scams and online scams in general, timeliness, in addition to the different functionality established by your institution for bank transfers, is essential: in the case in question the passage of another twenty-two minutes would have been fatal.

For all stories to have a happy ending, it is still necessary to be aware that in the digital age acquiring detailed information on victims and cloning a web page or profile is very easy and any sender can show a different identifier: this applies to emails, SMS, phone calls and, of course, IP address.

Surprise is always around the corner and any anomalous procedure, especially if it appears advantageous and pushes us to act in a short time, must warn us and induce us to adopt simple but fundamental active verification behaviors.

Related Posts

Robotics

Breaking Ground: The Latest Breakthroughs in Robotics

Introduction: In recent years, robotics has witnessed remarkable advancements, revolutionizing various industries and opening new frontiers in technology and innovation. Let’s explore the latest discoveries and breakthroughs in the field of robotics that are shaping the future. Conclusion: The latest...
Drone in NYC

Harnessing the Power of Drones: Enhancing Safety in NYC

Introduction: Exploring the Role of Drones In recent years, drones have emerged as valuable tools for enhancing safety and security in urban environments like New York City (NYC). Let’s delve into how drones are being utilized by rescue teams and...
NYPD cop robot

The Rise and Fall of NYC’s Robot Police Force: A Cautionary Tale

Introduction: The Experiment with Robot Law Enforcement In a bold attempt to combat crime, the city of New York (NYC) embarked on an innovative initiative, replacing human police officers with cutting-edge robots. Let’s delve into the journey of this experiment,...