Online scams are growing every year. But they become more sophisticated over time. The secret of cyber-scammers' success is to target vulnerable groups. Their lack of knowledge of the digital world coupled with sometimes lack of language skills, loneliness, social isolation and/or a lower cultural level make them easy victims of this type of crime.
As in other online crimes. Anonymity and the very structure of the Internet make it extremely difficult to track down the perpetrators.
Online scams can be as diverse as the imagination of criminals allows. However, most of them coincide in their modus operandi, which makes it possible to analyse the most commonly used ones.
Phishing is a type of fraud carried out by telematic means that consists in the impersonation, by the criminal, of the digital identity of a company, organization or administration in order to obtain the victim's passwords that allow access to his or her bank account.
Although it has already undergone numerous variations, phishing typically involves the criminal sending an email, sms or even using messaging applications such as Whatsapp to impersonate your bank. In the message, the criminal notifies that there is a problem related to the victim's account: it is overdrawn, there is a bill that could not be processed… the message is always pressing and urgent. It urges the victim to click on a link quickly to solve a problem that may cost him money or even legal problems.
The link in question leads to a fake page (also an imitation of the website of the impersonated bank or organization) where the victim will be asked to enter his secret online banking identification data (login, password, pin) or card data (card number, security pin, expiration date, etc.). Once these data are entered on the fake page, the criminal will use them to enter the victim's online banking data and steal the money from the victim's bank account or card.
Phishing is the easiest type of cyber-threat to carry out, as it requires the least technical knowledge on the part of the criminal. The criminal does not need to do anything sophisticated. He/she only has to create a web page similar to the original one and send mails to many people. Although many will notice, others will fall into the trap.
Vishing is the same type of scam conducted over the telephone. This makes seniors the preferred victims. Seniors tend to be wary of online banking and Internet shopping, but they are much more accustomed to completing transactions over the phone, especially when they have mobility problems or chronic illnesses that prevent them from moving around.
Again, the identity of a company, organization or trusted person is impersonated in order to obtain personal and sensitive information from the victim with the aim of stealing, in this case through a phone call.
Smishing: The same scam but via sms, which includes a link that leads to a fraudulent page or a premium rate telephone number.
Quid pro quo: Through email, sms, whatsapp or social networks, the scammer promises gifts, cash, access to services as Netflix, incredible offers or big discount coupons. To get them, the victim has to fill in a form asking for personal data and, usually, bank or card details.
Addline phising: It consists of accessing the victim's device (computer, phone or tablet) with the intention of stealing the information stored on it from personal accounts (email, bank accounts, payment systems, Amazon, ...), using malicious free Wifi networks. This stolen information will allow fraudulent operations to be carried out using their passwords and thus impersonating the victim.
Catphishing: The criminal creates a fake profile on a social network (or several) and uses that profile to establish a virtual relationship with the victim. The objective is a (fake) love relationship, which is why it is a common crime on Tinder-like dating platforms. However, it also occurs on general social networks.
A strategy similar to grooming is used, as the criminal pretends to be someone he is not, usually for months. This does not mean that the criminal in question necessarily refrains from using his/her real voice or from letting him/herself be seen on video-call. Often they “happen to live in another country”, or “in a place far away” from the victim, which delays the live meeting.
When the victim is (or thinks he/she is) in love, the moment of the meeting arrives. It is at that moment when the criminal appears with some “problem,” family or health, which prevents him/her from meeting the victim if he/she does not get a certain amount of money. The objective is to get the victim to contribute that amount. After doing so, the criminal disappears.
There are some characteristics particular to phishing scams that help us to identify this type of attack:
Real email adress: m.garcia@deutsche-bank.es
Fake email adress: m.garcia@deutchshe-bank.es
Fake email adress: m.garcia@deutschebank.eu
Real URL: https://deutsche-bank.es
Fake URL: https://deutchshe-bank.es
Fake URL: https://deutschebank.eu
The most important: Our bank (or our gas company o TV company...) will NEVER ask us for passwords by mail, phone or message
Online scams mainly take advantage of the lack of physical presence to deceive victims in a different way, but in essence they have not changed that much compared to pre-internet scams. Fraudsters play on people's hopes and desires.
Apart from phishing and its derivatives, the main online scams are:
Fake prize from abroad:
False job offer:
False purchase opportunity
Fake official documents
False request for help from a friend or relative
The fake person will then explain a fake problem for which they need urgent money sent.
Digital Rights First-Aid Kit by Prolific
Project code: 2020-1-ES01-KA204-082419
This project has been funded with support from the European Commission.
This publication [communication] reflects the views only of the author,
and the Commission cannot be held responsible for any use
which may be made of the information contained therein.