Advanced Cyber-Fraud Scams that have Fooled the Experts
by Robert Bond
Cyber-Fraud Scams that have Tricked Experts
Even Cyber Security experts have fallen for ransomware scams, online dating scams, and get rich quick schemes
Cyber-Fraud – Hackers bring old tricks to new targets
Online scams are older than the Internet itself. The Nigerian Prince scam – also known as the “advanced-fee scam” – dates back to 1588, when fraudsters sent letters claiming to be imprisoned wealthy aristocrats needing money for a bribe to help them escape prison; which, of course, they would repay tenfold upon escape. We are all familiar with the classics of Internet fraud– from the Nigerian prince, to free pharmaceutical spam emails, to the Craigslist and eBay scams offering unbelievable and certainly unrealistic deals. Today’s fraudsters have continued to refine and advance traditional techniques, so that even savvy users can be caught by shrewd scams and fraud.
The Best Online Scams Today
Hackers and scammers are using the internet to target users, preying upon greed, romance, and even convenience to trick users into divulging information, paying money, or installing malware. These three motives typically take shape as bank loan scams, online dating scams, fake ransomware and public Wi-Fi scams.
Bank Loan Scams
Popular fraud techniques have almost always targeted a victim’s money or PII, personal information such as credit card numbers, social security numbers, or birthdates. Fraudsters have continued to prey on people’s desire for a quick payday in two new ways designed to steal financial information from targets. The first is by presenting convincing and creative offers for pre-approved loans or credit cards. Hackers are able to convince targets to divulge their financial information – or even pay a processing fee – in order to receive an unbelievable deal on a loan or new credit card.
In another scam, hackers offer a too-good-to-be-true get rich quick opportunity. Cyber criminals lure targets with a promise to make money easy and fast. Well-paying work-from-home jobs (that don’t really exist) are a frequent promise. With offers of training sessions, strategy classes, live chats, or group calls, hackers promise to share their secret – all the target needs to do is pay the initiation or training fee. Both of these scams are frequently delivered via targeted email spam or phishing messages, designed to entice users with a seemingly legitimate good deal.
Online Dating Scams
Online dating sites can be dangerous. Users looking for love are a frequent target of online hackers. Fake profiles and increasingly “Chatbots” (computer programs that leverage artificial intelligence to impersonate a real user) can trick users into revealing sensitive information. Scammers frequently send URLs to target users, claiming to be sharing more photographs or other enticing information about themselves. The URL is really a malicious link tricking the user into downloading malware or malicious code designed to steal personal information or credentials.
Tinder Scam Bots are an increasing threat to those seeking love online. They frequently ask users to pay for something or download something to continue a seemingly promising flirtation. In one recent scam, scammers stole £1.6 million via an online dating site, after a woman was convinced to loan money to her new romantic interest.
Public Wi-Fi Scams
In an age when cellular data caps have users thinking twice before browsing on the go, public Wi-Fi hotspots are an enticing attraction to a scammer. Increasingly, criminals are able to utilize these unsecured public Wi-Fi networks to intercept user traffic. Users on public Wi-Fi conducting online banking transactions are a prime target to steal private data and commit identity fraud. Users must take caution when connecting in public – as you can never be sure who else might be listening on these traditionally unsecured connections.
Fake Ransomware Scams
Another rising online scam that hackers are adopting is that of fake ransomware demands. While actual ransomware attacks like WannaCry have been steadily rising since 2013, hackers are now taking advantage of consumers by demanding a ransom payment – without actually encrypting any files. While actual ransomware attacks use malware to encrypt a target’s files and demand payment for the decryption key, these new scammers use a browser pop-up or email to demand payment – without actually encrypting any files.
These scams are easy to check – if the victim is able to access their hard drive files, they aren’t encrypted, and the pop-up is a just a ruse to scare the victim. Hundreds have panicked and decide to pay the ransom without realizing they are falling victim to a scammer who has no ability to encrypt their files.
Top Defensive Security Measures to Prevent Online Fraud
Several security best-practices can be followed to prevent popular fraud techniques from making you their next target. These include email security, browser security, and Wi-Fi security measures designed to keep your information confidential and secure.
Don’t Fall for Phishing Scams – Email Security
A majority of scams target users via messages delivered to their inbox. Phishing is the leading cause of all security incidents, according to a new report from F-Secure, which found that 34% of breaches originate from a phishing email or a malicious email attachment. Get-rich-quick scams and fake bank loans are just the most recent scams using phishing to reach targets, and new and more advanced scams will continue to utilize emails. These scams can be combatted in several ways:
- Don’t click on links from email messages – users should instead type the desired URL directly into the browser.
- Utilize email filtering – common email providers like Google and Microsoft offer services that filter out SPAM emails.
- Leverage browser add-ons – like Web of Trust – to alert users when they are about to enter a malicious site (like the spoofed banking sites scammers use to harvest financial data).
Keeping Internet Browsers Secure
The previously mentioned report from F-Secure found that 21% of breaches originate from known vulnerabilities. Many home and enterprise users are slow to update their internet browser. Older versions of Internet Explorer – IE8, 9, and 10 – still make up a significant market share. Many scammers post ads to highly trafficked sites – for their get-rich-quick schemes and online dating offers – and use the known vulnerabilities in outdated browsers to install malicious software on target computers. Symantec reported on one such watering-hole attack back in 2014, and this attack vector has only increased in popularity since then.
Browsing Public Wi-Fi Securely
Users on public Wi-Fi hotspots should be wary of accessing private data over unencrypted connections to avoid potential interception attacks. This can be achieved through encryption and awareness:
- Utilize a VPN to encrypt traffic – preventing prying eyes from reading intercepted network traffic.
- Utilize a tool such as Fing, which can provide network security by keeping users updated on who else is on the network that might be watching.
Preventing Fake Ransomware
Fake ransomware demands are often delivered by email or pop-up. One easy method of checking for a scam is to reboot the device – if the demand message does not return, it was likely a simple browser pop-up and not an actual infection. Users can also review their file system, checking if files end in extensions like “.lock” or “.crypt,” to check if their files were encrypted.
The best online scams will continue to advance in their creativity and technical expertise. They will likely to continue targeting users in search of a quick payday, romance, and the convenience offered in the bank loan, dating site, and Wi-Fi attacks discussed above. As attackers continue to innovate new scams, it is more important than ever for users to be secure and aware online.
August 22, 2018