Modern fraud – what is it?
Crime against property is on the first step among all types of crimes. According to statistics, fraud is widespread both among the general population and in business, which is why in terms of the number of criminal proceedings instituted, it ranks next to theft and robbery. Such “popularity” is connected with the fact that a person voluntarily, without any effort or use of force, gives money or personal data and does not even suspect that it goes directly into the hands of criminals. In addition, it is often difficult to distinguish fraud from civil legal relations.
Phishing thieves typically obtain personal information, such as passwords, ID numbers, credit card or social security numbers, and use that information on behalf of the victim. Stolen confidential information can be used for a variety of illegal purposes, including obtaining loans, making online purchases, or gaining access to the victim’s medical and financial information.
Most people don’t know that a lot of information is already protected by encryption technology. For example, online shopping and Internet banking would not work without good encryption. Encryption is designed to protect funds and personal information. In a corporate environment, encryption should be used to protect the company’s intellectual property and innovations, as well as other sensitive data.
Encryption is the process of encoding information to prevent unauthorized access.
Identity theft is closely related to phishing and other social engineering techniques, which are often used to obtain a victim’s confidential information. Public profiles on social networks or other popular online services can also become a source of data for attackers.
After obtaining the necessary facts about the victim, the attackers use it to order goods and access the victims’ online accounts. In turn, victims may suffer financial losses as a result of unauthorized withdrawals and purchases on their behalf.
In addition, victims may be held criminally liable for the actions of perpetrators.
The most popular methods of social engineering used by fraudsters
Phishing (catch of personal data)
Phishing is one of the types of fraud on the Internet with the aim of obtaining illegal access to confidential user data. The word itself is a homophone of the English word “Fishing”, since the technique uses the same logic of “catch”.
If you’ve ever received an email purporting to be from a bank or other popular online service asking you to “verify” your account details, credit card number, or other sensitive information, then you know what a phishing attack looks like.
96% of phishing attacks are by e-mail. Another 3% are carried out through malicious websites and only 1% – by phone. Research by Symantec shows that in 2020, at least one out of every 4,200 emails was a phishing email.
The goal of phishing is to obtain valuable data that can be sold or used for malicious purposes, such as extortion, stealing money or personal information. To do this, users are offered some service or opportunity that attracts them to such actions. For example, users of the social network Instagram are offered to find out who visited their personal page (although in fact the social network itself does not provide such an opportunity), and customers of online stores are offered a product at a crazy discount.
Fraudsters “bait” user data under various decent pretexts: checking authorization on the site, the need to “unsubscribe” from spam in e-mail, paying for a purchase at a low price or with a large discount, the need to install a new application.
One of the first major, albeit unsuccessful, phishing attack attempts was in 2001. The perpetrators, taking advantage of the chaos of the 9/11 terrorist attacks, sent victims an email purportedly for ID verification. The obtained data was used to steal bank data.
According to the APWG Global Phishing Study, 2016 saw more than 250,000 unique phishing attacks using a record number of domain names registered by attackers, surpassing the 95,000 mark. In recent years, cybercriminals have tried to target banking and financial services, e-banking users, social networks, and email credentials.
Vishing (telephone fraud)
Vishing is a type of fraud in which attackers use a telephone connection to force a person to tell them their confidential banking or personal data or encourage them to perform certain actions with their bank account or bank card. At the same time, fraudsters skillfully play a certain role (as a rule, a bank employee, a technical specialist, a service provider, a government organization, an IT service employee, etc.) and use techniques, methods and technologies of social engineering.
The most popular vishing methods:
– masquerading as tech support: calling purportedly from the victim’s ISP or a known software or hardware vendor and claiming to have discovered a non-existent problem with the victim’s computer, then demanding payment to fix it, sometimes downloading malware in the process;
– warning: the practice of sending automated voicemail messages to a large number of victims, using scare tactics. For example, attackers claim that users have unpaid tax bills or other fines and demand that they call back immediately;
– telemarketing: this is a call with the message that the recipient has won a valuable prize, but before receiving the prize, the victim allegedly needs to make a preliminary payment;
– we already know phishing: fraud can start with a fake e-mail or SMS that prompts the user to call a certain number.
A case from Twitter, in which fraudsters extorted login data from employees, shows that even tech-savvy users can become victims of vishing. In this case, the stolen information was used to access celebrity accounts in order to spread a cryptocurrency scam.
Smishing (SMS scam)
Another type of deception using communication services is smishing (English smishing – sms+phishing). This criminal scheme is aimed at making the user click on a malicious link from an SMS message.
A smishing message can take the form of a message from a well-known bank, a familiar company, or simply be a notification about a sudden lottery win or a big promotion. In the case of SMS, it is a bit more difficult to detect the scam than during phishing, because the messages are small and have less information, apart from the link itself.
Most likely, this will be an offer to follow a link and enter data, or simply call or send a return message, which will incur some costs. It is necessary to remember that any such alerts should alert. You should not answer them, you should check the information again by calling the hotline of the real service.
Phishing attacks are not usually associated with SMS, although it is actually much easier for attackers to obtain a phone number than an email address. Because phone numbers have a finite number of options, while an email address can be of any (reasonable) length. Additionally, an email address consists of letters, numbers, and some valid characters (such as #, !, and %). Therefore, it is much easier to randomly pick the right 10 digits of a phone number to attack a victim than it is to calculate an email address.
Scammers can simply send out their messages using different combinations of the right number of digits. They can go through all combinations of numbers without any problems. According to research firm Gartner, people read 98% of text messages they receive and respond to 45%. While – according to Gartner – only 6% respond to emails.
Baiting (fraud through external media)
Baiting is a technique of social engineering (method of manipulation of human actions) used by criminals in which the victim is thrown something to make him act.
This method of social engineering uses a kind of “bait” to trick potential victims into using harmful products. Scammers usually use sites or links for this, offering to get anything for free (for example, a movie, book, song, or other digital file). The hacker may ask you to create an account or immediately download a file that automatically installs a malicious program on your computer.
Baiting can also take a physical form: for example, fraudsters can leave a USB stick with the inscription “Q1 release plan” or a hard drive with malware in a public place and wait until someone curious picks them up and tries to find out what is on them. As soon as a person connects a flash drive or disk to the computer, the hacking program is automatically activated and downloads a malicious file to the victim’s computer, which allows the criminal to take over the network.
How to protect yourself from fraudsters?
- Be careful with links and attachments in emails
- install reliable antivirus programs
- use reliable security solutions for your accounts
- beware of attractive offers
- learn about social engineering techniques
Citizens of Ukraine have the right to file a complaint in the event of a violation of their rights to the Ombudsman – the human rights representative of the Verkhovna Rada of Ukraine.
A complaint is an appeal with a demand for the renewal of rights and protection of the legitimate interests of citizens violated by actions (inaction), decisions of state bodies, local self-government bodies, enterprises, institutions, organizations, associations of citizens, officials.
The Commissioner accepts and considers appeals not only from citizens of Ukraine, but also from foreigners, stateless persons or persons acting in their interests, in accordance with the Law of Ukraine “On Appeals of Citizens”.
Appeals are submitted to the Commissioner in writing within a year after the discovery of a violation of the rights and freedoms of a person and a citizen.
The procedure for applying to the Ombudsman
Send your appeal by e-mail: hotline@ombudsman.gov.ua.
The appeal must state the citizen’s surname, first name, patronymic, place of residence, outline the essence of the raised issue, remarks, proposals, statements or complaints, requests or demands. The written request must be signed by the applicant(s) and dated. The e-mail must also include an e-mail address to which a reply can be sent to the applicant, or information about other means of communication with him.
An appeal made without complying with the specified requirements shall be returned to the applicant with relevant explanations no later than ten days from the date of its receipt, except for the cases provided for in the first part of Article 7 of the Law of Ukraine “On Appeals of Citizens”
You can get an application form:
– in the public reception of the Commissioner;
– in regional public receptions of the Commissioner;
– download via the link.
Box or mail:
– through the box at the address: str. Instytutska, 21/8, Kyiv;
– through regional public receptions of the Commissioner;
– by mail to the Secretariat of the Commissioner of the Verkhovna Rada of Ukraine on Human Rights: str. Instytutska, 21/8, Kyiv 01008
Hotline of the Commissioner’s secretariat
0-800-501-720 and to the Secretariat of the VRU Commissioner for Human Rights 044-299-74-08.
More information and the schedule of reception of citizens can be found on the website: https://ombudsman.gov.ua/
baiting / copyright / intellectual property / phishing / smashing / vishing
