CYBER FRAUD
What do you mean by cyber fraud?
Types of Cyber Fraud:
Due to the rise of cyber fraud that occurs on a daily basis, the term has grown to cover a wide range of criminal activity. At its core, cyber fraud is any crime that is committed with the use of a computer or to computer data. This can look like many things, such as:
How serious is cyber fraud and how does it occur?
The world of cyberspace is growing. We now save more personal and financial information on the internet than ever before, which has led to an increase in cybercrime. The seriousness of cyber fraud offences is increasing.
Consider the following scenario:
The world of cyberspace is growing. We now save more personal and financial data on the internet than ever before, which has unfortunately resulted in a surge in identity theft. Any fraudulent crime that is carried out via a computer or computer data is referred to as cyber fraud. The crimes are numerous.
Fraudsters can access victims' personal information, online accounts, and bank accounts using the internet. The money and information obtained from this can subsequently be used to sponsor terrorism. Because of the widespread and widespread usage of online banking and mobile banking, thieves have more options than ever to commit cyber fraud. It is an extremely serious crime that must be dealt with harshly.
In 2017, the United Kingdom had a strong response to cyber fraud, with cyber card fraud offences falling by 8%. This is the first time since 2011 that cyber fraud offences targeting the financial industry have decreased in the United Kingdom. Furthermore, the UK market is the first to see a decrease in cyber fraud offences involving card not present (CNP) transactions. This is owing to the UK's efforts to combat cyber fraud, in which it has partnered with banks to invest in more powerful security measures.
However, this has not been the case throughout Europe, since cyber fraud offences targeting the financial industry, particularly CNP transactions, continue to be perpetrated in Denmark and Hungary.
Cyber criminals are reducing the time it takes to launch computer attacks that take advantage of publicly disclosed security holes. According to IBM’ s latest Internet Security Systems XForce report, there are two growing trends in Internet threats:
Details: Though researchers have typically waited until the affected company has released a software patch before revealing details, increasingly they are releasing not only details of the vulnerability but also proof - of - concept exploit code to show that the fl aw is legitimate.
Problem: This gives criminals a framework for creating new cyber-attacks. Example: In Web browsers, hacking exploits are now available within one day after flaws are discovered 94 percent of the time — up from 79 percent in 2007.
For decades, computer security specialists have spent the lion’ s share of their budgets hardening their organizations’ defences against external fraud and cyber - crime threats.
Most common: Viruses, worms, Trojan horses, keyloggers, and other common forms of malicious attack that resulted in either system sabotage, theft of confidential information, or diversion of the organization’ s financial assets or those of its customers. Only in the past few years has it become abundantly clear that insiders are equally if not more serious fraud threats to their employers than outsiders.
Result: Today, any organization lacking a stringent set of internal computer security policies, processes, and procedures to counter the numerous threats of insider fraud puts itself at serious risk of financial and reputational damage, as well as legal and/or regulatory repercussions in the event of a successful insider attack.
The good news: While monitoring and assessing insider computer fraud risks is potentially complex and costly — as are the identification and implementation of optimal antifraud technology, policies, and procedures — understanding the actual nature of the insider computer fraud threat is surprisingly simple. Key concepts.
According to key research, the varieties of computer fraud are equally straightforward.
These are illegal transactions initiated by a trusted insider, such as unauthorized billing transactions that result in disbursement of company funds to the perpetrator or a shell company he or she controls. These frauds can also involve manipulating the organization’ s computer data pertaining to one or more customers, vendors, products, accounting entries, salespeople, and so on that the perpetrator exploits at a later time.
This is a common technique in many billing schemes. Examples: A purchasing associate who is perpetrating a billing scheme can intentionally prevent a bogus invoice from being entered into the payments system.
Also common in billing schemes or collusion, these involve fraudulently increasing or reducing amounts charged to a particular account.
Computer systems for legitimately correcting accounting errors or to record adjustments to inventory loss or spoilage can be abused by employees with access to such systems by falsifying entries to cover up outright theft or more elaborate billing schemes. Related schemes: Entering fraudulent error corrections or intentionally omitting such corrections to conceal fraud.
Examples: Opening a fraudulent new account to receive automatic payments from payroll, retirement, unemployment, or welfare systems, destroying records of a fraudulent account, or fraudulently increasing a credit limit on a revolving credit line.
Common examples:
Though e - mail evidence continues to play a powerful role in fraud investigations and litigation, technology is evolving in such a way that tech - savvy fraudsters are creating digital evidence in a variety of new formats. For attorneys and fraud investigators, this means searching for digital leads in the form of instant messages, Web content, metadata, and an expanding list of other sophisticated data formats. When searching for cyber clues, fraud investigators and counsel should consider the following electronic gold mines:
How to detect Fraud & Identify Theft:
The sooner fraud is detected, the lower the financial impact. Often the victim is the first person to discover fraudulent activity. Follow these suggestions to recognize the warning signs of identity theft:
Check your account activity frequently for anything unusual. View your online accounts to detect fraud earlier and contact your financial institution immediately if you see anything suspicious. Also, keep an eye on accounts that belong to your children, parents or other family members. If you suspect that any of your accounts with Ally have been compromised, please notify us immediately using the Contact section at the top of the page.
Whenever possible sign up for email or text alerts that notify you when certain events occur such as ordering checks or reissuing debit or credit cards. It’s also helpful to set up threshold alerts to notify you of low account balances or unusually high account transactions. Alerts like these can help signal fraudulent spending, so you can put a stop to it quickly.
Consider signing up for a credit monitoring service that notifies you when changes are posted to your credit report. This is one of the fastest ways to find out if someone has opened new accounts in your name.
If it sounds too good to be true, it probably is. Scams are not only limited to the Internet. Criminals also use phone, text, social media and email scams to gain personal information and commit fraud and identity theft. Here are a few typical identity theft and fraud scams.
Criminals are actively using email schemes to defraud financial institutions and their customers by deceiving them into conducting wire transfers that appear legitimate.
These schemes often target individuals purchasing real estate or other parties involved in the transaction (broker, title agent, attorney, buyer/seller), for the purpose of altering the payment instructions and diverting funds used to close the deal. To avoid falling victim to these wire transfer scams, make sure to:
Stay in the know about the latest scams and tactics by visiting Onguard Online . This is a Federal Trade Commission (FTC) maintained site that provides practical tips on how to guard against Internet fraud, secure your computer, and protect your personal information.
Also, take the time to verify any calls or emails that you receive about your finances by contacting your financial institution directly. Locate the contact information from their company website, your online statements or other materials from the company.
Malware is the term coined for malicious software designed by cyber criminals to damage a computer or network of computers. Malware comes in the form of viruses, worms, spyware, botnets, and other sinister - sounding cyber concoctions.
Important: Before use of the Internet became so widespread, most malware was created as pranks or vandalism. Now, however, malware makers are after big profits.
Example: Spyware is the term for malware programs that track the user ’ s computing activities and secretly gather information for advertisers or other parties.
It is often installed without consent during another program download or when the user clicks on an untrustworthy pop - up window. Similarly, latest generation Trojan horses are so sophisticated that the criminals who distribute them can use them to grab filled - out forms such as credit card applications, mortgage papers, and other documents containing confidential personal information while the victim is completely oblivious to the theft.
Moreover, as companies store larger and larger amounts of customer information, those that are unprepared are at greater risk of a malware infection resulting in a data breach. Customer information in the hands of criminal’s results in costly identity fraud and equally burdensome damage control for targeted organizations.
Preventive basics:
How You Can Reduce Your Risk of Cyber Fraud:
The Pervasiveness of Cyber Fraud:
Cybercriminals are continually refining their attack strategies in order to find new ways to get around controls and steal assets and money.
1.7 Million Fraud Reports |
26% Have been breached |
375 thousand Malware threats |
In 2019, the Consumer Sentinel Network, the Federal Trade Commission’s database that stores reports from consumers about problems they experience in the marketplace, registered over 1.7 million fraud reports, totalling $1.9 billion in losses, an increase over 2018. (Consumer Sentinel Network Data Book 2019, January 2020). |
Globally, 49% of companies surveyed say they have experienced a data breach at some point and 26% say they have been breached in the last year. (2020 Thales Data Threat Report Global Edition). |
McAfee Labs observed 375 malware threats per minute in Q1 2020. (McAfee Labs COVID-19 Threats Report, July 2020). |
|
|
|
Cybercriminals frequently gain access to information by using known flaws in the software and operating systems that run your computer or phone. Updates are crucial; patching these flaws and vulnerabilities can make it less likely that you will become a victim of a successful cyberattack.
Cybercriminals also use technical attacks to deploy viruses, botnets, malware, keyloggers and spyware to infect or take over your machine. Most new machines will come with a free anti-virus software trial pre-installed that you can purchase once the trial is over, but there are literally hundreds of anti-virus applications available. Make sure the software solutions you choose provide adequate protection, keep them updated with the latest virus definitions and schedule full scans for at least once per week.
Do not repeat passwords across multiple websites, change your passwords every three to six months, and create strong, difficult-to-guess passwords. New research indicates that long passwords can be just as effective as passphrases if you avoid terms or names that can be directly tied to you. Remember to use a combination of letters, numbers and symbols whenever possible. For a brief description of passwords and passphrases, visit SANS Security Awareness.
It may seem daunting to manage all of your devices, but starting with your internet router will improve your security at the source. Change the password from the default provided by your ISP, and choose the appropriate encryption, starting with at least Wi-Fi Protected Access 2 (WPA2). Also, check your router to see what is connected; the number of items connected may surprise you. To view a quick guide regarding router security, read How to Boost Your Router Security from Consumer Reports.
For mobile devices, enable a PIN/passcode and choose the option within your settings for auto-lock. For computers, keep multiple profiles, which will enable you to apply restrictions to accounts used by younger children.
Even the best machine or device may become compromised or crash. Regular backups to an external hard drive will help you recover your information in these situations. They can be purchased at any electronics store and programmed to perform nightly backups of either specific files or everything on your computer. Make use of redundant backups by using an external hard drive and a secure cloud provider for irreplaceable items, such as family photos.
Young children are vulnerable to even the most basic of cyber tricks. Teenagers, while savvy, are online more frequently and often visit riskier sites, such as file sharing platforms for movies, videos and games. And older family members have what every criminal wants: financial assets and limited digital knowledge.
Certain types of personal information can be used to commit fraud, such as account takeovers, unauthorized money transfers or new lines of credit opened in your name. This may result from malware on your computer, social engineering that tricks you into giving personal information over the phone or internet, or a thief stealing your mail or trash to access personally identifiable information. You can protect against identity theft by following several best practices — including shredding sensitive documents, avoiding suspicious links and attachments in your email, learning to recognize and block Smishing attacks and reviewing your credit report on a regular basis.
If you discover that your information has been exposed, you may want to enable a fraud alert or a credit freeze on your credit information. A fraud alert on credit reports requires potential creditors to contact you and obtain permission to open new accounts or lines of credit. A security freeze may help block institutions or lenders from accessing your credit report, unless a pre-set PIN is provided to “thaw” the report, which prevents them from opening new accounts in your name.
Do not automatically hand over social security numbers, account numbers or other highly sensitive information just because you are asked. Also, never release your credit or debit card information to someone who initiates contact with you.
There has been a 350% surge in cybercrime cases registered in India*. From crude phishing emails to sophisticated malware attacks, the thefts are designed to steal private data or disrupt access to your systems
Factors like high-speed internet connectivity, increase in smartphones usage, and lack of awareness about Internet security often play a role in consumers falling prey to cyber criminals.
While it is advisable to be safe and secure, it is equally important to know what to do when you become a victim of cybercrime.
Here are some actions you should take to minimise the risk.
In case of an ongoing attack on your computer or IT infrastructure, your first step should be to disconnect the device from the Internet as this is the most effective way to prevent further loss of data
In case of cyber bullying or cyber stalking, one should simply step away from the screen before proceeding to initiate legal action.
In the event of a successful phishing attack where you are conned into revealing private and confidential information, you should immediately initiate steps like:
Do not ignore and delay the process, initiate legal action even as you are trying to minimise the negative consequences of the cybercrime. Contact your local Cyber Crime Investigation Cell to file a written complaint against the cyber criminals. Provide detailed information about:
Never make the mistake of presuming that cyber criminals cannot be caught. Provisions under the Information Technology Act and the Indian Penal Code define cybercrime as a punishable offence. Complaint against a crime committed in Delhi can be filed even in Mumbai. Hence, don’t delay filing the complaint because the cybercrime occurred when you were out of town.
Theft of your virtual identity can be misused by the cyber criminals to steal information and data from all your online contacts. Use social media to spread word about the incident. This simple step will minimise risk of your identity being misused to commit further crimes, and will ensure better awareness about cybercrime amongst your friends and relatives.
Install licensed antivirus software, use a strong password with a combination alpha numeric character and never disclose your banking details to anyone.
While cyber thefts continue to remain a challenge and no one is immune to it, however the right action at the right time will definitely help reduce the damage.
Real examples:
You wake up on a weekday morning and see an email notification on your phone. It lets you know that your Facebook email has been changed to an old Hotmail address you haven’t used in years. The next email in your inbox informs you that your Facebook password has been changed.
You sit bolt upright in bed. This can’t be right! You try to log into Facebook, but your old password won’t work.
Okay, don’t panic. This can be fixed. You find that one of the notification emails has a link to secure the account if this change was unauthorized. Relieved, you click it, ready to get your account back. But the whole page is in Turkish, incomprehensible. You can’t make heads or tails of it, or find a way back into your account.
Pulling up your account by URL you find somebody else’s face on your profile, and somebody else’s name. Your account has been invaded, and somebody else has taken your place. They have access to all your messages, your friends, your photos and personal information about you stored in your account. Even other websites and apps that you use Facebook to access.
Somebody has stolen your digital life from you!
The Reality
This really happened to Jeff Bercovici, Inc.’s San Francisco bureau chief.
So how did the hacker get access to his Facebook profile? Through an old Hotmail address that Jeff hadn’t used in years. Hotmail will release old addresses to be re-registered if they haven’t been in use for two or more years.
This old email account was still connected to Jeff’s Facebook profile, and the hacker was able to use it to get in. He then changed the password and the primary email and took total control of the account. If Jeff wasn’t a tech journalist with connections at Facebook, it might have taken him a lot longer to get his account back.
What can you do to prevent this?
You’ve had a great weekend up in the mountains, enjoying the clean air and beautiful weather. You phone hasn’t rung once, and you honestly haven’t missed it.
You pull into the driveway, and suddenly your phone blows up with messages, emails and notifications. It seems your bank card’s PIN has been changed and multiple withdrawals have been taken out of your accounts.
How was this possible? You set up two-factor authentication for all of these services, nobody should be able to access them without a code sent only to your phone.
You immediately call your bank, only to find that you have no cell service. You only got these messages because your home wifi connected. You can’t make or receive calls at all! Somebody has stolen your phone number. And with it, your bank information, your social media accounts, your email.
You see messages pop up from some of your friends, wondering why you’ve been asking for so much money...
The Reality
This is exactly what happened to Christine, who writes the Her Money Moves blog. She suspected that hackers somehow got to her money through her use of a mobile banking app, despite the fact that she never saved her password in the app.
It’s impossible to know how exactly they got access to her banking information, but they certainly took control of her phone number.
This kind of theft is becoming more and more common. With a few basic pieces of information, like the last four digits of your Social Security Number (perhaps from a website breach), somebody can impersonate you when calling your cell service provider. They might even go so far as to walk into a cell phone store and impersonate you, complete with a fake driver’s license.
Once they have your number attached to their phone, all of your two-factor authentication becomes meaningless.
What can you do to prevent this?
It might seem like there’s nothing you can do here, but there are a few important preventative measures you can take.
You wake up one morning and find yourself locked out of your Instagram. Checking your feed, you can see that somebody has been deleting your photos, uploading other ones.
Somebody has stolen your Instagram account. You don’t want to care, but it’s an important part of your professional life. You had a verified account, surely it can’t be that hard to get it back.
But the company is run by ghosts. Nobody responds to your support requests. You try their website, but the “help centre” is useless. Every article leads back to an article you’ve seen before, a form you’ve already tried. You wander this maze of “help” pages endlessly, submitting forms and getting no response.
And through all of this, nobody will talk to you. Not one single human has reached out to you about your issue. Days turn into weeks, and you try everything again. Weeks stretch into months. Still no response. You try every help form again, and again, and again.
Finally you realize that you are alone. Nobody is ever going to help you get your account back. The only replies you can expect are from robots: cold, uncaring, and unable to help you.
The Reality
Rachel Tsoumbakos detailed the arduous process of trying to get her account back in this blog. She submitted form after form, tried every support address she could locate, and nobody would help her.
Her blog chronicles months on end of trying to get her account back, as well as the process that finally helped her get access.
She was contacted by what seemed to be a person but was probably just a bot, asking for a picture of her holding a hand written sign including a code they’d sent her. It took a few tries, and she found that writing in thick black marker was what did the trick.
After 7 months of waiting, she was finally granted access to her account again.
What can you do to prevent this?
First, do everything you can do lock your account down. The best way to deal with this is to prevent yourself from getting hacked in the first place. See our instructions for Facebook above, which include:
If you’ve already been hacked, here are a few Instagram resources: