Amber Mason December 13, 2023
Understanding Internet Fraud and Cyber Scams
Internet fraud. You’ve heard of it, you’ve probably seen it, and you’ve maybe even been a victim of it (although we hope not). Fraud has always been a threat to people even before the age of the internet (see the Spanish Prisoner scam from the 19th century!), and this ever-growing digital landscape, it doesn’t seem to be going away anytime soon either.
Online fraud, and fraud scams in general, are only going to become more prevalent and sophisticated as more and more personal information becomes available online. “Internet fraud” is the general term used to describe cybercrime activities that are designed to get money or personal information from you by using trickery and deception tactics through the internet or another IT device. Scammers use websites, email, chat, and more in order to distribute their scams and get in touch with their chosen victims.
Knowledge is your first defense against any sort of online scam or attack, so be sure to keep reading to learn about the different types of scams, how to spot them, and how to stay safe online.
Types of Fraud
There are many, many different methods hackers use to scam you. They can use malicious software, email (most often a phishing attack), messaging/chat services (to spread malware), fake/spoofed websites (to steal data), phony phone calls, and more to distribute scams to target victims. There are hundreds of thousands of different tactics scammers can use to get what they want, but some of the most common types of internet fraud are some form of phishing attack (read more about those here):
- Nigerian Prince Scams
- Identity Theft
- Credit/Debit Card Fraud
- Employment Fraud
- Charity Fraud
- Dating Fraud
- Grandparent Scams
- Tech Support Scams
Nigerian Prince Scams
The Nigerian Prince scam is probably one of the oldest forms of fraud on the internet; in fact, this scam has been around since the 19th century (when it was known as the Spanish Prisoner scam and took place through traditional mail)! I’m sure at some point, you’ve received or know someone who has received an email from some great Nigerian Prince, telling you of his tales of woe and asking for help, promising a great reward of riches once you help them (Hint: this is a lie, don’t fall for it). This scam involves hackers/scammers reaching out to potential victims as a person of wealth or status and promising a large sum of money in return for some sort of help – this scam is a type of phishing attack. Most often, the victims are told they must make an upfront payment or share details of their personal information to receive the promised reward. The Nigerian Prince scam, also known as “advance fee fraud” or “419 fraud” (called this because the number “419” refers to the section of the Nigerian Criminal Code dealing with fraud and the charges and penalties for such criminals), often employs the following elements:
- The hacker impersonates a wealthy individual, such as a person of nobility, royalty, or a high-ranking official in need of help; typically crafting the story that they have run into trouble and have lost access to their wealth, and need your help to get it back. Hackers can change their attacks with the times and current events, so now instead of getting an email from a prince in Nigeria, you might get a contact from Ukrainian business people in a refugee camp or from U.S. soldiers in the field, asking for your help and are prepared to unlock their money for you in return for your assistance. No one, not even a U.S. soldier will directly contact you to ask for money or any other personal information. No matter who is pretending to contact you, if you receive any sort of suspicious email or contact from someone promising a great reward for very little work, just ignore it, mark it as spam, and delete it.
- The hacker creates an appealing backstory to manipulate the victim’s emotions. This backstory is created to appeal to people’s sense of kindness, greed, or sense of responsibility in order to get them to do what the scammer is requesting. The typical backstory for this fraud tells of scammers in situations where they have had their children taken hostage, have spiteful relatives that are trying to steal their wealth, or are facing political unrest making them fugitives or prisoners. The main element of every story is that the scammer does not have access to their money, but their immense riches can become yours, as long as you help them get it back.
- Requesting action or assistance, such as wire transfers for payments or sharing personal information. Once the hacker has pleaded their case by presenting you with their tragic backstory, they will ask you for help in regaining their wealth and promise a significant reward in return. These scammers usually ask for wire transfers in order to pay their prison bail, to bribe corrupt guards, or to pay to release their children from kidnappers. Other times, these scammers may ask for personal information such as your social security numbers, identification, and bank account details, and then promise to transfer their fortune to your bank account for safe keeping. Scammers ask for money in this manner because it is hard to trace, and even harder for you to get back.
- Disappearing once the victim complies. After the targeted victim has revealed their personal information or transfers the requested money, the scammer simply disappears! Don’t count on receiving any sort of promised reward, because there was never one to begin with.
Identity theft happens when someone steals your personal information and uses it without your permission. Criminals can get your information through a variety of ways including the actual theft of a wallet or purse, installing card skimmers at ATMs or gas pumps to steal card information, buying information online, and lots more, but we will focus on the digital aspects of this crime. Identity theft can happen in numerous ways online:
- Data Breaches – occur when a hacker gains access to an organization’s client/consumer data without the organization’s consent. The most common types of information stolen in data breaches include people’s full names, Social Security numbers and credit card numbers.
- Unsafe Browsing – be careful when submitting your information online. In most cases, you can remain safe online by visiting only trusted and well-known sites. However, if you share your information on – or sometimes even just visit – a website that is not secure or one that has been taken over by hackers, you could be giving your personal data directly to hackers. Remain vigilant online; don’t click on anything unless you know exactly where it will take you, and don’t give up or input any of your personal information unless it’s from a secure website.
- Malware – software designed to perform malicious activity such as steal login information or record your online activity and keystrokes on your devices. Malware can get on your device in multiple ways (check out our blog on Malware for more details), but it can give hackers access to all sorts of personal information on your computer.
- Phishing/Spam – phishing occurs when hackers masquerade as a trusted person, company, or brand in order to trick the victim into giving up their personal information or money (see our Phishing Blog for more information). Phishing comes in many forms, but the most common form of attack seen is through email or text.
- Wi-Fi Hacking – although not necessarily performed online, wifi hacking occurs when a victim logs onto a public wifi, such as at an airport, public cafe, or department store, that has been hacked by scammers. These scammers can “eavesdrop” on your activity over the hacked wifi, so any activity you do while on that wifi allows the hacker to see it as well (if you enter a password or log in to your bank, the hackers can see it).
- Dark Web Marketplaces – sometimes when hackers steal your data (through any of the methods mentioned above), they choose to pawn it off to other malicious actors instead of using it themselves. That’s where marketplaces on the dark web come in; they offer hackers a hidden and anonymous platform to buy and sell illegally obtained information like social security numbers and more.
Credit/Debit Card Fraud
Credit and debit card fraud are a form of identity theft that occurs when someone, like a malicious actor, uses another person’s card or card information to purchase something without their permission. Hackers do not have to have your physical card to commit this fraud. Scammers can get your card information by installing skimmers at public ATMs or gas pumps to read and record your card information for hackers to make duplicates of your card, by committing actual theft of your purse or wallet, or, more commonly, by online methods such as phishing and the distribution of malware; some hackers purchase your already stolen card information off the dark web for use as well, or can access your card information from a data breach. If a hacker already has your personal information, they can use it to open a credit card under your name and begin charging it. Knowing the warning signs of credit card fraud can save you and your bank account from the headache of trying to mitigate this issue once it’s already happened. If credit card fraud goes undetected or unreported, it can negatively affect your credit score, and you will not receive compensation for any fraudulent charges made with that card. In the instance that your bank offers an online app/portal, you should access the app/portal on a secure device in a secure location (not connected to public WiFi) and be regularly reviewing your debit and credit card accounts to keep an eye out for any unknown charges or unauthorized purchases, even if they’re for less than $5. If you notice something suspicious or see a charge you don’t recognise, contact your bank right away or submit an emergency claim online (some banking apps give you the ability to freeze your card directly from the app until the issue is resolved or they can send you a new card). Some warning signs of credit and debit card fraud to know are:
- Unfamiliar or unknown transactions on your monthly card statements
- Smaller, unrecognized charges to your account; hackers use these to avoid detection
- Blocked access to your account or changed username/password data that you did not do
- Unauthorized changes to your credit report such as new opened accounts or address changes you did not do yourself.
- Unexpected calls from collection agencies or creditors, especially if they are inquiring about charges you do not remember making.
Online resources like LinkedIn or Indeed are great for connecting job seekers to potential employers, but scammers can also take advantage of these job-posting platforms as well. Don’t instantly trust anything you see on Indeed or Linkedin or any online job posting site, because even though the actual platforms themselves may be real and trusted, sometimes the people using them aren’t. Scammers will create fake job listings, send out fake job offers through email or DM, create ads for the fake listing, and once someone applies, they will then ask the applicant during the application process for sensitive information such as their SSN or banking information, or they might say you have to pay for training or equipment before you start. Either way, a real job listing will never ask you for such information during an application (and if they do, run), neither will they ask you to pay a fee or for training before you’ve even started. But once the scammer gets what they want from you, whether it be money or personal information, they simply disappear; much like the Nigerian Prince scam because there was never a real job offer to begin with. This isn’t meant to deter you from applying online, but you should be wary of listings, and be sure to:
- Be cautious of any employment opportunity that requires a payment or a fee for securing the job.
- Exercise caution if employers request payment for training or necessary tools before your employment commences.
- Approach job offers with skepticism if they seem overly enticing or appear too good to be true.
- Stay alert when filling out job applications that request excessive personal data, such as your Social Security Number or banking information.
If you run into any of these warning signs while applying for a job, you should cancel the application and move on; it is most likely a fake employment listing, or a listing from a shady employer you wouldn’t want to work for anyway.
In addition to fake job listings, scammers will also pose as fake career consultants or an industry professional reaching out with helpful information or claim they can assist in the job search process . . . for a fee. Just like many other forms of phishing attacks (phishing attacks are very common in fraud schemes, so make sure you read up about it here), once the scammer has received the fee for their “services” they will disappear without giving you any of the help they promised. If you receive any contact from someone claiming to be from a consulting service or is offering information about optimizing your candidacy for a position, and they ask for a fee or payment before doing anything, it is a scam; you should be wary of any contact you receive like this anyway, even if they don’t outright ask for money.
This type of scam most commonly increases during the holiday season as well as during natural disasters and emergencies. A scammer will pose as a real charity, or make up the name of one that sounds real in order to trick you into giving donations. Once the scammer gets your money, they will either disappear, or may even contact you again looking for more money; either way, they are not working with any real charity, and any money you “donate” goes right into the pockets of the scammer. These scammers can contact you through multiple methods, but the most common form of communication is through call or email. The scammer will call, email, or even send a DM, posing as the charity and asking for donations. As a general rule, you should be wary of any charity that contacts you directly about giving donations, especially if they state they are following up with a previous donation you never actually made. Scammers are hoping to take advantage of people’s kindness, and catch them off guard – don’t let them! If you are contacted by a charity you’d actually want to make a donation to, do not give any information or money over the phone (and just hang up) and instead do research on your own to determine if the charity is legitimate or not, and make your donation through the organization’s authentic website, or reach out to a listed team member on the site about making a contribution.
Online dating platforms are another way scammers can take advantage of you. Cybercriminals involved in romance scams create fake online personas on dating platforms, apps, or reach out to victims via well-known social networks such as Instagram and Facebook to start a relationship. These scammers initiate relationships with their targets, aiming to gain their trust, often engaging in frequent conversations or messaging them daily. Through this chatting, the scammer will earn you over and make you care for them (“them” being the fake persona the scammer created) and then create a narrative that ultimately leads to their request of asking you for money. They could say their car broke down or they need money for medical bills or they can’t afford a ticket to come visit you, but whatever the reason, they are unable to pay themselves and are requesting your “help”. Once the scammer receives the help (aka, money) they are looking for, they will begin crafting another story of needing your help again for another issue, or will simply disappear.
It can be hard to spot online dating scams, but some of the tell-tale signs of spotting scammers performing this type of fraud are:
- The scammer will tell you they cannot meet in person. They will always have an excuse they can’t meet, whether it be they’re working for the military, on an oil rig, or for the government or an international company, or are traveling overseas. Obviously they don’t want to meet you, since you’d discover they’re not who they’re pretending to be online! The scammer will always have an excuse.
- The scammer will ask you for money, or “help”. Once the scammer has built a relationship between you two, they will begin crafting a story of needing money to solve whatever made-up problem they create – they may promise to pay you back, but this will never happen. Because the scammer has won your trust, and you believe you are in a relationship with the person the scammer is pretending to be, it is a lot easier for the scammer to get you to do as they ask because you believe you are actually helping a significant other. Don’t fall for it. You should never ever send money, gifts, or even give your super personal information to someone you’ve never met in real life, even if they seem like a true prince charming. You never know who is actually behind the screen.
- The scammer will tell you how to pay them. All scammers, in general, want to get your money as quickly as possible, and want to make sure you cannot get it back (at least not without a lot of effort). Once they’ve gained your trust and gotten you to agree to helping them, scammers will tell you to wire money through a company such as Western Union or MoneyGram, tell you to put money on gift cards (like iTunes, Google Play, Steam , or Amazon) and give them the PIN codes for those gift cards, ask you to send money through a money transfer app (like Zelle or PayPal), or tell you to transfer cryptocurrency instead. All these forms of money transferring are very hard to trace or undo, so once the scammer has your money, they can easily disappear without you ever having hope of getting it back.
Bottom line is, you should never send money or gifts to an online sweetheart without meeting them in-person first.
Unfortunately, no one is safe from online fraud as scammers don’t discriminate, but seniors are the most affected by fraud; scammers will use the most deceptive tactics to get your money or information. A grandparent scam occurs when a scammer calls a grandparent and pretends to be a grandchild in trouble and in need of money, but are too scared to tell their parents. Often, the scammer calls from a “spoofed” (faked) number that mimics the real phone number of the person they’re pretending to be, to make it more believable. Scammers first get information about their victims through search, other types of scams, or purchase/look up already stolen information on the dark web; in most cases, your information exists somewhere online for scammers to use without you even knowing it. Once they have the information they need, the scammer will call a grandparent pretending to be one of their grandchildren or another family member such as a niece or nephew, and the scam begins. Often, scammers will introduce themselves as the grandchild then say they have been in an accident or got arrested, will plead with the grandparents to not tell their parents, and then pass the phone off to someone pretending to be a lawyer or police officer to handle payment; with the rise of AI, scammers can now even replicate the voice of the person they’re pretending to be from just a few seconds of sample audio, further adding to the depth of this scam. Overall and unfortunately, most grandparents fall for this fraud, but by taking the time to look at the situation as a whole, the effectiveness of these scams can be lessened. People of all ages should be wary when receiving calls or some form of contact urgently requesting money, but especially for grandparents and seniors, here are some things to keep in mind:
- Verify the story before you send money. Scammers play on a sense of urgency to get you to act without thinking and just give them the requested money without verifying anything. So if you receive a call with someone claiming to be your grandchild and saying they are in trouble or danger, don’t give in to their requests. The scammer will tell you not to contact the parents because they fear getting in trouble, but this is really because they don’t want you to find that there is no issue and your grandchild is perfectly fine. By taking the time to contact the parents of the child claiming to be in danger or another family member and explaining the situation to them, you will likely discover that the call you received was a lie, and everyone is actually doing okay. Do not act without verifying that the call you received was legitimate with another trusted family member – more often than not, you’ll discover that your grandchild is actually fine and the call you received was a scam.
- Be suspicious about urgent requests. As stated before, scammers will use any tactic they can to get you to act without thinking. They do this by creating a sense of urgency, and saying you need to act now or something bad will happen, and most often, the “act now” includes sending the scammer money. You should always be wary of any call, email, text, message, etc. you receive that asks for money, credit card information, or a wire transfer over the phone or online, or from someone saying they will send a courier to pick up cash; real organizations or government facilities will never do this, and they will especially never request money over the phone or by sending someone to your door. The scammer will try their best to make the call sound as believable as possible, and you should be cautious about any phone call you receive of someone asking for money.
Tech Support Scams
This is one of the most common forms of fraud we deal with here at Monmouth Cyber. For this scam, hackers will contact you through a phone call pretending to be a tech support agent from a real tech company like Microsoft or Apple, or will send a fake pop-up window to your computer through your browser that’s meant to look like a real one from your operating software, alerting you there is a problem with your computer. These pop ups enter your browser from you visiting a malicious site, clicking a malicious link, or falling victim to another form of scam that gives your computer a virus. A phone number is provided for the popup, telling you to call for support to resolve this issue; you should NEVER call this number. A real security popup will never ever tell you to call a phone number for help or for any reason and will not provide one in the popup.
Scammers will try to convince you that your computer has a problem, such as a virus, and then will try to persuade you to pay for unnecessary tech support services to address the made-up problem. They may also request personal information from you to “access” your device, but they are really just collecting your data for malicious purposes, not to help. Payment is typically requested through wire transfers, gift cards, prepaid cards, cash reload cards, cryptocurrency, or money transfer apps, because these payment types can be challenging to track and undo (meaning you will likely never get your money back). Just like all the other fraud forms above, the scammer will create a sense of urgency to get you to act now (pay them) and think later (regret). They can do this by saying your computer will shut down if you don’t fix the issue immediately, or that you have X number of viruses that need immediate removal, state that you will be locked out of your account if you don’t take immediate action, etc. All these statements that your data or computer is in danger is false and are only tactics used by the scammer to scare you into taking action. Some of these pop ups will even affect your computer’s audio, and blare out the message that you have been infected; again, just a tactic used to scare you.
Bottom line is, if you get one of these calls from someone claiming to be from a tech company like Microsoft, Dell, Apple, etc. and are stating you have an issue with your computer, do not give the caller any information and hang up – a real tech company will not ever contact you in this fashion. The same thing applies to popups, if you receive a message saying your computer is in trouble and are told to call a number, don’t do it! Ignore this popup (shut down your computer if you have to – some of the pop ups can get really annoying! But do not use the infected computer for anything, even if you think it will be safe) and contact a real tech support company to remove it.
Wrap It Up
We hope that after reading this blog, you will have gained some insight into the world of cyber fraud and know better on how to protect yourself and your devices. There are hundreds of ways cybercriminals can try to get something from you, and these examples are just the tip of the iceberg. However, it is important to know that many, if not most of these forms of fraud are some type of phishing scam. This means that a malicious person will pretend to be someone or something they’re not (like a tech support company, a grandchild, a Nigerian prince, a lover, an employer, a boss, etc.), most often a person or institution of credibility, and will try to convince you to hand over money, personal information, access to your devices, or anything else the hacker wants from you while still posing as that credible person/company. These attacks seek to create a sense of urgency in the victim to get them to act immediately without thinking about the situation and use any information they have or get from you to further add to the illusion of their claims. With just a little digging and knowledge on how to spot these scams, you have a much higher chance of keeping yourself and loved ones protected.
If you suspect you have fallen victim to any of the scams mentioned above or have some sort of virus on your device, we recommend that you immediately contact a trusted cyber security company to begin securing your devices and information. Don’t be embarrassed to reach out, many people fall victim to scams, and some of them can be so tricky they’re almost undetectable as fraud until after the scam has happened. Don’t worry, it happens to the best of us, and we are here to help. Depending on how much information or even money the scammer got from you (if anything), we would also recommend contacting your bank to freeze your accounts and get a new card, and to contact the company used to send money to the scammer to see if there is any possibility of getting it back. Unfortunately, in most cases once you pay the scammer you will not get the money back, but it is a good idea to reach out anyway so they are aware of the situation. We would also recommend that you notify any loved ones of the situation so they do not fall victim to the same scam themselves, or are not alarmed if they receive contact from someone pretending to be you.
Knowledge is your first defense against a cyber attack. This blog is a great place to start, but if you’re looking for more information, be sure check out our blog on Phishing Attacks and Malware, and feel free to explore the additional resources listed below.
General Cyber Fraud Information:
- *Recommended Read* From the Federal Trade Commission, read this article to know what to do if you handed a scammer money or fell victim to an online attack.
- This article from the Consumer Financial Protection Bureau lists some more common types of fraud to better familiarize yourself with the different types of scams out there.
- Posted by Aura, this article covers some more detailed descriptions of certain types of frauds and gives current real-world examples.
- Uploaded by Fortinet, this article covers some basics of understanding internet fraud and offers a few examples.
- From NC State University, read this article to view a quick guide to internet fraud.
- This article from Investopedia covers more examples of internet fraud and discusses the top scams seen today.
- This article from Sift covers the top 5 worst internet attacks in recent history.
Identity Theft Information:
- Read this article from Experian to learn more about identity theft and how it happens.
- This article from USA.gov covers some of the warning signs of identity theft.
Nigerian Prince Scams:
- Read this article from NordVPN to gain a deeper understanding of Nigerian prince scams, how they work, and how they have evolved through time.
- Posted on Wikipedia, check out this article to learn more about the original Nigerian prince scam, the Spanish Prisoner.
- From identity Guard, reach this article on grandparent scams to learn how to protect yourself and loved ones, as well as a guide on how to talk to older family members about staying safe.
- *Recommended Read* Uploaded by the United States Postal Inspection Service, reach this article to hear real-world accounts of falling victims to these attacks and how they could have been prevented.
- *Highly Recommended Read* From CBS News, read and watch the videos with this article, which doubles as an interview (originally shown on 60 Minutes) for seniors who fell victim to a grandparent scam.
- Read this article from the Federal trade Commission discusses how the grandparent scam is getting even more sophisticated thanks to the developments in AI technology.
Tech Support Scams:
- From the FTC, read this short article and watch the video (liked separately below as well) to learn more about spotting tech support scams.
- Uploaded by the FTC, this covers some general information on tech support scams.
Credit Card Fraud:
- This article from Capital One covers what to do if you are a victim of credit card fraud and how to spot it.
- From Time magazine, read this article to learn more about credit card skimmers and how to spot them in real life.
- News story on card skimmers from CBS in Austin, TX.
Additional Types of Scams:
- Job Scams – From Indeed, view this list of common job scams and how to protect yourself.
- Lottery Scams – From the FTC, this article covers lottery and sweepstakes scams, how they affect you, and how to stay safe.
- Lottery Scams – A real-world example of a lottery scam sent to someone.
- Mortgage Fraud – What is it and how to spot it, uploaded by Rocket mortgage.
- Romance Scams – From the FCT, learn more about romance scams and how to spot them.
- Check Fraud – Learn from Experian what check fraud is and how to spot it.
- Straw Purchases – Learn how these are a form of scam and how to spot someone falling victim to making a straw purchase (buying something for someone who isn’t allowed to buy the item themselves; ex. If you buy a gun for someone who isn’t allowed to own one).