An ONLINE FRAUD attack is the attack intending to trick you into revealing your most confidential and sensitive information: your personal data as name, surname, social security number, your bank account details and other sensitive information that may be used either to impersonate you in the relationship with your bank, or, sometimes, to trick you into performing online transactions.

Attack Vectors

Normally the Online Fraud attack has two components: unsolicited e-mail and visit to a website as directed in the e-mail. In this case the social engineering component is very important, the message trying to be as much persuasive as it can be. The objective is to trigger human emotions and make you either to make a donation or money transfer, or to take advantage of a bargain offer, buying valuable goods at cheap prices.
Scams: there is a consecrated name for this type of e-mail frauds where you are contacted by someone pretending to be a relative of a rich dictator from an exotic country that has just been deceased and your help is needed to cash a huge amount of money that is to be transferred to your account, or by a consultant or former top manager of a multinational that needs to “repatriate” some commissions that are “not so legal”. In this type of cases you are promised a large revenue as a percentage of the transaction but what you get in the end is your bank account emptied by the cybercriminals.
Messages that pretend to come from various entities like banks, or customs, or tax authorities, offering to you high value goods that have been confiscated or that are to be disposed, inviting you to bid for them.
Messages coming from a pretended e-tailer or retailer that is terminating the stocks offering highly discounted valuable goods. In this case the trigger is the human greed or sense of bargaining. The transaction is to be made in a fake e-commerce website, where you are tricked into making a credit card payment but you never receive the goods.
Messages pretending to come from privates that are selling their stuff (normally used computers, cars, mobile phones and tablets, luxury goods) because either they are not using them or they are in financial difficulties and desperately need cash. In this case you are given various warranties but are little by little drive into making a money transfer in a given account and, as in the previous case, you never receive the goods.
The website component is rarely imitating the legitimate pages of the entities, normally the social engineering component contained in the message is strong enough to make you make a legitimate transaction, either in a fake e-commerce (in some cases) or directly from your online banking platform.

Prevention Tips and Advice

The prevention of online frauds is pretty simple and here there is some advice

Beware of everything that sounds like “TOO GOOD TO BE TRUE”! In any such transaction, there is a hidden cost or danger.
Treat cautiously any unsolicited message and try to question yourself “WHY ME?”. By asking yourself why you have been chosen and whether you can really make a good deal, you will come down from the territory of the emotional and spot out the majority of frauds.
When you rare invited to buy or to bid for something online in a pretended e-commerce website, please try to look at several signs:

  • the online reputation of the place – validate it by searching it on the web, normally if there is a fraud there are references online about it;
  • the security mechanism and the website certificate – normally the attackers don’t pay too much attention or don’t invest money into covering these aspects;
  • try to get a second or third opinion on the transactions that you are about to make, eventually contacting the IT department.

There’s no reason to postpone training your employees

Get a quote based on your organization’s needs and start building a strong cyber security infrastructure today.