Cyber Fraud: what is it, and what can you do to protect yourself?

Next story

This week, from the 17th to the 23rd of November, is International Fraud Awareness Week (IFAW), an annual campaign that encourages businesses and individuals to proactively take steps to minimize the impact of fraud. Fraud,  the action of using trickery to gain a dishonest, often financial, advantage over another person, costs businesses an estimated 5% of their revenue per year, according to the Association of Certified Fraud Examiner’s 2018 Report to the Nations.

Fraudsters have been around for thousands of years, but the invention of computers and the internet has led to new opportunities and tactics for those looking to exploit others. The goal of IFAW is to promote anti-fraud awareness and education; so, let’s take a quick look at some of the most common forms of cyber fraud, how they work, and how people can avoid falling victim.

Email fraud, or phishing, is probably the most prevalent type of fraud out there right now. Phishing refers to the practice of sending out fraudulent emails in an attempt to obtain personal information from the targets – be it usernames, passwords, or bank details. These emails often appear to represent a bank or financial institution, instructing victims to complete a fake form or visit a webpage requesting entry of account details or login credentials. Attackers may imitate reputable domain names and replicate official logos to add credibility to their request.

Perhaps the most famous example of phishing is the “Nigerian prince” scam, in which a supposed foreign dignitary offers you a portion of their fortune if you share your bank details with them. Despite its prominence in popular culture, this ploy still earns scammers $700,000 a year, which highlights how important it is that we continue to raise awareness of cyber fraud.

A scheme slightly more advanced than this impersonation of royalty is “spear phishing,” a tactic whereby criminals target a specific individual in an attempt to gain further access into an organization. The goal is the same, but the attack is personalized, using data gleaned from the victim's online presence, such as their location and contacts, to gain trust. A similar threat is posed by online dating scams, wherein criminals use their targets’ dating profiles to harvest information, before manipulating them into sending money, gifts, or personal details.

So, what can we do to protect ourselves against cyber fraud? The most important thing to consider is that phishing almost always aims to persuade you to either provide personal information or complete an action on a linked website. Therefore, before you do either of those things, it is crucial that you determine whether the email you have received is trustworthy. Poor grammar, unexpected correspondence, a sense of urgency, and suspicious domain names are all signs that an email could be deceptive.

An email requesting personal details should be a red flag, so be sure to verify the contents of the message with the sender, using contact details that you know to be genuine. Think twice before you click; if a suspicious message provides a link or attachment, do not click or download right away. Doing so might lead you to a malicious website or infect your device with malware.

And of course, consider investing in a reliable anti-phishing and cyber security solution in order to stay one step ahead of the scammers. To find out how ESET’s cybersecurity solutions can protect you at home and at work, head to