This week is International Fraud Awareness Week (IFAW), and the ACFE is ensuring that businesses and individuals are proactively taking steps to minimize the impact of fraud through resources and activities on their website. According to the Association of Certified Fraud Examiner’s 2018 Report to the Nations, instances of fraud can cost businesses an estimated 5% of their revenue per year.
Fraudsters have been around for thousands of years, but the invention of computers and the internet has led to new opportunities and tactics for those looking to exploit others. The goal of IFAW is to promote anti-fraud awareness and education; so, let’s take a quick look at some of the most common forms of cyber fraud, how they work, and how people can avoid falling victim.
Email fraud, or phishing, is considerably the most prevalent type of fraud out there right now. Phishing refers to the practice of sending out fraudulent emails in an attempt to obtain personal information from the targets – be it usernames, passwords, or bank details. These emails often appear to represent a bank or financial institution, instructing victims to complete a fake form or visit a webpage requesting entry of account details or login credentials. Attackers may imitate reputable domain names and replicate official logos to add credibility to their request.
Perhaps the most famous example of phishing is the “Nigerian prince” scam, in which a supposed foreign dignitary offers you a portion of their fortune if you share your bank details with them. Despite its prominence in popular culture, this ploy still earns scammers $700,000 a year, which highlights how important it is that we continue to raise awareness of cyber fraud.
A scheme slightly more advanced than this impersonation of royalty is “spear phishing,” a tactic in which criminals target a specific individual to gain further access into an organization. The goal is the same, but the attack is personalized. Cybercriminals use the victim’s data gleaned from their online presence, such as their location and contacts, to gain trust. Online dating scams are similar, in which criminals use their targets’ dating profiles to harvest information, before manipulating them into sending money, gifts, or personal details.
So, what can we do to protect ourselves against cyber fraud? The most important thing to consider is that phishing almost always aims to persuade you to provide personal information or to complete an action on a linked website. Therefore, before you do either of those things, it is crucial that you determine whether the email you have received is trustworthy. Poor grammar, unexpected correspondence, a sense of urgency, and suspicious domain names are all signs that an email could be deceptive.
An email requesting personal details should be a red flag, so be sure to verify the contents of the message with the sender, using contact details that you know to be genuine. Think twice before you click; if a suspicious message provides a link or attachment, do not click or download right away. Doing so might lead you to a malicious website or infect your device with malware.
And of course, consider investing in a reliable anti-phishing and cyber security solution in order to stay one step ahead of the scammers. To learn more about how ESET’s cybersecurity solutions can help, review our solutions for home and business.