- In 2022, Americans reported to the Federal Trade Commission (FTC) a record $3.56 billion lost to online fraud in the first six months of the year.
- Computerweekly reports an incredible global loss of $1 trillion annually to cyber crime.
- Scam and phishing crimes hit a 438 percent increase in Kenya and 178 percent increase in Nigeria according to a report by the Nigerian Business Day.
- According to a report by Statistica e-commerce losses to online payment fraud were estimated at 41 billion U.S. dollars globally in 2022 and expected to rise up to 48 billion U.S. dollars in 2023.
These are very worrisome statistics but do show a clear justification to help internet users understand the tactics of cybercriminals. We will try to help readers get clear insights into how cybercriminals operate and for them to learn how they can protect themselves against prevalent online crime trends.
Online fraud and related crimes are today very pervasive and really difficult to combat because of its peculiar nature and the difficulty of collecting data on the offenders. Many times, the crimes are committed by people who live in different countries making investigation and prosecution very difficult. The best way to combat it is to understand the modes of operation in order not to be a victim. Unfortunately, many have fallen to these scams and may never recover from the monumental losses they have incurred as a result.
Common Types of Cyber Crime
Here are the most common techniques used by cyber criminals:
1. Supply Chain Attacks
These are attacks that affect your business due to a security vulnerability in the activities of one or more members of the value chain. In other words, a supply chain attack is one that comes from a vulnerability in another business. The increase in supply chain attacks is likely to increase as technologies improve and businesses interconnect and rely on each other.
For example most websites today are built with the WordPress content management system. It follows that a vulnerability in WordPress can be exploited to harm the users of an online store built with WooCommerce – a WordPress plugin.
Similarly, an exploitation of a vulnerability on your website’s primary email can allow the hacker access to hijack your domain and website accounts and also give him or her access to confidential information of website users. This is common with expired domains when hackers buy domains with email addresses to an active bank account and are able to reset online login passwords thereby gaining easy access to payment processes.
2. Phishing scams
Phishing is one of the most potent weapons of cybercriminals. An estimated 91percent of cyberattacks start by way of a phishing scam. Phishing is a social engineering attack used to deceive and manipulate users into divulging confidential information that is used by criminals to commit fraud. They trick victims into giving out, without suspecting, such critical information like credit card information and login credentials.
One common way these cybercrimes operate is to impersonate trusted brands like banks, popular businesses, government institutions and agencies, well known personalities and rich celebrities.
They will sometimes create fake social media profiles, make charitable offers and ask people to fill forms and apply for these offers thereby trickishly obtaining vital information from the unsuspecting public.
They can create fake accounts using the names of known brands by hosting a fake website that looks very much like the original. For example, gtbank.com is the official website of Guaranty Trust Bank Nigeria; a Cybercriminal could create a website like gtbanknigeria.com or something like gtbanking.com and create an exact design as used by gtbank.com. With such tricks, only a smart and conscious user can detect their fraudulent variations.
Sometimes, it is difficult to differentiate the fake from the real when an institution like a bank or government agency uses a commercial template to build their website thus making it easy for fraudsters to purchase the same template and easily duplicate their websites. Phishing basically impersonates the real and so the more difficult it is to duplicate the real website, the easier it is for website users to detect and escape a phishing scam.
How to stay safe from phishing scams
- Verify the destination URL to which you will be directed. Whenever you receive an offer for anything whatsoever, be it scholarships, financial grants, training offers or anything of that sort, requiring you to fill a form, download an application or install an App, the first thing you do is not to click, hover over any link contained in the proposal and verify the destination URLs. If you see a discernible URL, do a background check on the internet and verify it. If you see a shortened URL, do not ever click because that is a strong indicator of an internet scam. If the offer is from the government, you must check the government official website and confirm the offer. If the source URL is not the official government URL, please run away and blacklist that URL.
- Do not ever divulge your personal and confidential information to anyone, website, organisation or registration process under any circumstance without checking and getting a confirmation from your financial institution. Do not click any link you receive via email, social media, direct messaging without verifying the link and sender.
- Completely avoid all shortened URLs that will not clearly display the domain name conspicuously for you to verify the source and destination to which you are directed.
- Do not perform any finance related transactions using links that were sent to you via email, social media or directly to your phone.
- Do not engage in any online purchases, investments or similar incentive offers which promises a reward for some little investment even if you are assured that there are no risks and some free trial shows the system to be working. Phishing scams will try to convince you by all means to exploit you.
- If you stumble on any website that advertises an investment opportunity, bear in mind that it could be part of a network of scammers. Conduct your background check before you proceed to do any business with them.
- Ensure that you only access secured websites. Secured websites display a little padlock at the beginning of the website address in your browser. But note that the display of the little padlock is not sufficient security guarantee. These days, most web hosting companies automatically offer free SSL certificates which will display the padlock once activated.
- Educate and state a clear company policy in dealing with external URLs. If you operate a business or work with family members, you need to establish a clear policy in dealing with external URLs. Your employees or family members need to be instructed and should all understand how to handle incentives, offers on investment, emails containing offers and URLs and all other tricks that could induce them to provide sensitive information.
- Do not trust any offer. One way to effectively stay away from phishing scams is to be suspicious of every offer made to you. That suspicion will allow you to ask questions and cautiously act on any offers that come to you through emails or social media shares.
- Be aware of social media profile scams. When you see names like those of serving or former presidents, their family members or known celebrities, you should immediately be very cautious. Most scammers assume such names to gain trust and use such high profile names to promote their phishing scams on the internet, mobile Apps and social media Apps
- Apply common sense. When you see offers like giveaways, calls for applications for a U.S scholarship, free gifts from public office holders, known philanthropists and offering empowerment schemes looking like those that are being run by the government, please do not proceed to click such links. 99.99 percent of such offers are phishing scams targeting your sensitive information such as your BVN, card number and pin and will end up defrauding you.
- Too good to be true offers. Imagine someone telling you that the federal government is offering a poverty alleviation scheme and paying money to every citizen as part of the program. That should immediately raise a red flag. Any such big announcement would likely come from the president himself and not not be made public in a social media post. Most of the time, the URLs will be a shortened URL to obfuscate your ability to question the source. Please avoid such offers as they will end up making you cry.
Note: In phishing attacks, website vulnerabilities can be exploited by hackers who are able to inject malicious codes into an existing website without the knowledge and permission of valid website owners. In such cases, checking your website files regularly for any abnormal file injections can help you detect issues before they become a problem.
Popular SEO Tactics That Have Become Obsolete
Deliberate Link Building Can Be Offensive To Google
Developing And Managing Your Unique Selling Proposition
3. The”419″ Scam
The “419” scam is a type of internet fraud in which people are asked to help someone transfer some money with a promise to reward them when the money is successfully moved. Usually someone will email you to report some huge amount of money he or she owns and seek help to move the money to you or some other destination. They will require you to pay a small fraction of the transfer fee. Once you accept, somewhere along the line, you will be told that there were some issues and additional money will be needed to finalize the transfer. That will go on until the victim is either exhausted or the scammer simply abandons the process.
Usually, the scammer will pose as the child, relative or employee of a very rich person (dead or alive) and claim to have acquired such monies through an investment, contract or inheritance.
This spam has been so widespread and has become so well known so people can easily avoid them. They were called “419”, a name derived from the Nigerian criminal code that deals with such crime.
Another common form of this fraud is a fake contract or job listing in which the victim will be asked to cover the cost paperwork and public relations, PR, and once you fall for it and make payments, the process of manipulating the victim continues until the victim realizes it is a fraud or is exhausted. Usually, the scammer would claim to be a relative or associate of a key government personnel and offer assurances to deliver the project. This is also called a contract scam.
How to stay safe from the “419” fraud
Use your common sense. Why will an unknown person write to you to transfer some huge amount to you with assurances that he will pay you if you can help. And why will such a rich person require your funds to process a simple transfer process.
Keep an orientation to distrust unsolicited communications from strangers who offer anything at all and unjustifiably want to do some favour that is unusual. Avoid very attractive deals especially when your conscience tells you this is too good to be real.
4. Intellectual property infringements
Intellectual property infringement is not just a fraud but a disincentive to creative works. It ranges from content piracy, duplication and counterfeiting, sale of content which is not owned by the seller and much more. Most countries do have laws to deal with intellectual property infringements. But in online infringements, the offender can be someone who lives in a different country from the legal property owner and that makes enforcement of related laws very difficult.
Here are basically what intellectual property infringements look like:
- Counterfeit and replication: Adulterating or creating products that look like the original. Usually, the counterfeiter wants to do something with similar features like the original but are actually fake.
- Piracy: Piracy is an unauthorized reproduction, copying, sale and unauthorized use of copyrighted content.
- Patent infringement: This is the exact duplication of the functionality and mechanism of a product protected by patents.
How to protect your brand against online infringements
Checking the activities of scammers who violate intellectual property rights on the internet can be a bit difficult. However, there are two things you can do.
- Use an in-house team to scan the net to identify and report cases of intellectual property infringements. If the violator lives in the same country with you, you can initiate a legal action; otherwise, you can report to appropriate regulatory frameworks for action. You can also contact the hosting company powering such websites to report the infringements and requesting that the website be shut down. Maintaining an in-house team to check property infringements can be costly. You need to weigh the cost implications to be sure it will be a sustainable approach.
- You can use a brand protection software or an anti piracy software that helps you to scale the efforts of violators. This is somewhat cost effective as most software require a one time payment or an annual update and maintenance cost which will not be at cut throat price.
5. Identity theft
Identity theft is an extension of the phishing scam earlier discussed. But more specifically, Identity theft takes the form of impersonation. For example, a scammer can send an email to you asking you to change your online banking information in line with a banking maintenance program. This message can come after your bank notify customers about maintenance.
Sometimes, your social media accounts or emails can be hijacked and used for fraud.
Usually, a link will be contained in the message and if you simply hover over the link, you will discover that the website to which you have been directed is different from your bank’s website.
Other forms will be for scammers to pretend to be someone known to you and requesting some financial help. Eventually, they commit bigger fraud.
Note that former employees are a credible source of identity theft.
How to stay protected against identity theft
The best way is to keep your personal information and not share it with anyone. You also need to keep an eye on your online accounts to be sure that they are not hijacked and used to scam people.
6. Online harassment and cyberstalking:
Online harassment has become more profound today. One such harassment is revenge porn. When people get private information about you, they tend to use it to harass and bully the victim.
Cyberstalking is another form of cyber bullying but focuses on a particular person. The criminals will seek information on the person through those familiar with them, through employees and colleagues. The goal is to get information to blackmail and bully the individual.
The bullying is normally done via social media or direct contact and harassment.
How to protect against online harassment and cyberstalking
The important warning is to guard your privacy. Where the attack occurs, it is advisable to quietly contact the media platform involved and request the content be removed.
But things can get worse as the criminal may choose to spread the content through other means. The best protection therefore will be to act with integrity and guard one’s privacy.
7. Verification Code Scam
Have you ever had someone send you a message asking you to verify your telephone number, upgrade your sim card, secure your bank account or be verified for an event such as a meeting of your alumni? Usually, they will attempt to break into your account by resetting your password which will require a confirmation cade or password reset code sent to your phone.
Scammers will use some tricks to obtain this code.
This type of fraud is usually associated with attempts to break into your bank, access secured areas of your website, take control of your email and can be very effective during maor changes likke bank takeover by new management, the launch of a new network spectrum such as a move from 4G to 5G, a bank verification exercise, a personnel audit exercise in the workplace and such other exercises that require some form of verification.
How to protect against a verification code scam
Do not verify any action you did not consciously initiate or unsure of the outcome. Avoid taking actions involving supplying verification codes or registration on advertised links, social media links, unsolicited emails and similar communications. Note that your bank cannot call you to supply any kind of code for verification so when you get a call to supply a code that had been sent to your phone and the person claims he is from your bank, simply block that telephone line and do not act on his demands because supplying the requested information will grant him access to your personal data which could include, but not limited to, your email, online banking platform, a change in the primary telephone number and primary email attached to your credit card account and banking information. Lots of damage could have been done by a simple mistake of supplying confidential information such as a verification code to a cyber criminal.
Cybercrime is real and the criminals are everywhere. The attacks come to your phone, emails and in every form of communication. To stay protected, you must be conscious of the fact that anyone can be an attacker, stay away from juicy offers about investments, grants, loans and other forms of support especially when a registration and provision of banking and private information are required,
One good way to stay protected, especially when a link is sent to you, is to check the URL and verify its authenticity. Ignore all URLs that are shortened and do not conduct business on third party URLs like job boards as they could sometimes be used by scammers to attract unsuspecting members of the public.
The key warning is that you must be cautious, do not be overambitious, keep away from too good offers and avoid clicking links that are not verified.