The Federal Bureau of Investigation’s 2020 Internet Crime Report reveals sobering statistics about the prevalence of online fraud. During that year, the FBI received nearly 800,000 complaints — a year-over-year increase of more than 300,000 cases. Complainants reported financial losses totaling a whopping $4.2 billion. The trends indicate sharp rises in online crime, with phishing, investment schemes, extortion, and non-payment and non-fulfillment scams combining to account for the majority of U.S. incidents.
Unfortunately, COVID-19 has also given online fraudsters a new weapon. The FBI’s Internet Crime Complaint Center received nearly 30,000 pandemic-related incident reports from both individuals and businesses. In short, online crime is becoming increasingly common, and fraud is a real problem. This article explains how they target you and important strategies you can use to protect yourself.
Types of Online Fraud
Online fraud takes many forms. However, they all share a similar end goal — illegally extracting money from unsuspecting victims. Some fraudsters attempt to do this directly, using elaborate strategies to deceive people into sending them funds. Others do it indirectly, extracting sensitive private information like banking details or credit card numbers, which they then use for illicit financial gain.
Criminals are always devising new ways to trick people. As such, it’s definitely wise to trust your instincts. If something about an online interaction strikes you as odd, chances are good that something unusual is going on. Always err on the side of caution. Watch out for the following particularly common online fraud schemes.
Phishing scams, sometimes called spoofing scams, rank among the most common types of online criminal schemes. These scams aim to redirect unsuspecting users to illegitimate or bogus websites. When the victim visits the site, malware and other malicious digital tools harvest their private data. That data can potentially give criminals access to credit card details, passwords, online banking information, and other sensitive data.
Criminals make initial contact in numerous ways, including:
- Text messages (known as “smishing”)
- Telephone calls (“vishing”)
- Instant messages and social media accounts (“angling”)
Angling is especially dangerous, as it is a newer, well-disguised type of attack. A high-profile example of how it works took place in 2016, when large numbers of Facebook users received legitimate-looking (but bogus) messages saying they had been mentioned in a post. Users who clicked on the accompanying link downloaded a malicious web browser extension. The malicious software harvested their account login details the next time they used the browser to log into Facebook, giving criminals complete access to the victim’s account.
Online criminals use a variety of techniques to obtain personal, identifying information from unwitting users. Malware and hacking-based intrusions can both be deployed to this end.
Once in possession of the desired information, criminals pose as the victim. They then illegally use the victim’s existing credit cards or bank accounts. Or open new accounts in the victim’s name. Alternately, criminals may take out loans or make major purchases, then leave it to the victim to dispute the charges.
Victims can remain unaware of the unauthorized activity for years. In some cases, they only find out about unauthorized activity after reviewing their own credit reports while preparing to apply for a mortgage or loan.
Credit Card Fraud
Criminals also frequently directly target credit card data. They will use the illegally obtained credit card numbers to make purchases, take out cash advances, or sell the information to underground databases that deal in stolen financial account details.
Scammers frequently obtain credit card information by redirecting users to bogus websites. These websites appear legitimate at first glance, and particularly sophisticated examples may be all but indistinguishable from the real thing. Users then unwittingly enter their credit card information, thinking they are making a purchase or logging into their online account.
Some scams pitch investment opportunities to users, often promising fantastic returns. These schemes often seem legitimate and compelling. Some are elaborate operations, involving people who pose as financial professionals in ways that appear trustworthy and verifiable.
Investment fraud scams seek to trick people into sending money to criminals. Many such scams target people affiliated with a certain social, professional, or religious group. Fraudsters exploit these connections to build a stronger sense of believability.
Work from Home Scams
These scams have become more common in the COVID-19 era. Millions of people have been displaced from their jobs and are now seeking employment. Meanwhile, remote work has exploded since the pandemic began. These trends combine to give criminals the perfect cover to run their schemes.
The most common work from home scam involves signing up a job-seeker to a remote employment opportunity. The fraudsters then require the victim to purchase expensive physical or digital materials they supposedly need to complete the assigned task. In reality, there is no job and the money ends up in the criminal’s pocket.
Online Shopping and E-Commerce Scams
E-commerce and shopping schemes take two main forms. First, criminals use legitimate platforms to advertise items for sale. However, they never deliver the advertised item and disappear with your money. Second, they create authentic-seeming spoofs of actual e-commerce websites, or build fake online shopping portals that appear real. Once some customers purchase then items, the vendor disappears completely.
Telltale signs that an e-commerce website is not legitimate include the following signs:
- Insisting that customers use a nonstandard method of payment, such as an irreversible wire transfer, gift card, money order, or electronic funds transfer.
- Offering brand-name products at prices too good to be true.
- The vendor is based in a faraway location.
- Terms of service are vague, or not specified at all.
- The site offers limited information about delivery procedures or customer service access.
As a general rule of thumb, you shouldn’t always take email messages, social media direct messages, instant messages, texts, or phone calls at face value. This is especially true if the contact is unsolicited or comes from a stranger. The same advice applies if the message appears to come from someone you know, but doesn’t come across as something that person would normally say.
If you receive such a message, ignore it and delete it. If you want to make very certain, you can end simply not respond to the email or message that is supposedly from your relative. Then get them on the phone with their regular number to verify the story. Here are some other best practices you should integrate into your online habits.
Be “Password Smart”
Create strong passwords. Integrate a combination of letters, numbers, and special characters whenever possible. Do not select passwords that are easy to guess. You also shouldn’t use the same password to protect multiple online accounts. Using a password management program is a great idea.
Back up good password-selecting habits by changing your passwords frequently. Do not save passwords to financial accounts in your web browser. Also, avoid keeping easily identifiable documents containing lists of passwords on your computer. Instead, keep an offline hard copy somewhere safe.
Do Not Open Suspicious Links or Email Attachments
This piece of advice applies to messages that appear to be from people you know, as well as messages from strangers. If a message or email contains a suspicious looking link, do not follow it. Malware has become so sophisticated that it can infect your computer as soon as you visit a malicious site. You do not need to key in any information for criminals to breach your data.
The same is true of file attachments appearing in suspicious email messages. These can install viruses and malware directly onto your computer. Unless you’re expecting an email attachment from a friend, family member, or colleague, don’t bother opening random attachments.
Protect Your Financial Account Information
Store your financial account information offline, in hard copy form. Don’t save account numbers or login details on your computer at all. Also, never send these details in emails, text messages, or instant messages. Remember that these companies will also never call or email you to ask for your login information. They can be intercepted.
If you must supply this information to another person for legitimate reasons, do so over the telephone. Insist that the recipient write down the details on paper instead of on their computer. Make sure they discard the hard-copy as soon as it’s no longer needed.
Secure Your Internet Connection
Unsecured household internet networks have become quite rare. Even so, ensure yours is secured and password-protected. There’s no reason to have your WiFi network open for your neighbors (or anyone else) to connect to. You also shouldn’t share your network password with anyone, unless you trust them completely.
If you are using a public network (for example, at a coffee shop or an airport), be extremely careful about the types of information you key into websites. Avoid online shopping and banking when you are on a shared network. It’s also a good idea not to log into your personal email or social media accounts until you are back on a trusted connection.
Check the URL to Ensure Websites are Encrypted
Encrypted websites have advanced cybersecurity protections that make it much more difficult for criminals and hackers to breach them. There is an easy way to tell whether a site is encrypted or not. Simply check the URL — if it begins with “http,” it is not protected. Encrypted sites always begin with “https.” Some browsers, like Google Chrome, also show a little lock icon next to the URL of encrypted sites. That’s a good sign.
Sometimes, that lack of an “s” is the only detail that separates a bogus spoof of a real website from its legitimate counterpart. Get in the habit of double-checking for that “s” before logging into your online banking or other financial websites. This is especially true if you clicked on an external link to reach the site rather than entering the URL manually.
Enable Multi-Step Authentication Whenever Possible
A growing number of companies, especially those in the financial services industry, have introduced multi-step authentications. For example, after entering your username and password, you may be prompted to enter an additional code sent to you by text message or email. You can also use authenticator apps (again, Google has a good one) that require you to verify that you are you via having access to your smartphone.
Opting in for multi-step authentication is a wise idea. The extra step means extra security. It will vastly reduce your chances of becoming an online fraud victim.
The Bottom Line
Online fraud is a multibillion-dollar criminal enterprise. Perpetrators are constantly devising new scams and schemes. Being cautious is always a good idea. You should also treat unsolicited contact containing links, attachments, or requests for private information with suspicion.
Beyond these general principles, be smart about your online activity. Create strong passwords, and change them often. Use secured internet connections, enable multi-step authentication for your accounts, and only deal with vendors and websites you trust and can independently verify.