Man
Professional
- Messages
- 2,961
- Reaction score
- 483
- Points
- 83
In 2010, internet users lost more than $388 billion to online fraud. The Norton Cybercrime Report says that by 2017, that number had grown by 3%, and by 2018, the McAfee report says that figure had exceeded $600 billion.
In 2020, online fraudsters stole about 150 billion rubles from Russian citizens, Kommersant writes, citing BrandMonitor calculations based on data from the All-Russian Public Opinion Research Center (VTsIOM).
It is not hard to guess why victims lose money in such quantities: the anonymity and prevalence of the Internet give free rein to fraud.
Fraudsters steal money from users and advertisers through all sorts of schemes: from limited-edition bots and fake sales to lottery scams and ads on fraudulent sites. Advertisers are obviously the ones who suffer the most, as Cheq estimates that click fraud alone cost marketers $42 billion in 2021.
Let's see what types of online scams exist today. How fraudulent sites work and how an advertiser can protect themselves.
Contents
1. What is a scam
2. Popular scam schemes on the Internet
2.1. Instagram Scams
2.2. Phishing
2.3. Remote scam
2.4. Scam with technical support
2.5. Scam in online stores
3. What are scam sites?
4. Popular Internet Fraud Schemes
4.1 Click and Ad Fraud
4.2 Cryptocurrency Scams
4.3. Delivery fraud
4.4 Credit Card Fraud
5. How to avoid fraud
5.1. 1. Double-check the websites you visit
5.2. 2. Avoid unwanted emails
5.3. 3. Beware of “gifts” and freebies on social networks
5.4. 4. Beware of fake traffic
5.5. 5. Use click fraud protection services
For example, financial pyramids and sites with bait and switch products can be classified as scams.
Note: Bait and switch sites are a type of online scam that aims to mislead buyers when a seller advertises an attractive product or service at the lowest price, but has no actual intention of selling. Instead, the seller sends a poor-quality, defective, or undesirable alternative. Simply put, these are expectation-versus-reality sites.
There are also more complex types of Internet scams. For example, when attackers create copies of popular sites, such as Amazon. Cybercriminals create absolute duplicates of marketplaces and place them on similar domains, the name of which may differ by only one symbol.
You may also come across fake discount coupons or fake bank account documents. There are also identity scams, credit report fraud, and offers of non-existent government benefits.
An advertiser or a simple user may, in theory, know what a scam is, but in practice it is not so easy to detect. And if we compare the volumes of financial gain from fraud, then for a scam they are somewhat lower than for organized malicious campaigns.
The principle: a fraudulent app or website promises hundreds or even thousands of new followers to a user who wants to boost their account. All you need to do is enter your Instagram login details. The design of many scam sites is very similar to the original.
After sending the login and password, users immediately lose their accounts. Then the attackers use the "hacked" account for their own purposes, for example, to send spam messages to the victim's friends asking them to send money to the specified card or with advertisements for goods or services, as well as to distribute malware.
In a number of other cases, the scammers are not interested in the user's Instagram account itself. They simply use the login and password to hack accounts on other platforms, since victims often use the same data on different services.
This, of course, also applies to all other popular social networks.
*Belongs to Meta, an organization banned in the Russian Federation.
There is a more dangerous variety of it - spear phishing, when cybercriminals choose as their target responsible or high-ranking officials who have access to confidential information. Attackers can spend weeks or even months to gain the trust of such a target.
As a result, the fraudster, abusing the well-deserved trust, sends the target an e-mail with a link to a phishing site, where the victim leaves data with access and other information.
Another scheme of real outright fraud is searching for candidates for remote work in one large international marketing agency from London. Of course, a fake one.
The Madbird agency, represented by CEO Ali Ayad, hired specialists in design, sales, marketing, etc. from all over the world. The condition was a 6-month trial period, after which the workers were promised a high salary, and not a percentage of the deals, as was agreed upon for this time. However, not a single deal was officially concluded, not a single payment was made, not even a commission. Some "employees" worked for only a couple of weeks in the company and left, suspecting something was wrong, while others worked until the very exposure, hoping for at least some money.
The exposure of Madbird was undertaken by two employees: Antonia Stewart and Gemma Brett, and then journalists got involved. It became known that the company was created literally on the day of the start of hiring employees (September 23, 2020), the profiles of high-ranking officials of the company, except for Ali Ayad, were fake and stolen in part from real people, and the portfolio, which listed Nike, Tate and Toni & Guy among its clients, was fictitious.
This is interesting. Ali Ayad even faked the GC magazine, in which he posted his own photo shoot, where he allegedly posed as a model for Massimo Dutti. In the original, this page featured an advertisement for... watches!
Antonia Stewart and Gemma Brett sent out a damning letter to all the company's employees, pointing out all the inconsistencies and possible fraudulent activities of the company's management. Shortly after, Ali Ayad deleted the company's website and disappeared. A number of former employees filed lawsuits.
Scammers post photos of premium products or items of attractive quality and design at a ridiculous price on their website, but in the end they send buyers a low-quality copy. Many have probably encountered fakes from AliExpress, when they expected to receive one thing, but in reality the product turned out to be completely different.
One of the biggest forms of cybercrime is click fraud, which has recently eclipsed even credit card fraud as the most expensive cybercriminal scheme. Read on for more details.
Other online scams that use websites allow cybercriminals to trick people into installing malware or spyware on their computers. Here, the scammers either steal users’ personal data or use their PCs for unauthorized activities such as mining and hacking into cryptocurrency wallets.
It is aimed at advertisers. The goal is the illegal spending of the advertising budget in favor of fraudulent publishers. They click on ads using bots, as well as devices in botnets, and real clickers that work through exchanges (buxes). The sites where the ads are placed are created by the fraudsters themselves, the traffic is artificially inflated.
The goal of fraudsters is to increase the number of clicks on advertising without increasing conversion. Who will convert into orders and requests if bots and non-target users are doing the clicking?
Fraudsters also use not only botnets, but also click farms, which are organized spaces with a large number of mobile devices controlled by a person. They are also used to generate traffic from advertising, boost behavioral behavior, and promote profiles in social networks. We talked about click farms in this article .
Note: According to cybersecurity experts in the advertising market, the damage from click fraud in 2022 worldwide will amount to $68 billion.
The scheme is typical even for large bulletin boards.
Cybercriminals can create fake websites with embedded malicious code designed to track a user's web activity, such as keylogging (when a website runs a program that records the user's keystrokes on the keyboard). This way, they can learn bank card details.
This form of fraud usually involves installing malware through extensions or infected web pages, so be careful with all the links (in emails, apps, websites) you click.
Another simple way to identify fraudulent or scam sites is to check their list on special services, such as fakewebsitebuster.com and trustorg.com. The main thing is to be critical of the reviews published about the sites on these resources, as they may contain false information.
Google now has an extra layer of protection against phishing scams. When you receive one, it will display an orange notification at the top of the window every time you interact with emails and documents sent from a third-party organization or person.
For example, advertising posts with a search for content managers to create product cards on WB. Applicants are simply offered to make an advance payment to start earning.
Bots can also provoke repeated display of ads if remarketing is set up in the advertising campaign. Let's say he clicked on the ad and possibly left a request or order. There is a high probability that the ads will be shown to him again, and he may click on them again.
In 2020, online fraudsters stole about 150 billion rubles from Russian citizens, Kommersant writes, citing BrandMonitor calculations based on data from the All-Russian Public Opinion Research Center (VTsIOM).
It is not hard to guess why victims lose money in such quantities: the anonymity and prevalence of the Internet give free rein to fraud.
Fraudsters steal money from users and advertisers through all sorts of schemes: from limited-edition bots and fake sales to lottery scams and ads on fraudulent sites. Advertisers are obviously the ones who suffer the most, as Cheq estimates that click fraud alone cost marketers $42 billion in 2021.
Let's see what types of online scams exist today. How fraudulent sites work and how an advertiser can protect themselves.
Contents
1. What is a scam
2. Popular scam schemes on the Internet
2.1. Instagram Scams
2.2. Phishing
2.3. Remote scam
2.4. Scam with technical support
2.5. Scam in online stores
3. What are scam sites?
4. Popular Internet Fraud Schemes
4.1 Click and Ad Fraud
4.2 Cryptocurrency Scams
4.3. Delivery fraud
4.4 Credit Card Fraud
5. How to avoid fraud
5.1. 1. Double-check the websites you visit
5.2. 2. Avoid unwanted emails
5.3. 3. Beware of “gifts” and freebies on social networks
5.4. 4. Beware of fake traffic
5.5. 5. Use click fraud protection services
What is a scam
Scam (English scam - fraud), as a rule, is a direct contact with the victim - a simplified version of taking money from unsuspecting users. However, online scams can also include more complex processes, such as illegal collection of information for subsequent financial gain.For example, financial pyramids and sites with bait and switch products can be classified as scams.
Note: Bait and switch sites are a type of online scam that aims to mislead buyers when a seller advertises an attractive product or service at the lowest price, but has no actual intention of selling. Instead, the seller sends a poor-quality, defective, or undesirable alternative. Simply put, these are expectation-versus-reality sites.
There are also more complex types of Internet scams. For example, when attackers create copies of popular sites, such as Amazon. Cybercriminals create absolute duplicates of marketplaces and place them on similar domains, the name of which may differ by only one symbol.
You may also come across fake discount coupons or fake bank account documents. There are also identity scams, credit report fraud, and offers of non-existent government benefits.
An advertiser or a simple user may, in theory, know what a scam is, but in practice it is not so easy to detect. And if we compare the volumes of financial gain from fraud, then for a scam they are somewhat lower than for organized malicious campaigns.
Popular Internet Scam Schemes
Instagram Scams
Unfortunately, Instagram, with over 2 billion users, provides scammers with a rich source of activity. One of the most popular is the “Follower” scheme.The principle: a fraudulent app or website promises hundreds or even thousands of new followers to a user who wants to boost their account. All you need to do is enter your Instagram login details. The design of many scam sites is very similar to the original.
After sending the login and password, users immediately lose their accounts. Then the attackers use the "hacked" account for their own purposes, for example, to send spam messages to the victim's friends asking them to send money to the specified card or with advertisements for goods or services, as well as to distribute malware.
In a number of other cases, the scammers are not interested in the user's Instagram account itself. They simply use the login and password to hack accounts on other platforms, since victims often use the same data on different services.
This, of course, also applies to all other popular social networks.
*Belongs to Meta, an organization banned in the Russian Federation.
Phishing
While social media advertising and follower boosting are used to promote personal accounts, phishing scams play on the gullibility of users. This scheme uses the method of bombarding users' mailboxes with spam emails containing links to fake and malicious sites. The goal, as always, is the same - illegal access to personal data and payment cards.There is a more dangerous variety of it - spear phishing, when cybercriminals choose as their target responsible or high-ranking officials who have access to confidential information. Attackers can spend weeks or even months to gain the trust of such a target.
As a result, the fraudster, abusing the well-deserved trust, sends the target an e-mail with a link to a phishing site, where the victim leaves data with access and other information.
Remote scam
The pandemic in 2020-2021 made adjustments to office work, when many workers had to switch to remote work. And online scammers rushed to take advantage of this. They came up with a scheme to deceive advertisers: the attackers paid people working from home pennies for watching advertising videos or for clicking on banners on their own sites. Fraudulent resources were created en masse and almost immediately disappeared - even before the advertiser realized that he had been deceived.Another scheme of real outright fraud is searching for candidates for remote work in one large international marketing agency from London. Of course, a fake one.
The Madbird agency, represented by CEO Ali Ayad, hired specialists in design, sales, marketing, etc. from all over the world. The condition was a 6-month trial period, after which the workers were promised a high salary, and not a percentage of the deals, as was agreed upon for this time. However, not a single deal was officially concluded, not a single payment was made, not even a commission. Some "employees" worked for only a couple of weeks in the company and left, suspecting something was wrong, while others worked until the very exposure, hoping for at least some money.
The exposure of Madbird was undertaken by two employees: Antonia Stewart and Gemma Brett, and then journalists got involved. It became known that the company was created literally on the day of the start of hiring employees (September 23, 2020), the profiles of high-ranking officials of the company, except for Ali Ayad, were fake and stolen in part from real people, and the portfolio, which listed Nike, Tate and Toni & Guy among its clients, was fictitious.
This is interesting. Ali Ayad even faked the GC magazine, in which he posted his own photo shoot, where he allegedly posed as a model for Massimo Dutti. In the original, this page featured an advertisement for... watches!
Antonia Stewart and Gemma Brett sent out a damning letter to all the company's employees, pointing out all the inconsistencies and possible fraudulent activities of the company's management. Shortly after, Ali Ayad deleted the company's website and disappeared. A number of former employees filed lawsuits.
Scam with technical support
Fraudsters send emails to random users informing them that their computer has been infected with malware and that they need to contact support specialists. The support then asks for a fee to be paid for the work of removing viruses from the PC via bank transfer, gift cards or cryptocurrency.Scam in online stores
The number of online stores that offer premium products but sell only low-quality fakes is growing rapidly. They use the old bait-and-switch scheme we mentioned above.Scammers post photos of premium products or items of attractive quality and design at a ridiculous price on their website, but in the end they send buyers a low-quality copy. Many have probably encountered fakes from AliExpress, when they expected to receive one thing, but in reality the product turned out to be completely different.
What are scam sites
Using websites created for fraud, attackers can gain illegal access to users' bank cards and confidential information, install spyware and malware on the user's device, and engage in click-through advertising.One of the biggest forms of cybercrime is click fraud, which has recently eclipsed even credit card fraud as the most expensive cybercriminal scheme. Read on for more details.
Other online scams that use websites allow cybercriminals to trick people into installing malware or spyware on their computers. Here, the scammers either steal users’ personal data or use their PCs for unauthorized activities such as mining and hacking into cryptocurrency wallets.
Popular Internet Fraud Schemes
Click and Ad Fraud
Ad fraud is a broader term that includes click fraud, and it is much more dangerous because it does not involve random and chaotic clicks, but rather organized and, to some extent, industrial attacks.It is aimed at advertisers. The goal is the illegal spending of the advertising budget in favor of fraudulent publishers. They click on ads using bots, as well as devices in botnets, and real clickers that work through exchanges (buxes). The sites where the ads are placed are created by the fraudsters themselves, the traffic is artificially inflated.
The goal of fraudsters is to increase the number of clicks on advertising without increasing conversion. Who will convert into orders and requests if bots and non-target users are doing the clicking?
Fraudsters also use not only botnets, but also click farms, which are organized spaces with a large number of mobile devices controlled by a person. They are also used to generate traffic from advertising, boost behavioral behavior, and promote profiles in social networks. We talked about click farms in this article .
Note: According to cybersecurity experts in the advertising market, the damage from click fraud in 2022 worldwide will amount to $68 billion.
Cryptocurrency Scams
Users view the cryptocurrency business and the crypto space as a way to “get rich quick.” However, cybercriminals create websites and scams with alarming regularity with one simple goal — to deceive such people. The scams include stealing logins and passwords from crypto wallets, as well as deceiving people into investing in dubious crypto pyramids.Delivery fraud
Fraudulent sites exist to collect passwords or payment data from users. By sending them emails or messages, the attackers try to get payment for a non-existent delivery/shipment of goods. They redirect users, of course, to resources where they easily disclose their bank card details and eventually lose all their savings.The scheme is typical even for large bulletin boards.
Credit card fraud
If previously money could only be stolen through an ATM with the victim’s physical bank card and knowing the PIN code, now it is done more easily – via the Internet.Cybercriminals can create fake websites with embedded malicious code designed to track a user's web activity, such as keylogging (when a website runs a program that records the user's keystrokes on the keyboard). This way, they can learn bank card details.
This form of fraud usually involves installing malware through extensions or infected web pages, so be careful with all the links (in emails, apps, websites) you click.
How to avoid fraud
It is worth knowing that even on the website of the Ministry of Internal Affairs of the Russian Federation there is a special memo for citizens about Internet fraud and its types. This problem exists here and now, it is important. Let's see what can be done.1. Double-check the websites you visit
Online scammers work hard to make their malicious sites look as similar to the originals as possible. However, there are always obvious differences, which can include the logo, grammar of the texts, domain name, number of pages, etc.Another simple way to identify fraudulent or scam sites is to check their list on special services, such as fakewebsitebuster.com and trustorg.com. The main thing is to be critical of the reviews published about the sites on these resources, as they may contain false information.
2. Avoid unwanted emails
Email is the entry point for most phishing attacks. If you receive a suspicious email, it comes from an unknown user, or you learn from it that you have become the heir of a rich uncle from Nigeria, do not click on the links and do not enter any personal or bank information. This is a guarantee that your money will remain with you. Ignore everything you can. And also what you cannot.Google now has an extra layer of protection against phishing scams. When you receive one, it will display an orange notification at the top of the window every time you interact with emails and documents sent from a third-party organization or person.
3. Beware of “gifts” and freebies on social networks
VKontakte, Instagram and Facebook are full of advertisements for fraudulent schemes and the presence of fraudsters as such. Regardless of whether the scammers promise to increase the subscriber base or guarantee an unthinkable income of 100500 million rubles per month, remember: if such an offer sounds too good, then most likely it will turn out to be a scam.For example, advertising posts with a search for content managers to create product cards on WB. Applicants are simply offered to make an advance payment to start earning.
4. Beware of fake traffic
Fraudsters can generate clicks, traffic, and even orders. They use fake or other people's personal data and bank details. In the US, if a sales manager contacts a "buyer" using illegally provided contact information to confirm an order, there are hefty fines for organizations, as such actions are considered spam.Bots can also provoke repeated display of ads if remarketing is set up in the advertising campaign. Let's say he clicked on the ad and possibly left a request or order. There is a high probability that the ads will be shown to him again, and he may click on them again.
