Cyber awareness month is not restricted to the United States: October is also European Cyber Security Month. Over the next week, law enforcement agencies from all 28 EU member states, 5 non-EU member states, 24 national banking associations and banks and many other cybercrime fighters will be raising awareness about the criminal phenomenon of cyber scams. This pan-European endeavor will be driven by a communication campaign via social media channels and national law enforcement, bank associations and financial institutions.
As highlighted in the Internet Organised Crime Threat Assessment (IOCTA) 2018, social engineering continues to grow as the engine of many cybercrimes, with phishing as the most frequent form. Criminals use social engineering to achieve a range of goals: to obtain personal data, hijack accounts, steal identities, initiate illegitimate payments, or convince victims to proceed with any other activity against their self-interest, such as transferring money or sharing personal data. One single click can be enough to compromise an entire organization.
For the European campaign, awareness-raising material has been developed in 27 languages, available for public download, which includes information on the seven most common online financial scams, and how to avoid them:
- CEO fraud: scammers pretend to be the victim’s CEO or senior representative in the organization to trick them into paying a fake invoice or making an unauthorized transfer out of the business account.
- Invoice fraud: they pretend to be one of the victim’s clients/suppliers and trick them into paying future invoices into a different bank account.
- Phishing/Smishing/Vishing: they call the victim, send them a text message or an email to trick them into sharing their personal, financial or security information.
- Spoofed bank website fraud: they use bank phishing emails with a link to the spoofed website. Once victims click on the link, various methods are used to collect their financial and personal information. The site will look like its legitimate counterpart, with small differences.
- Romance scam: they pretend to be interested in a romantic relationship. It commonly takes place on online dating websites, but scammers often use social media or email to make contact.
- Personal data theft: they harvest the victim’s personal information via social media channels.
- Investment and online shopping scams: they make victims think they are part of a smart investment, or present them with a great fake online offer.
The internet has become very attractive for cybercriminals. Attackers are using sophisticated tricks and promises to wrench money or valuable financial information out of their victims. Scams featuring a long-lost deceased relative or Nigerian princes are not the only tricks in the book anymore. The tactics used by cybercriminals are becoming increasingly innovative and harder to detect. From pretending to be the CEO to impersonating a romantic interest, the online scammers of today will do what it takes to get what they want.