Contributed blog by Javvad Malik, security advocate at AlienVault
The latest official figures suggest that one in ten people in the UK have been a victim of online fraud. Unlike many traditional crimes, however, these offences can affect people of all ages, social backgrounds and geographic regions - no one is immune.
Scams can vary greatly in their nature and execution methods, but the majority of them work by emotionally manipulating their victims' behaviour through greed, desire or fear. For this reason, keeping in mind a simple acronym, MELT - which stands for Money, Employment, Love and Threats - can help people recognise some of the most common types of attack, and spot a scam before they fall victim to it. Let's look more closely at how this works.
Criminals often get in touch with victims to announce that they have won an unexpected sum of money. By appealing to their greed, they try to persuade users to part with their bank details and personally identifiable information to deposit the windfall, but instead extract funds from the victims' accounts.
A common variation of this scenario are inheritance scams, which usually state that a long lost relative has passed away leaving a sizeable fortune; tricksters often pose as solicitors in order to persuade victims to share their bank details. In reclaim scams, perpetrators purport to be from a government or tax office, and try to convince users that they are entitled to a tax rebate, while in advance fee scams fraudsters will offer people a share in a large sum of money on the condition that they help transfer it out of the country.
In all of these scenarios, the promise of unexpected wealth can be hard to resist. However, if something sounds too good to be true, it probably is. There is no such thing as easy money, and if you don't remember a long-lost relative, then the chances are pretty good that you have not inherited their fortune, so be aware.
Employment scams prey on the unemployed, and those in need of additional income streams. Typical scams include work from home schemes, which try to trick users into handing over money in exchange for joining a 'guaranteed' scheme to make money.
Fraudsters sometimes pose as recruitment agents, and may even interview you for a job that doesn't exist. After receiving a job offer you will be asked for your bank account details, which may be used to steal money from your account.
To avoid these scams, make sure to check for any tell tale signs of fraudster activity, such as poor spelling and grammar, or recruiters that provide a webmail email address such as Yahoo or Hotmail as their main point of contact. And never enter your bank details or passwords into online forms or over the telephone.
Scammers often pull on people's emotional strings to try and get what they want. Criminals often set up multiple accounts on dating sites, apps, or social media by masquerading as prospective companions. After a courting period, they ask victims to send money, or pay for gifts. They sometimes also encourage victims to reveal intimate facts or pictures of themselves which they can then use to blackmail victims.
While flattering, it's unlikely that someone will fall madly in love with you just by viewing your dating profile. To avoid these types of scams, therefore, it is important to be extremely careful about revealing personal information, such as your home address or date of birth, to someone you have just met on a dating site. It is also a good idea to connect through the original dating site itself, and avoid direct communications like instant messaging and texts.
When greed or love don't succeed, scammers can also resort to making threats. Sometimes they'll try to install malicious software onto your computer to lock the computer screen and display a message purporting to be from law enforcement, stating that the machine was involved in criminal activity and demanding that a penalty be paid to avoid legal action. Another version of this activity is ransomware, which can lock users out of their computers and then demand that a ransom be paid in order to recover the files.
These types of scams are typically launched after a user clicks on a link or opens a suspicious attachment in an email, which installs malware on their system. There is always more to lose than to gain from clicking on an unknown link. If you don't recognise the source or the sender, always avoid clicking on the content of emails, texts and internet pop-up messages.
While there are a growing number of tools available to defend against cyber crime, education remains one of the most important tools in our defence. It is only by gaining a greater understanding of the threats and techniques encountered - in both personal and business settings - that we can best protect ourselves.