What is fraud?
Fraud is a fraudulent activity in the infrastructure of a service provider. The
purpose of such activity is deceiving a service delivery system for personal gain.
Fraud is applicable to banking, e-commerce or telecommunications services. It is
a deceptive act intended by an attacker to take advantage of the victim. Such
activities are based on social engineering and psychological methods of influence
such as intimidation, disorientation, an attempt to establish trust or play on
When is fraud committed and by who?
· When serving individuals
· When servicing corporate customers (legal entities)
· When using bank cards
· When making check transactions
· By hacking or theft
· By identity theft
· Through victimization
· By third parties due to individual or legal entity data leaks
· By third parties presenting themselves as an organization
· By third parties presenting themselves as public persons
· By employees within a company
· Through collusion of trusted users
· A result of a guiltless action of the responsible person.
Fraud classification by types:
Phishing is a set of techniques that scammers use to obtain personal
information. Examples of common phishing:
Phishing to hack accounts or social networks. A victim receives a
message containing a report of hack and asking to follow a link and enter
their credentials to protect their account. After that, a scammer blocks
access to the victim's personal account and starts sending messages, for
example, requests to borrow money. This type of phishing extends beyond
social media. A victim may also lose access to their crypto wallet that holds
Phishing of bank account details. In this case, a hacker can call or send a
message to a victim with false information about debiting money from
their personal account, problems with the account, verification, etc. Most
often, scammers ask to send an SMS code to verify an account, reply to an
authorization letter by mail, or send a pass phrase/word. A victim loses
access to their personal account and bank card credentials. You can also
be attacked through links sent directly in a message.
Clone phishing. In this case, hackers copy a common message. For
example, a customer receives a message from their bank containing an
account statement or a message from PayPal/Amazon asking them to
verify their account. A scammer substitutes the links in the body text or
files attached to the message with malicious objects that look as real ones.
By clicking a link or attachment, a victim grants an attacker access to their
computer through malware.
Extra types of fraud
Malware is a generic term for any type of malicious software designed to harm or
illegally exploit someone else's programmable device, service, or network. Such
applications cause direct or indirect damage, for example, they cause a computer
to malfunction, display additional advertising or steal the user's personal data
including SMS codes or two-factor authentication codes.
Click Spam is generating fake clicks using bots to get past filters and get paid or
Ad masking is placing ads in an app or on a website. These ads are placed by
fraudulent browser extensions that replace or override existing ads or steal data.
Download hijacking is a type of ad fraud that uses malware installed on a user's
device to monitor app store activity or steal data.
Install hijacking – Scammers use an infected app that a user installs on their
phone. Scammers are immediately notified about the install. They fake an ad
click, attributing a usual app install to themselves, and receive payment through
an affiliate program or steal data.
Domain spoofing – Scammers create a website and make it look it as a website
from an ad network to receive fraudulent traffic. Users click on ads to go to the
desired site, but they land on a scam page instead and risk their data.
Toolbar – A user is forced to download an application with a special script that
automatically opens an advertiser's website or installs an application to steal data.
SIM-card fraud is taking over a mobile phone number to bypass two-factor
Multiple methods are used for fraud. In case of identity theft, one person
impersonates another for personal gain. Phishing, social engineering, special
devices, special types of malware, user data leaks from services and systems are
used for carding (theft of bank cards details and their owners’ personal
information such as address, security questions, date of birth, name). In case of
collusion, employees commit internal theft using their position and
communication with third parties. To exploit data leaks, scammers create
Internet fraud forums on the dark web where they share their experience and
Scammers create a fake website that looks like the real one except for a
few subtle details. For example, URL changed to 1 character. Visitors get to
the website, make a purchase and, as a result, provide their card details.
Creating fake ads where scammers present a certain product, but insert a
link to a fake website that is not related to the ad.
How can you protect yourself from fraud?
Always check a link carefully: jumbled letters in the site name are a sign of
a fake page. Instead of changing a URL in a browser phishers can also
create another browser in the browser and manipulate anything in it, see
example. Links on fraudulent websites usually contain errors or link to
third-party sources. Review the links in the browser address bar.
Before entering your login and password, check if the connection is
secured with the https protocol. Check the correctness of the entered
values in the forms, do not enter your personal details or bank card details
when participating in drawings or other events. If a suspicious message
with a link or request came from a loved one, colleague or friend,
remember that their account could have been hacked.
Always check the account name and availability of a phone number in case
of a full copy of the account. We are talking about accounts in apps or
websites of banks, tax authorities, online stores, travel agencies, airlines,
etc. Check your work accounts. Keep in mind that their typical features can
Check your work accounts. Keep in mind that their typical features can be
A file sent by your playmate or colleague may be a spyware or ransomware
Trojan as well as email or message attachments.
Try not to use unverified apps on your personal and corporate devices.
Follow the licensing policy.
When interacting with your partners, try to receive reliable quotations and
only from your corporate mail.
If you receive a suspicious message, check if the sender's email address
matches the sender's name. See if the message was authenticated. Before
clicking the link, hover over it and look at a URL that will appear in a
browser status bar. If the URL doesn't match the message description, the
link may lead to a phishing site. Check message headers to make sure the
“From” line contains a correct name. If you receive an unexpected
suspicious message, contact the sender using another way of
communication and check if it was really sent by this person.
A few more tips
Try to enable two-factor authentication on all existing accounts. This step
can help if the master password has become known to hackers.
Delete all obsolete and unused accounts.
Regularly update passwords for your email and corporate accounts.
Don't use the same password too often.
Respond immediately to even the slightest hint of suspicious activity:
change passwords, block scammers, and run a deep antivirus scan.
Don’t tell anyone your CVV code, PIN code, one-time passwords and
passwords for Internet banking and mobile banking.
Don’t send or transfer SMS messages, emails with passwords, codes and
other data to third parties, try to keep your privacy.
Request verification details from a contact person, make formal requests,
and make sure a domain name is correct before contacting a website by
Stay alert when non-trivial questions regarding your personal and
What if you still become a victim?
1. Run an antivirus scan on your PC and smartphone.
2. Immediately change the stolen password for all accounts where it is used.
3. Set up two-factor authentication.
4. If you accidentally provided your card details or a code from SMS, call your
bank, block the card and check potentially dangerous transactions.