While you work hard to earn money, criminal enterprises are working hard to steal it. So let’s take a minute to brush up on the latest tricks, scams and methods criminals are using to steal data and money from you and your customers.
Internet fraud is the use of internet services – or software with internet access – to defraud victims or to otherwise take advantage of them. Internet crime schemes steal millions of dollars each year from victims and continue to plague the internet through various methods. Several high-profile methods include:
- Business Email Compromise (BEC): This sophisticated scam targets businesses working with foreign suppliers and companies that regularly perform wire transfer payments. Criminals compromise legitimate business email accounts through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds. Social engineering is a method of first gaining trust to manipulate a victim into divulging personal or confidential information.
- Data Breach: A leak or spill of data is released from a secure location to an untrusted environment. Data breaches can occur at the personal and corporate levels and involve sensitive, protected or confidential information that unauthorized individuals copy, transmit, view, steal or use.
- Denial of Service: An authorized user’s access to any system or network is interrupted, typically with malicious intent.
- Email Account Compromise (EAC): Similar to BEC, this scam targets the general public and professionals associated with — but not limited to — financial and lending institutions, real estate companies and law firms. Perpetrators of EAC use compromised emails to request payments to fraudulent locations.
- Malware/Scareware: Malicious software is introduced with the intention to damage or disable computers and computer systems. Sometimes perpetrators use scare tactics to solicit funds from victims.
- Phishing/Spoofing: Both terms deal with forged or faked electronic documents. Spoofing generally refers to the dissemination of email that is forged to appear as though it was sent by someone other than the actual source. Phishing – often used in conjunction with a spoofed email – sends an email falsely claiming to be an established legitimate business with the intent to deceive the unsuspecting recipient into divulging personal, sensitive information such as passwords, credit card numbers and bank account information. The email directs the user to visit a fake website set up only as an attempt to steal the user’s information. Vishing is a variation of the scam using voice messaging; smishing uses SMS text messaging; and pharming uses fraudulent websites. Spear phishing attacks target specific individuals and use emails that appear to come from a trusted sender.
- Ransomware: This form of malware targets both human and technical weaknesses in organizations and individual networks to deny the availability of critical data or systems. Ransomware is frequently delivered through spear phishing emails to recipients, resulting in the rapid encryption of sensitive files on a corporate network. When the victim organization determines they are no longer able to access their data, the cyber perpetrator demands the payment of a ransom, typically in virtual currency such as Bitcoin, at which time the actor purportedly will provide an avenue to the victim to regain access to their data.
Frequent instances of internet fraud include business fraud, credit card fraud, internet auction fraud, investment schemes, Nigerian letter fraud and non-delivery of merchandise. For information on the most common complaints and scams, see the annual reports of the Internet Crime Complaint Center (IC3), a partnership of the FBI and the National White Collar Crime Center. Also see its information on Internet Crime Schemes and its Internet Crime Prevention Tips.
This loss control information is advisory only. The author assumes no responsibility for management or control of loss control activities. Not all exposures are identified in this article. Neither The Cincinnati Insurance Company nor its affiliates or representatives offer legal advice. Consult with your attorney about your specific situation. Contact your local, independent insurance agent for coverage advice and policy service.