Online fraud is one of the most comprehensive tools in the cybercriminals’ arsenal, and for very good reasons. With the unprecedented quantity, sophistication, severity, and breadth of cyber attacks taking place at present, there is, as a result, an enormous amount of online fraud taking place.
It is well-known around the world that online fraud is a top cyber threat. But, online fraud is certainly nothing new. Just like any other cybercrime, it is a global activity, well known by authorities and security specialists, that has been relentlessly perpetuated by cybercriminals and cybercriminal groups for a long time now.
For one, cybercriminals (criminals operating online) are always looking for the most efficient ROI or Return on Investment. This means that the tactics they choose to use are always tuned for maximum gains with the least amount of resources spent and with as minimal effort as possible. These gains can be; personal financial gains for the cybercriminal, collection of confidential information, or part of an operation by a nation-state. These operations can also span across several campaigns, and with the help of several actors across the globe
For these reasons and more, online fraud is hugely popular in the cybercriminal community and hugely successful to boot. Also, the statistics on online fraud show everything there is to tell. In 2017 alone, according to an FBI report, a loss of around $1.5 billion was served to victims of online fraud.
However, online fraud is a very general, very large umbrella term that includes several types of cybercrime that are based on social engineering scams and other crimes. When all of them are put together, the amount is a far cry from just a few billion in damage to the economy. Hundred of billions in losses hit the economy every year in total where fraud is concerned. As far as cybercrime in general, it is shocking that this figure just scratches the surface.
All together, cybercrime costs the economy trillions of dollars, and the worst part about it is that most organizations are unprepared for cybercrime. Adding to that, most internet users are clueless about cybersecurity.
This is why it is important to understand what online fraud is, how nations deal with online fraud, and finally the best steps to take to limit the risk of online fraud as much as possible.
What is Online Fraud?
Online fraud is differentiated from theft, as it does not involve a direct breach or theft operation, but relies on deception, tricks, and social engineering tactics to lure victims into willingly handing over sensitive information that benefits the cybercriminals orchestrating the act.
There are several types of cybercrime that fall under the category of online fraud, ranging from small-time crook operations to large-scale campaigns. To put this topic into perspective concerning just how diverse the online fraud landscape is, some good examples are;
- Social engineering tactics such as phishing, smishing, vishing, and others
- Website spoofing
- Direct identity theft
- Chargeback fraud
- Card testing fraud
- Marketplace fraud
- Catfishing scams
- Auction scams
- Stolen credit card scams
- Lottery scams
- Bitcoin scams
- Charity scams
- Employment scams
Online fraud is definitely not limited to the above and will grow and get more creative as the industry and technology progresses.
How Nations Are Dealing With Online Fraud
The way online fraud is dealt with differs greatly between countries. Also, the way online fraud targets and affects a nation varies a lot. Naturally, cybercriminals want to hit developing nations where they can steal money, identities or conduct other long-ranging scams as efficiently as possible. This means that highly developed countries with a large population are always a default target.
Nations such as the United States, Japan, the United Kingdom, and the Netherlands are examples of developed nations that are hit hard by online fraud such as identity theft.
As far as email phishing scams go, which are the most popular method of online fraud today (as well as the easiest to orchestrate) the list is as follows; the U.S., the UK, Australia, Japan, Spain, France, and finally Germany. These are the nations where thousands of phishing scams are successfully carried out.
The most impersonated brands out there that online fraudsters spoof to lure victims into traps are; Microsoft, DHL, LinkedIn, Amazon, Google, and Paypal.
As far as dealing with online fraud, some nations are better at it than others. Statistics show that (via an NCSI score) Germany, Australia, the Netherlands, Italy, and Japan do well in terms of fighting cybercrime and online fraud. On the other hand, New Zealand, France, and The United States are at the bottom of the list when it comes to the ratio of being hit by cybercrime versus how effective the nation is at fighting against it.
An important aspect of this is how the government of a nation reacts towards cybercrime and online fraud. In that aspect, Japan, the Netherlands, and Germany are the most successful and focused on spreading awareness and stopping these acts.
There are several laws, regulations, and frameworks in place that improve information security and aim to spread awareness about online fraud. Some of these are; regulations like the GDPR, NIST, CISA, the UK ICO, the European Anti-Fraud Office, and many others. Law enforcement agencies, like the FBI and EUROPOL, also battle online fraud every day.
How to Fight Against Online Fraud
Protection against online fraud begins at the user level because most online fraud can be avoided with a bit of care which means reducing human error to a minimum. As simple as it sounds, applying this to a population of over 4 billion connected people across over 30 billion devices and thousands of organizations is a gargantuan, seemingly impossible task.
What can be done is at the user level, and the employee education level. Primarily this means awareness education and training when it comes to phishing. Secondly, this is about understanding password hygiene and internet best practices. Finally, it is about understanding that oversharing information on social media can also lead to online fraud.