What is a scam?
Cybersecurity is primarily concerned with online scams, which occur through the use of the Internet, IP telephony, instant messengers, email, and other technologies.
Why is scam harmful to brands?
Scams are often hidden behind well-known brands to appear more credible for potential victims. Though scams mostly aim at individuals, they take a huge toll on the brands themselves. As a result of the fraudulent actions, brands do not receive a huge share of the revenue, but this is not the most important thing.
Deceived customers unknowingly or consciously begin to blame the brand on behalf of which the scammers acted. They associate the brand with a scam, which in the long run leads to significant reputational losses, and hence a deterioration in the economic performance of a company. Therefore, organizations need to prevent and stop cases of scams using their brands.
Scam vs. Phishing
Scam and phishing often go hand in hand. Scammers often use phishing as a means of deceiving victims. However, there is a big difference between these phenomena in several aspects.
Phishing is aimed at stealing personal information, such as bank card data or account credentials, and is considered successful when such data is received. This data may be later used for conducting other cyber attacks or sold to cybercriminal groups on the dark web. Meanwhile, the ultimate goal of scammers is to steal money directly. The scam is considered successful when the victim transfers money to the attacker.
In terms of remediation, these types of cyber attacks are also approached differently. Being a type of cybersecurity violation, phishing is dealt with by computer emergency response teams, or CERTs. Scam is a full-fledged criminal offense that requires the involvement of law enforcement and legal authorities.
Common scam schemes
Scam schemes quickly become obsolete and constantly evolve. However, some Internet scams were especially popular in recent years.
- Dating scams, or fake dates. For this scheme, scammers create fake profiles on popular dating sites or apps and offer potential victims to have a date at a cinema, bowling, theater, etc. The victim is asked to buy tickets in advance using the link provided by scammers. After the payment, scammers get access to the victim’s bank account and steal all the money available.
- Investment scams. Scammers create fake investment and cryptocurrency projects, promising super-high earnings from buying and selling shares or trading on non-existent crypto exchanges.
- HR or job scams. Several scam techniques are fitting into this category. However, all of them boil down to the following: scammers masquerade as a well-known HR brand, offer well-paid jobs, and ask victims to pay some initial fee.
- Classified scams. Scammers use advertisements on classifieds sites to trick buyers or sellers into thinking they are dealing with a legitimate contact.
- Lottery scams. Various scam techniques are used in this segment. However, in all cases, victims are told they’ve won a valuable prize and asked to share bank card credentials to get it. Once scammers get the credentials they withdraw money.
- Cryptocurrency scams. In a general scenario, it goes as follows: scammers create fake accounts of famous entrepreneurs and offer victims to get Bitcoins or other cryptocurrencies for free. To receive the prize, giveaway participants need to transfer their cryptocurrency to specified e-wallets.
Indicators of scam
While online scams can be very varied and inventive, there are some traits that they have in common. These features should alert potential victims.
Promises of killer deals
Scammers often promise fantastic discounts, promotions, and giveaways. Any such offers should be double-checked in the official sources of the brand mentioned. The information about large promotions is always placed on the official website of the company or its pages on social media. Requests to pay various commissions require special attention as in official promotions winners are never asked to pay for shipping, commission, currency conversion, etc.
Abnormalities in names
Clones of domain names and social media accounts used in scam schemes often differ from the official ones by 1-2 characters. Also, as these resources usually don’t live long, they have fresh registration dates, which could be checked using the whois.net, pr-cy.ru, or cy-pr.com services.
Offers of easy money
Offers of easy earnings on the Internet, which are comparable to the earnings of a top manager of a large company, are highly likely to be a scam. Selling schemes for fabulous earnings for a nominal fee is a scam as well.
Suspicious behavior
Whatever the scam scheme is, fraudsters tend to behave suspiciously. In the case of classiscam, they would entice a victim to continue chatting in Whatsapp or Telegram messenger instead of using the built-in functionality of a classified site. In telephone scams, scammers would induce a victim into sharing personal data or bank card details.
Emotional pressure
Scammers try to play on emotions to lull the vigilance of the victim. They incite panic, euphoria, or even a sense of duty, so any communication that provokes strong emotions can be considered suspicious.
How to block scams
Blocking a scam resource is not an easy task, as fraudulent resources seem real at first glance. Moreover, the final connection with the user is frequently conducted through a private dialogue. Thus, it can be difficult to prove that a scam has taken place, so hosting providers are not in a hurry to block the fraudulent resources.
However, there’s always a way to outfox the scammer. For instance, Group-IB uses intellectual property laws to thwart scams. This occurs as a result of the usage of well-known brands and their legally protected assets for duping a victim.
As scam is a criminal offense, it lies in the area of responsibility of the police and other law enforcement. If you have fallen victim to a scam, contact the police immediately and report the incident to technical support or CERT.
Defend brand assets with Group-IB Digital Risk Protection
Prevention is better than response, so there is a solution to protect a brand from the consequences of scams – Digital Risk Protection by Group-IB. This tool continuously monitors millions of online resources for brand abuse and intellectual property violation. The neural network the solution is based on detects up to 90% of offenses.
Enriched with data from our Threat Intelligence, Group-IB Digital Risk Protection allows attributing discovered violations with scam groups and other resources used. It increases the effectiveness of combating scams.
When the scam is detected, Group-IB Digital Risk Protection starts a takedown process encompassing such stages as notifying hosting providers about violations, using a partnership network to enforce the removal of violations, and getting a pre-trial order to take down violations. Learn more about Group-IB Digital Risk Protection.