The evolution of scams goes hand in hand with the technological one. Knowing the main online scam methods becomes essential to live digitally with the right defenses.
From the brick sent by sellers on Ebay, to the Nigerian prince fleeing his country, to the trusted bank that forgets the credentials of its users. The history of digital scams becomes a perfect litmus test of technological development and every new digital system corresponds to at least one method for cheating users. We may also start to hear reports of AI-supported scams, such as phone calls with cloned voices or solicitation using artificially generated images.
Knowing online criminal activities is the first step to living online in a more peaceful way.
Without launching into possible predictions, in this article we want to provide a look at the current state of one of the main dangers that inhabit the digital world.
The numbers in Italy
In the 2023 report of the Italian Postal Police there was a significant increase in cases of scams, with over 3,500 people reported and a 20% increase in the sums stolen compared to 2022, reaching 137 million euros in illicit profits.
Furthermore, financial cyber crimes have grown, particularly linked to the use of cryptocurrencies, which make it more difficult to trace illicit transactions. In 2023, 65 companies were affected for a value of over 19 million euros. As regards crimes committed using techniques such as phishing, smishing and vishing, 917 people were identified and reported.
The psychological basis of online scamming
Social engineering is the beating heart of every form of online scam. As described in the book “The Art of Deception” by Kevin Mitnick, this technique exploits the psychological vulnerabilities of individuals to manipulate and induce them to perform actions that compromise their safety. Social engineering attacks rely on deception and manipulation rather than sophisticated technical skills.
Social engineering works because it leverages human factors such as fear, curiosity, authority, and the desire to help. The increasing sophistication of these techniques, along with the dissemination of personal information online, makes it increasingly difficult for people to distinguish between legitimate and scam communication. Therefore, cybersecurity awareness and training are essential to protect yourself from online deception.
The most common scam methods
The fictitious identity is decisive for the scam because it is direct to a particular victim, who refers to a context in which there are current relationships of trust. In addition to the declared identity, further information must be found for the deception to be successful. The scam is complex to organize (preliminary activities are necessary), but despite this it is spreading because it is more profitable and quick to implement.
These frauds are the most sophisticated, requiring the acquisition of information through abusive access to databases through different techniques.
Phishing
Reporting registration or security problems, the user is invited to provide confidential access data to the service, usually referring to a website that is only apparently legitimate. Deceived by the graphics and tone of the message, users enter their credentials, which are thus stolen by the scammers.
Vishing
Variant of phishing that takes place via telephone. Scammers pretend to be representatives of trusted institutions and ask for personal or financial information. This type of attack takes advantage of the lack of visibility and perceived urgency in this form of communication.
Smishing
It uses SMS to trick victims. Users receive text messages that appear to be from reputable entities and contain links or phone numbers to “fix” urgent issues. By following these links or calling the provided numbers, victims unknowingly provide their information to scammers.
Spoofing
A hacker takes possession of a series of data in order to impersonate someone trusted and known to the victim. A fairly common case occurs through the sending of emails that appear to come from a friend, or the use of IP or DNS to hijack the network to fraudulent sites.
What to do to defend yourself
To defend yourself from scams, it is important to first learn how to recognize them. Once you have entered your personal information on a hacker-controlled web page, it is impossible to prevent your data from being used for fraudulent purposes.
Mind
You should be wary of all those messages that ask you to click on a link and enter your personal information. A bank, for example, will never use this method, because it is already aware of its customers’ information. Even if there were actually some problem, the bank would probably ask to go to the branch. In case of doubt, it is always better not to click: to check the veracity of the message, you can visit the bank’s website directly and log in.
Implement two-factor authentication
Two-factor authentication (2FA) adds an extra layer of security to your accounts. Even if a hacker manages to obtain the password, they will need the second authentication factor, such as a code sent to the phone, to log in. This significantly reduces the risk of unauthorized access.
In a world of thieves (online)
The fight against online scams requires a combination of awareness, education and security tools. Users should be informed about the risks and social engineering techniques used by scammers, and implementing measures can make a big difference in data protection. Only in this way will it be possible to reduce the impact of these crimes, protecting users from a threat that will never die.