What is Online Fraud?

Table of Contents

Online Frauds are different methodologies of Fraud, facilitated by cybercriminals on the Internet.  Scams can happen in a myriad of ways- via phishing emails, social media, SMS messages on your mobile phone, fake tech support phone calls, scareware and more. The main purpose of these types of scams can range from credit card theft, capturing user login and password credentials and even identity theft.

Why is Online Fraud so prevalent?

The answer to how online fraud happens has two parts:

  1. Stolen credit card information is easy to buy.
  2. Prosecution is rare, and online fraud may be a low priority for law enforcement, due to difficulty amassing evidence and time and resource constraints.

With that being said, let’s take a deeper look into each part.

Ease of access to stolen Credit Cards

How does online card fraud take place? We’ll examine the typical process for how a stolen credit card can become a fraudulent order for a merchant.

Step 1: Credit card numbers are stolen, either via large criminal syndicates or solitary hackers.

Online criminal organizations or lone hackers will attack companies and organizations, regardless of size, to obtain access to any type of personal and/or financial information. When the information is acquired, it’s often packaged to immediately be sold on a black market. The more information available on a cardholder, in addition to the card number, the higher the price the information fetches. (Cards sold with information such as billing and delivery address, email and phone numbers are sold at a premium.)

Step 2: The personal and financial information stolen is sold to a 3rd party, and usually not used by the initial thieves.

More often than not, the organizations and individuals who steal personal and financial information are not the same individuals and organizations who use that information. The larger the hack, the less likely that the party responsible for the theft of data will use it to commit fraud. In the aftermath of the Target and Home Depot hacks, law enforcement noticed a significant uptick in the black markets of personal information being sold.

Step 3: Once in possession of stolen credit card information, a fraudster tests and then exhausts the credit card.

Now that a fraudster is in possession of credit card information, either from buying it from a black market or by stealing information themselves, the first step is to separate the active cards from the inactive cards.

They will usually test the stolen credit cards by making small purchases online (typically in the range of just a few dollars) to see if the transaction will go through. If the transaction is successful, they will attempt to max out the credit cards to their full potential.

Depending on how much information the fraudster has stolen (phone number, email, social security number, billing and delivery address, passwords, etc.), they can, with varying degrees of success, pass themselves off as the legitimate cardholder. Often, they are able to get past an online merchant’s fraud screenings because of the information that they have at their disposal.

Now that we’ve demonstrated the ease with which a fraudster acquires and uses stolen credit card information, let’s explore the enforcement issue.

Tips to Prevent Online Fraud 

During the prolonged lockdown last year, online transactions – UPI payments, card payments, mobile banking–helped life keep going. Thousands, if not millions, were taken to digital payments for the first time across the country’s diverse socio-economic segments.

However, as digital payments skyrocketed, so did payment failures and frauds, which ultimately amounted to people losing their money.

But the good thing is that online frauds can be prevented by practising these safety tips:

At the same time, it’s important for businesses to have a company-wide security plan in place to ensure employees help protect sensitive company data. Companies with dedicated IT departments work hard to protect their sensitive data and have probably taken all the necessary precautions.  If you own or manage a small business without the safety net of IT personnel, here are five best practices that will help protect your information.

1. Keep Financial Data Separate

For business users in particular, use a dedicated work station to perform all company banking activity. Use other computers to access the Internet and conduct non-banking business. When it’s time to retire the computer that was used to access company banking, be sure to back up all sensitive information  and erase the hard drive before recycling it.

2. Know who’s asking

As a general rule of thumb, banks don’t send emails or text messages that ask for personal information such as account and/or social security numbers.  Banks will also not require you to verify account information in this manner.  Never share any personal information, especially social security or tax ID numbers, account numbers, or login and password information via email or text. Should you need to communicate sensitive information with your bank via email, be sure to use secure mail within the bank’s secure online banking platform.
Also on the rise are emails to businesses that appear to be from suppliers. Like fraudulent banking emails, these emails may look legitimate but will ask for sensitive financial information. If you see an email asking you to provide sensitive financial information – even one that may look like it’s from your bank or supplier – call to verify before responding.    

3. Keep Your Passwords Secret

Do not share passwords and do not leave any documents that contain access to financial data in an unsecured area.  Change your passwords regularly for better protection, using a combination of letters, numbers and special characters when possible. Change your wireless network default password as well as the default SSID (name used to identify your network). Don’t broadcast your SSID and consider using encryption on your network.

4. No Phishing Allowed

Beware of phishing emails. These emails are designed to prompt you to click links provided within the email to verify or change your account in some way.  Often, the links included in the email are ways for fraudsters to install malicious software (also called Malware) onto the computer or device you use to access your email.  This Malware can be used to obtain personal information. 

5. Protect Your Computer

With cyber attacks on the rise, it’s more important than ever to install antivirus software on your computer or network. Equally important is ensuring you are regularly running and updating this software to prevent viruses from infecting your computer. In addition, installing and enabling the following software programs will help you combat malicious cyber activity. Anti-spam software: Helps prevent spam and junk email from entering your inbox, which helps guard against phishing emails

  • Anti-spam software: Helps prevent spam and junk email from entering your inbox, which helps guard against phishing emails
  • Firewall: Helps prevent unauthorized access to your computer through viruses and malware
  • Anti-spyware software: Blocks the installation of spyware on your computer, which can monitor or control your computer use and send you pop-ups or redirect you to malicious websites

Keep your computer operating system and Internet browser current; this provides additional protection against fraud and theft.

6. Sim Swap Fraud

The way this scam works is that the scamsters impersonates the victim and convinces the mobile phone provider that the victim’s mobile device is lost or stolen and gets them to port the victim’s phone number to the fraudster’s sim. Once the fraudsters get hold of the phone number, they then have access to voice calls, SMS and OTP. This in turn gives them access to the victim’s social media, email accounts, bank accounts, etc.

“One way to prevent this is to put in a request to the mobile number provider to the only enact on sim swap upon the physical visit,” said Goyal.

7. Clearing caches

Any new innovation has its pros and cons. As we move towards an increasingly digital world, our lives may become easier but we also risk cyberattacks due to an explosion in computing power. Hence, we need to be careful. This means that though it might be convenient to store our card details on google cache or our browser for ease of transaction, it can also lead to our bank accounts being wiped out in the event of our computer being hacked. Hence it is important to make sure no bank account details, or card details are stored on the browser cache.

8. Don’t open mail from strangers

If you get a phishing email with malware attached, you don’t have to download the attachment for it to do damage to your home network. That’s because drive-by downloads can install malware on your hard drive without you even agreeing to download them.

9. Be smart with Financial Information

Be mindful of where you enter information like your credit card number online. Before you purchase anything on a website, ensure that the website’s URL  starts with “https://.” The “s” at the end is critical, because it indicates that your connection is encrypted. Don’t purchase anything from a website that doesn’t have this. Also, you should think twice about saving your financial information to websites you buy from, even if you shop with them frequently. Storing your information on their site could make it easier for hackers to access in the event that company’s website or network suffers a data breach.

10. Enable Cookies only when required

Another option for setting up your browser to protect your online data is by enabling cookies only when required by a website. These cookies are details websites store on your computer, including information about what sites you visit and what you do there. Most of them keep the details to themselves, but this is also a way dishonest people get your information. You want cookies to be enabled, but to limit them only to websites that require it.

11. Tap & Pay fraud

Goyal said, “We are seeing a lot of advancements in the field of digital payments and one of the most recent developments has been contactless payments or ‘Tap & Pay’, where one can tap a debit or credit card at the POS machine for upto Rs5,000. This payment method does not need an authentication pin. While this payment method is very convenient, it comes with its risks too. There have been instances where scamsters are present with a contactless POS machine in crowded places and rub the machine against people’s pockets in the hope of picking up a few contactless payments.”

Thus, to prevent these scams, it is important to make sure that the cards are not lying loose in our pockets and are kept in a wallet which prevents the NFC (Near Field Communication) signals from getting through. Furthermore, several banks have now come up with digital mobile applications which empower a customer to enable or disable contactless transaction by toggling a button on the application.

12. Use Two-Factor Authentication

Two-factor authentication requires you to verify your identity after you’ve logged in using your username and password. In some cases, you’ll be asked to verify your identity by entering a code sent by text to your phone or by email. Other times, you’ll have to answer a security question. Whenever two-factor authentication is available, opt in. It may take you a couple of extra seconds to log in to your accounts, but it can make it less likely that other people will be able to log into your accounts, too.