The Invisible Threat: Unmasking Internet Frauds and
Cybersecurity

Technology

Srijita Nath | Indranil Roy

Published on 08-09-2023

As technology advances, we have witnessed a transformation in managing our daily tasks, such as paying bills through smartphones or scheduling online consultations. However, with the increasing dependence on technology, cyber crimes have also increased, posing a growing threat to individuals and organizations.

These activities include offenses like identity theft, phishing, and other hacking techniques intended to defraud people of their money. Internet scams, which target victims through online services, generate millions of rupees in fraudulent activity annually. Furthermore, these figures continue to climb as internet usage expands and cybercriminal tactics become increasingly sophisticated.

Internet fraud can be broken down into several key types of attacks, including:

Now let us gain some knowledge about the various types of internet fraud:

Cybercriminals employ multiple attack vectors and strategies to perpetrate internet fraud. These methods include malicious software, email, instant messaging services for disseminating malware, forged websites designed to steal user data, and intricate, widespread phishing schemes.

Need HELP?
Consult
with Expert Now

PHISHING AND SPOOFING
Email Phishing Scams

Email-based phishing scams represent one of the most prevalent forms of Internet fraud, which presents a significant threat to Internet users and businesses.

In email phishing scams, cybercriminals impersonate individuals known to their victims or those considered reputable. These attacks aim to entice individuals into clicking on a link leading to a malicious or forged website designed to mimic a legitimate one or open an attachment containing harmful content.

Initially, the hacker compromises a legitimate website or creates a fraudulent one. Subsequently, they obtain a list of email addresses to target and distribute an email message designed to deceive recipients into clicking a link directing them to the deceptive website.

When a victim clicks on the link, they are redirected to the counterfeit website, which may prompt them to provide a username and password or automatically download malware onto their device. This malware is then used to steal data and login credentials.

The hacker can leverage this information to access the user’s online accounts, pilfer additional data such as credit card details, infiltrate corporate networks linked to the device, or engage in broader identity fraud.

Email phishing scammers often emphasize the need for immediate action, coercing victims by claiming their online accounts or credit cards are at risk and urging them to log in promptly to resolve the issue.

Greeting Card Scams

Many internet fraud schemes exploit popular events celebrated by people, including birthdays, Christmas, and Easter, often marked by exchanging greeting cards via email. Hackers typically use this by embedding malicious software within email greeting cards.

When recipients open these cards, the malware is downloaded and installed on their devices.

The consequences of such actions can be severe. Malware may lead to bothersome pop-up ads that disrupt application performance and slow the device. A more alarming outcome is the theft of the victim’s personal and financial information, along with their computer being employed as part of a widespread network of compromised computers, a botnet.

Credit Card Scams

Credit card fraud typically occurs when hackers illegitimately obtain individuals’ credit or debit card information to steal funds or make unauthorized purchases.

To acquire these details, internet fraudsters frequently entice victims with seemingly irresistible credit card or bank loan offers. For instance, a victim may receive a message from their bank asserting that they qualify for a particular loan offer or that a substantial amount of money is accessible to them as a loan. Despite widespread awareness that such proposals are usually too good to be true, these scams persistently deceive individuals.

While there are various methods through which scammers attempt to deceive individuals and gain access to their funds, one of the most prevalent tactics involves phishing SMS messages. Phishing attempts via SMS are a global issue where cybercriminals aim to trick people into divulging sensitive information.

These scams often involve impersonating banks and creating a sense of urgency by claiming recipients’ bank accounts are in jeopardy. Victims are then asked to update their KYC or PAN information by clicking on a link provided in the SMS.

Phishing SMS fraud is very common, and many banks have released an advisory for people not to believe in such SMS. Once someone falls victim to these fraudulent SMS messages and clicks on the link, scammers can gain unauthorized access to their mobile devices or banking credentials, resulting in financial losses.

Recognizing that legitimate financial institutions worldwide will never request sensitive information through unsolicited messages is crucial. Therefore, it’s imperative to exercise caution and never respond to suspicious SMS messages or unsolicited requests for personal data. Above all, refrain from sharing sensitive information such as account numbers, card details, OTPs, CVV codes, or personal identification.

Another type of Phishing is Voice Phishing or fake voice call scam. Fraudsters employ sophisticated AI technology to produce counterfeit voice calls that closely mimic genuine interactions, deceiving individuals into providing money.

Some precautions on how to be safe from Phone call scams

To ensure your safety and that of your loved ones in the face of AI voice scams, it’s essential to exercise caution and take proactive steps. Here are some vital guidelines to bear in mind when dealing with suspicious calls:

  1. Verify Callers: Prioritize verifying the caller’s identity by employing a codeword or posing a question only they would know.
  2. Utilize Identity and Privacy Protection Services: Request the caller to confirm their identity using a secret word or by responding to a personal question.
  3. Ignore Unknown Calls: When an unfamiliar caller’s number appears, allow it to go to voicemail. If they leave a message, cross-verify their number with the official website associated with the entity they claim to represent.
  4. Refrain from Clicking Links in Texts: Avoid clicking on links sent via text messages, as they may contain malware or redirect you to counterfeit websites.
  5. Do Not Share OTP: Never disclose any financial or personal information to individuals who contact you via phone or text. Such individuals may be scammers attempting to extract your passwords, bank details, or credit card numbers.
  6. Decline Remote Access: Do not grant anyone remote access to your device. Remote access could lead to malware installation or data theft.
  7. Exercise Caution with Caller ID: Be skeptical of caller ID information, as scammers can manipulate it to disguise their true identities.
  8. Terminate Suspicious Calls: Do not hesitate to hang up in the face of unusual or pressing demands from callers. End the call and avoid engaging with unfamiliar numbers.
DATA BREACH

A data breach is an incident that exposes confidential, private, protected, or sensitive information to an unauthorized person.

It can occur as a consequence of an unintentional event or a deliberate action aimed at acquiring information from an individual or an organization. For instance, an employee may inadvertently disclose sensitive data or intentionally pilfer company information to share with or sell to a third party. Alternatively, a hacker might infiltrate a corporate database containing sensitive information.

Regardless of the underlying cause of a data breach, the stolen information can be leveraged by cybercriminals to generate profits by selling the data or incorporating it into broader cyberattacks. Typically, a data breach involves compromising or stealing information such as bank account details, credit card numbers, personal health records, and login credentials for email accounts and social networking platforms.

Data breaches can result from external attackers targeting an organization or multiple organizations for specific data types, or individuals within an organization can instigate them. Hackers often employ targeted cyberattacks against particular individuals.

To protect themselves from data breaches, organizations and employees must implement the following ways:

  • Utilize Strong Passwords: Weak passwords remain the primary cause of data breaches, providing attackers a gateway to steal user credentials and gain unauthorized access to corporate networks.
  • Implement Multi-Factor Authentication (MFA): In recognition of the inherent limitations of passwords, individuals and organizations should never solely rely on passwords for security. MFA mandates that users validate their identity beyond simply entering a username and password.
  • Keep Software Current: Continuously utilize the latest versions of software systems to pre-empt potential exploits stemming from vulnerabilities. Activate automatic software updates whenever feasible and consistently follow through with updates and patches as prompted.
  • Prioritize Secure URLs: Users should exclusively interact with Uniform Resource Locators (URLs) that exhibit secure characteristics. Secure URLs typically commence with “Hypertext Transfer Protocol Secure” (HTTPS). Additionally, it’s imperative to access trusted URLs exclusively. Generally, exercise caution when clicking on any links within email messages.
  • Educate and Train Employees: Organizations are responsible for educating employees about online risks, familiarizing them with common cyberattack types, and equipping them with the skills to identify potential threats.
  • Develop an Incident Response Plan: Given the increasing sophistication of cybercriminals and the rising prevalence of cyberattacks, businesses must formulate a comprehensive response plan for worst-case scenarios. This plan should outline the designated individual responsible for reporting the attack to relevant authorities and provide a clear roadmap for subsequent actions.

DENIAL OF SERVICE (DOS)

A Denial-of-Service (DoS) attack is a deliberate assault to render a machine or network inoperative, rendering it inaccessible to its intended users. These attacks achieve their objective by inundating the target with an overwhelming volume of traffic or by dispatching information designed to trigger system failure. In both scenarios, the DoS attack disrupts the provision of services or resources that legitimate users anticipate receiving, such as employees, members, or account holders.

Typically, the targets of DoS attacks include web servers of prominent organizations, including those in the banking, commerce, media, government, and trade sectors. While DoS attacks generally do not lead to the theft or compromise of substantial information or assets, they can impose significant costs on victims regarding the time and financial resources required for mitigation.

MALWARE

Malware refers to software intentionally crafted for either stealing data or causing harm to computer or software systems. It encompasses various malevolent software forms, including viruses, spyware, and ransomware. Cybercriminals employ these malicious tools to breach network security and compromise devices, ultimately leading to data theft or system disruption.

Different types of malware threats impact online networks or attached devices:

  • Viruses: These malicious programs attach themselves to clean code, spread rapidly, and disrupt system functionality, often concealed within executable files.
  • Worms: Worms propagate through networks by connecting with multiple machines, potentially infecting entire networks if not halted.
  • Trojan Viruses: Named after the deceptive Trojan horse, these appear as legitimate software but create backdoors for other malicious software to gain unauthorized access.
  • Spyware: Operating covertly, spyware secretly monitors user activity, collecting sensitive information like credit card details and passwords.
  • Ransomware: Ransomware locks computers or networks, demanding payment to release access and providing decryption keys upon payment.
  • Adware: Adware inundates users with unwanted advertisements, often disguised as innocent ads or bundled with seemingly harmless software.
  • Rootkit: Rootkits grant attackers administrator-level privileges while remaining hidden, enabling unauthorized access and system changes.
  • Keyloggers: Keyloggers record keystrokes, enabling attackers to obtain passwords, usernames, and payment details.
  • Crypto-jacking: Attackers exploit target devices to mine cryptocurrencies, harnessing their computing power for digital currency generation.
  • Rogue Software: Rogue software masquerades as malware removal tools, tricking users into installing and paying for actual malware.
  • Scareware: Scareware employs psychological tactics to deceive users into purchasing unnecessary and potentially harmful software by falsely portraying security threats.
The ways to protect the devices against malware:
  • Back up your data
  • Educate employees on signs of malware and how to avoid it.
  • Check for vulnerabilities to avoid malware entering the network.
  • Using firewall protection.

Detect malware with antivirus.

BUSINESS EMAIL COMPROMISE (BEC):

BEC is a type of email phishing that targets senior executives and finance department staff.

The individual orchestrating the malicious attack assumes the identity of a person vested with decision-making power, often someone capable of authorizing financial transactions, granting system entry, or divulging sensitive information.

Spotting BEC Scams:

BEC scams aim to create an appearance of legitimacy, but upon closer examination, you may notice the following unmistakable indicators:

  • Spelling or grammatical anomalies: Hackers, relying on limited information, may introduce peculiarities like using your full name instead of a familiar nickname or employing a generic greeting with no personalization. Additionally, since hackers aren’t industry experts, you may encounter grammar, spelling, or other errors uncommon in your organization.
  • Irregularities in the sender’s address format or spelling: When unable to use a genuine email address, hackers may construct one that mimics authenticity. Keep an eye out for missing letters, dashes instead of underscores, and special characters closely resembling letters of the alphabet, among other discrepancies.
  • Unusual or atypical requests: Hackers may attempt to justify an unusual or out-of-the-ordinary request by framing it as a particular circumstance, an urgent favor, or a mandatory requirement. If a request appears unconventional, delving deeper to confirm its authenticity is prudent.
Ways to protect from Internet Scams:

To safeguard themselves and evade falling victim to phishing schemes, internet users should maintain a vigilant stance towards the common forms of internet fraud.

It is imperative never to transfer money to individuals encountered online, refrain from disclosing personal or financial information to unverified or untrustworthy sources, and exercise caution when experiencing email or instant message hyperlinks or attachments. In the event of being targeted, individuals should promptly notify authorities about online scammer activities and report phishing emails.

Mitigating credit card fraud entails vigilant monitoring of bank accounts, setting up credit card activity alerts, enrolling in credit monitoring services, and leveraging consumer protection resources. In case of credit card fraud, users should promptly report the incident to pertinent legal authorities and credit reporting agencies.

Want to discuss with an expert about cyber fraud and necessary safety measures? Drop your queries to us.

Areas of Expertise include:

#image_title

ISAIAH MUTANDIWA,

Director Consulting
A highly organized, detail oriented and dependable professional who has the ability to apply his accounting knowledge and experience to a diverse range of financial aspects. Hard working, dedicated and ambitious possessing strong knowledge of Accounting concepts. Confident and capable of playing a strategic role in any business.

Areas of Expertise include:

IMG_20210302_201314-1-1290x1536

INDRANIL CHATTERJEE

Staff Accountant
Debdatta worked with Genpact India handling process work of General Electric for the last ten years in operational development. Coordination between inventory, finance, sales and purchase. She has also been working towards cash and Bank reconciliation for Power and Water wing for General electric. Countries she worked with are United States, Laps, eastern and western Europe and some parts of Russia.

Areas of Expertise include:

Debdatta

DEBDATTA MAJUMDER

Assistant Controller

Avijit Dey is a commerce graduate by profession, he is associated with EPR Yellowknife since 2018. Prior to that he has 5 years’ experience in the field of Accounting and Taxation. During his tenure, he has hands-on approach knowledge and expertise in various Accounting Software- Sage 50 and QuickBooks as well as knowledge Accounting Finalization Software- CaseWare and Keystone.

Areas of Expertise include:

AVIJIT DEY

Group Controller

With a master degree in Commerce (Accountancy) from Calcutta University and also 19+ years of post-qualification experience, Paulami believes in approaching professional commitments with utmost sincerity and dedication to ensure optimum and qualitative results.

Areas of Expertise include:

Paulami-Gupta-200x289-1

PAULAMI GUPTA

Manager Consulting

Surajit Batabyal is a commerce graduate with experience in Indian Accounting works and related fields for over decade. He is associated with EPR since 2018. During his tenure he is experienced in Admin related activities, internal accounting works, work in CCH implementation and application in respective fields.

Areas of Expertise include:

Surajit

SURAJIT BATABYAL

Admin Assistant

An Engineer in Computer Science, he is an advanced level Web Page, UI Designer/ Front End Developer, with specialization in creating web designs for responsive websites, with expertise in front end development, search engine optimization (SEO), social media optimization (SMO), backlink building, and email marketing.

Areas of Expertise include:

self

QAZI AHMED MUDDASSIR

Software Engineer

Visual communication professional with almost a decade’s experience of developing visual identity for various clients from around the world, Peter R Gomes started early as a designer for his college. From there he went on to win the India Fest that helped him stabilise his craft as a creative professional.

Whilst working with Major National and international brands, developing their visual identity and visual marketing strategy, he has also been teaching Communication Design to students from all around world. Has been a guest faculty with major design institutes, worked with various agencies and is responsible for the visual identity for many corporate firms, non-profit organisations and government agencies as well. He has made valuable contribution in the visual marketing sector and the design education sector that has travelled beyond borders.

Areas of Expertise include:

508109

Emmanuel Vishal Rozario

Manager, Creative Services

After completing his education in Computer Science, he embarked on his career in 2002, as an Information Technology professional. His varied and vast experiences of working on evolving technologies make him a thorough professional with hands-on expertise in addressing even the minutest change that makes a huge impact in the domain.

With in-depth knowledge of MCSA-Server, MCSA-Messaging, CCNA, he is currently pursuing an advanced course in Digital Marketing to stay relevant with the changing demands in the field.

Areas of Expertise include:

#image_title

PARTHA CHAKRABARTY

Director IT Infrastructure

As a long-term Northerner (since 2001), Biswanath possesses over 26 years of combined national and international experience in working with various SMEs, Indigenous organizations, First Nation Bands, Community Governments, and Territorial Governments. Biswanath has recently been appointed as the Financial and Strategic Advisor for Dene Nation. Biswanath has direct working experience with various departments and agencies of the Government of the Northwest Territories and Nunavut. He served the Nunavut Housing Corporation for three years and participated as a member with the Interdepartmental Capital Planning Committee (ICPC) of the Government of Nunavut. He has served as the Director for Business Development for the Northwest Territories Business Development and Investment Corporation for a few years and worked with various manufacturers and businesses of various communities across the territory.

Biswanath currently serves as the Vice-Chair of the Board of CPA Association of NWT/Nunavut. He also serves as the Chair Person of the Practice Review Committee of the CPA Association of Northwest Territories/Nunavut.

Areas of Expertise include:

01-Biswanath-Chakrabarty-200x300

BISWANATH CHAKRABARTY

FCGA (CANADA), MBA (MBS, UK), CPA (CO, USA)
President

GTM CANADA

Contact us

The staff at GTM Canada is here to help. If you require more information or have a comment or suggestion, please contact us and we will be pleased to assist you.
Alumni of St. Xavier’s College, and he has done his Masters in International Business and Management from Sheffield Hallam University. After completing his education, his stint with Connectiva Systems Inc. as a Branding and Marketing Communication professional gave him the exposure and understanding of representing the brand in international markets at various conferences and tradeshows held worldwide.

His passion to learn and adapt to new ideas couple with his commendable ability to handle challenging projects makes him a true professional, who can seamlessly work with multi-dimensional teams across multiple functions. He has a hands-on approach to logistically challenging tasks; ideally suitable for roles that involve organizing and managing events, marketing, and promotional activities. He is well networked with individuals from a broad range of professional backgrounds.

Areas of Expertise include:

WhatsApp-Image-2020-08-12-at-19.43.31-280x280

SOUPARNO MITRA

Management Consulting Advisor

A dynamic accounting professional with more than a decade of experience in various organizations including multinational Firms (Big Four Firms). He is a Chartered Accountant having exposure in Accounting, Auditing, Taxation, Corporate management. He is expert in Accounting, Business Plan preparation and Setting up of new business process, etc.

He is an Independent leader to execute any Policy adopted by Top management. He has expert knowledge in service delivery model and its successful implementation.

Areas of Expertise include:

RANAJIT BATABYAL

Director Operations