The FBI just released its annual Internet Crime Report, which details a record $12.5 billion in losses from online scams in 2023 - an increase of $2 billion in total losses from 2022. This high figure can largely be attributed to ‘profit-driven cybercriminals and nation-state adversaries’ who can ‘paralyze entire school systems, police departments, healthcare facilities, and individual private sector entities. This surge in reported online scams reveals the significant threats to consumers' financial security and personal information. But how is this happening? How are malevolent actors managing to get away with so much?
Online transactions lead to online scams
The convenience of online transactions in a highly digital age has been proven to come with a significant downside: the rise of online scams. From phishing schemes to identity theft, cybercriminals are employing increasingly sophisticated tactics to prey on unsuspecting consumers.
The continual advent of the internet, and now the advancement of AI-based tools, has opened up new avenues for cybercriminals to exploit vulnerabilities in cybersecurity - leading to the situation we now face, whereby online scams have become even more pervasive and sophisticated than ever before. Results from the FBI report show that while the number of reported complaints may not have increased drastically since 2020, the increase in financial loss from a similar number of complainants indicates a drastic change in the cyber attacker’s playbook.
Whether it's fraudulent wire transfers, investment scams, or ransomware attacks, the financial repercussions of falling victim to online scams can be catastrophic. Cybercriminals utilize a variety of tactics to enact online scams, including phishing emails, fake websites, social engineering, and malware, to deceive and defraud unsuspecting victims. From individuals to businesses, no one is immune to the financial devastation caused by cybercrime.
These tactics to carry out online scams include:
- Phishing: As cited in ReasonLabs’ Consumer Cybersecurity Trends Report 2024, the number one attack vector for cyber attacks continues to be phishing. Online scam tactics may also include targeted phishing attempts such as spear phishing or whaling attacks, whereby senior figures and their employees are targeted.
- Credential-stuffing: These credential-stuffing attacks may also be launched as a by-product of online scams - if an online store suffers a data breach, attackers can then use the leaked customer information to carry out further cyber attacks, leading to financial loss and identity theft.
- Formjacking: Criminals use viruses to insert formjacking code into a commercial website. A formjacking website can do its dirty work without disrupting a legitimate transaction, making it effective as it can evade detection.
The role of cryptocurrency in online scams
Most notably, cryptocurrency and cryptojacking play significant roles in the landscape of online scams, posing threats to individuals and businesses alike. As digital currencies continue to gain popularity, so too do the risks associated with their use in illicit activities.
Malicious actors will hijack computing resources to mine cryptocurrencies without the consent or knowledge of the device owner. This can occur through malware-infected websites, malicious browser extensions, or compromised systems. Cybercriminals will also conduct ransomware attacks and demand payment in cryptocurrency, such as Monero, as ransom in exchange for decrypting files or restoring access to compromised systems.
Investment scams are another method used by scammers, who will lure unsuspecting individuals with promises of high returns on cryptocurrency investments or fraudulent initial coin offerings (ICOs). Victims are convinced to invest their money in fake schemes, only to lose their funds with little to no recourse for recovery.
Consumers should use reputable cryptocurrency exchanges and wallets that have a proven track record of security and reliability and should do their due diligence in researching the exchange's security features, user reviews, and regulatory compliance before trusting them with funds.
Consumer protection against online scams and financial loss
Poor cybersecurity can lead to losses and breaches, and failure to recognize or prevent scams. While the threat of online scams looms large, there are steps that consumers can take to protect themselves and minimize their risk of becoming victims. There are several ways to exercise caution including:
- Staying informed: Stay up-to-date on cybersecurity threats and scam tactics. Familiarize yourself with common warning signs of scams, such as unsolicited emails, requests for personal information, and offers that seem too good to be true. Be skeptical of unfamiliar contacts or offers online, unsolicited emails, messages, or phone calls, especially if they request sensitive information or pressure you to act quickly.
- Verify sources: Before clicking on links or providing sensitive information online, verify the legitimacy of the source. Look for secure websites with HTTPS encryption, check for spelling and grammatical errors in emails, and confirm the authenticity of requests for personal or financial information. Check whether you know the sender, and if the email address seems legitimate.
- Use strong passwords: Use unique, complex passwords for each online account and enable multi-factor authentication whenever possible. This adds an extra layer of security and makes it harder for cybercriminals to gain unauthorized access to your accounts.
- Use endpoint protection software: Keep your devices, including computers, smartphones, and tablets, up-to-date with the latest security patches and antivirus software, such as RAV Endpoint Protection, that regularly scans for malware and other security threats to prevent unauthorized access to your personal information.
- Take advantage of privacy protection: Privacy tools such as the Online Security browser extension can block URLs leading to scamming websites, thereby preventing the consumer from being redirected to these sites.
Unfortunately, the latest FBI report may not even reflect the true amount of losses resulting from online scams, as the bureau has surmised that not all victims will choose to report an incident - and oftentimes, the true damage resulting from digital identity theft or financial theft may not be known for some months. Consumers should report cyber crimes when they happen, as awareness surrounding attacks enables law enforcement and security teams to create better defenses. However, while cyber awareness is the first step, being preemptive comes next. For more information on ReasonLabs’ suite of cybersecurity products, visit www.reasonlabs.com.
