What Is Internet Fraud? Types of Internet Fraud | Fortinet (2024)

Cyber criminals use a variety ofattack vectorsand strategies to commit internet fraud. This includes malicious software, email and instant messaging services to spread malware, spoofed websites that steal user data, and elaborate, wide-reaching phishing scams.

Internet fraud can be broken down into several key types of attacks, including:

1. Phishing and spoofing:The use of email and online messaging services to dupe victims into sharing personal data, login credentials, and financial details.
2. Data breach:Stealing confidential, protected, or sensitive data from a secure location and moving it into an untrusted environment. This includes data being stolen from users and organizations.
3. Denial of service (DoS):Interrupting access of traffic to an online service, system, or network to cause malicious intent.
4. Malware:The use of malicious software to damage or disable users’ devices or steal personal and sensitive data.
5. Ransomware:A type of malware that prevents users from accessing critical data then demanding payment in the promise of restoring access.Ransomwareis typically delivered via phishing attacks.
6. Business email compromise (BEC):A sophisticated form of attack targeting businesses that frequently make wire payments. It compromises legitimate email accounts throughsocial engineering techniquesto submit unauthorized payments.

To avoid hackers’ internet fraud attempts, users need to understand common examples of internet fraud and tactics.

Email-based phishing scams are among the most prevalent types of internet fraud, which continues to pose a serious threat to internet users and businesses.

Statistics fromSecurity Boulevardshow that in 2020, 22% of all data breaches involved a phishing attack, and 95% of all attacks that targeted business networks were caused byspear phishing. Furthermore, 97% of users could not spot a sophisticated phishing email, 1.5 million new phishing sites were created every month, and 78% of users understand the risk of hyperlinks in emails but click them anyway.

Email-based phishing scams are constantly evolving and range from simple attacks to more sneaky and complex threats that target specific individuals.

Email phishing scams see cyber criminals masquerade as an individual that their victim either knows or would consider reputable. The attack aims to encourage people to click on a link that leads to a malicious or spoofed website designed to look like a legitimate website, or open an attachment that contains malicious content.

The hacker first compromises a legitimate website or creates a fake website. They then acquire a list of email addresses to target and distribute an email message that aims to dupe people into clicking on a link to that website. When a victim clicks the link, they are taken to the spoofed website, which will either request a username and password or automatically download malware onto their device, which will steal data and login credential information. The hacker can use this data to access the user’s online accounts, steal more data like credit card details, access corporate networks attached to the device, or commit wider identity fraud.

Email phishing scam attackers will often express the need for urgency from their victims. This includes telling them that their online account or credit card is at risk, and they need to log in immediately to rectify the issue.

Many internet fraud attacks focus on popular events to scam the people that celebrate them. This includes birthdays, Christmas, and Easter, which are commonly marked by sharing greeting cards with friends and family members via email. Hackers typically exploit this by installing malicious software within an email greeting card, which downloads and installs onto the recipient’s device when they open the greeting card.

The consequences can be devastating. The malware could result in annoying pop-up ads that can affect application performance and slow down the device. A more worrying result would be the victim’s personal and financial data being stolen and their computer being used as a bot within a vast network of compromised computers, also known as abotnet.

Credit card fraud typically occurs when hackers fraudulently acquire people's credit or debit card details in an attempt to steal money or make purchases.

To obtain these details, internet fraudsters often use too-good-to-be-true credit card or bank loan deals to lure victims. For example, a victim might receive a message from their bank telling them they are eligible for a special loan deal or a vast amount of money has been made available to them as a loan. These scams continue to trick people despite widespread awareness that such offers are too good to be true for a reason.

Another common form of internet fraud is email scams that tell victims they have won the lottery. These scams will inform recipients that they can only claim their prize after they have paid a small fee.

Lottery fee fraudsters typically craft emails to look and sound believable, which still results in many people falling for the scam. The scam targets people's dreams of winning massive amounts of money, even though they may have never purchased a lottery ticket. Furthermore, no legitimate lottery scheme will ask winners to pay to claim their prize.

A classic internet fraud tactic, the Nigerian Prince scam approach remains common and thriving despite widespread awareness.

The scam uses the premise of a wealthy Nigerian family or individual who wants to share their wealth in return for assistance in accessing their inheritance. It uses phishing tactics to send emails that outline an emotional backstory, then lures victims into a promise of significant financial reward. The scam typically begins by asking for a small fee to help with legal processes and paperwork with the promise of a large sum of money further down the line.

The scammer will inevitably ask for more extensive fees to cover further administration tasks and transaction costs supported by legitimate-looking confirmation documents. However, the promised return on investment never arrives.