Scam Glossary
Learn about the scams out there with our scam glossary. If you are a victim of an online scam or fraud, report with us.
NFTs have had a surge of publicity in the last year and like everything else that’s popular fraudsters target NFTs. The scams seen run from forms of investment frauds where the NFTs don’t exist or are rug pulls. Or these can be forms of flipping such the prices are artificially inflated. These might also be social engineering to sell fake NFTs or to steal them.
This is where a company’s website and/or corporate network is infiltrated with malware that encrypts their data so it can’t be accessed. This is then used to force the firm into paying a ransom to get their data or service back.
Usually, a variation on investment or impersonation scams, but involving crypto currencies instead. Fake investments or clones of real sites result in victims investments being stolen.
A person that uses an account in their name or that they control to move the proceeds of crime, such as fraud and scams around. Payment scams require at least one mule account to receive the fraudulent payment. In practice this will usually be multiple accounts to help hide the trail and allow the eventual cash out. Mule are often run by organised crime groups (OCGs) and the person that manages the mules in a Mule Herder.
Also known as a 419 Fraud, this often a form of investment scam. This fraud usually involves being approached to receive a large amount of money from a deal general or such provided a fee is paid upfront. No further funds are forthcoming. A more recent version is a fee to get a loan that then never materialises.
Employment scams often involve fake job posts on social media for jobs like money transfer agents. In reality, the person is acting as a Money Mule transferring the proceeds of crime through their or others' bank accounts.
Where a fraudster purports to be a someone else in order to convince a victim to send them money. They often impersonate a banks fraud team or the police. More recently we’ve seen them pretend to be peoples children on WhatsApp after losing a phone or text messages pretending to be a delivery company.
A type of BEC Fraud. This is where an email or phone call is made purporting to be the CEO or other Senior leader requesting an urgent payment is made. Urgency is key so that the staff member doesn’t ask questions. Often emails will have been compromised and learned from to make them more believable or deep fake voices to convince.
Authorised frauds are where the victim is tricked via social engineering to make a payment to a fraudster. It is different to unauthorised fraud where the fraudster has compromised the customers cards or other credentials and makes the fraudulent payment. Also known as Authorised Push Payment (APP) fraud or scams.
This is typically where a fraudsters emails or calls impersonating and existing supplier or tradesperson requesting a change of the invoice bank account details to facilitate a fraudulent transfer to their account instead. This can be life changing if they impersonate a law firms customer during a house sale in order to divert the entire sales proceeds.
Social engineering is where fraudsters take efforts to convince victims that that they need to do what they say. They will often have a little information about the victim to persuade them that they are genuine. They add urgency and pressure to stop victims asking questions or thinking too hard about what they are being asked. Social engineering can be via email, text or phone calls as well as face to face.
ID theft or ID fraud which is the use of data form ID Theft. This can involve impersonation of a genuine person's identity to gain credit in their name or steal their assets or gain their IRS refunds or unemployment benefits.
Data breaches are the starting point of many other types of scams as the data helps create more believable stories. It can also involve credentials required for things like BEC or invoice frauds and other impersonations. Where there is credential reuse, this can mean that a breach at one site can impact many others. Data breaches may also be used to extort funds from the victim or business by making public the leak or the data.
Purchase scams take different forms to get people to part with their money. Slimming pills and supplements are popular with free trials flowed by high charges afterward. More recently we’ve seen many covid-related scams offering masks, vaccines, and other items that are never delivered. This can also include the sale of airline tickets at discounted prices that have been purchased with a stolen credit card.
This typically involves a cold call purporting to be from a large software or Internet provider saying the machine or service needs fixing. The caller will use social engineering to obtain remote access to the computer as part of fixing it. Then using malware will undertake to steal funds from online banking often as part of a payment required for the repair by disguising the transactions or claiming they are refunds.
Investment fraud is where a fraudster offers opportunities for investments but will walk away with the victim's funds. These scams continue to evolve with whatever is in the news at the time. From fine wines and carbon credits to more recently covid vaccine research and crypto, the stories are similar promising high returns. The investments either do not exist or are not invested in with the fraudster pocketing the funds. Elaborate websites are made to show high returns. Sometimes fake websites of real investment firms are used to trick victims into investing when they look for investment rather than cold calling.
A type of impersonation where a romantic relationship is started online to extort money. For example, they will claim they need money to travel to meet or for medical treatment. Pig Butchering usually involves crypto, where the online romance fraudster has tricked the victim into online crypto investment. When they feel all the money has been invested, they say there has been a crash and walk away.
Business Email Compromise/Email Account Compromise forms the basis of many other scams. With so much of our corporate and personal lives dealt with via email if the account is compromised it becomes easy for fraudsters to take over banking and payment accounts, learn of large transactions about to happen, and have lots of intel for improving social engineering against consumers.
An account takeover (ATO) attack is a type of theft where a hacker gains unauthorized access to an online account with malicious intent. The attacker may seek to profit, disrupt service delivery or generate fraudulent transactions.
Your Industry
Community