Online Scams: What Are Online Scams?

Have you or anyone near you became a victim of online scamming? This article will introduce you to online scams, how the waves of scammers target their victims and in which ways, and what damage they inflict.

This article’s contents are based on AhnLab’s in-house data as well as externally available information. When quoting external information, their sources have been cited.

Contents

1. What Are Online Scams?
   • Scams vs. Frauds vs. Phishing
2. How Bad Are They?
3. What Are Their Goals?
4. Who Become Victims?
5. How Do They Approach Their Targets?
6. What Do They Prompt Their Targets To Do?
7. What Types Are There?
8. Why Do Victims Fall For Them?
9. Resources

What Are Online Scams?

Scamming is defined as the crime of deceiving others via immoral means for financial gains, stealing intellectual property, or unauthorized access to assets. Online scams are scams that occur digitally and in this day and age where most of the communication takes place online, ‘scams’ mostly refer to ‘online scams’. The major difference between scams and other cybercrimes are their goal in deceiving and tricking their victims.

Scams vs. Frauds vs. Phishing

There is no definite line that divides scams and frauds. Normally, scams and frauds are used interchangeably to describe the same activities, meaning that online scams and online frauds can be defined identically. However, the meanings may differ by nation, industry, or person. The range of definition for scams and frauds may differ even amongst those in the same nation and culture. For example, some limit the damage taken from scams and frauds to areas of financial loss and exclude thefts of intellectual property (login credentials, credit card information, contact number, etc.)

In South Korea, scam is only used to define specific types of crime such as ‘romance scams’ and ‘coin scams’, while fraud is recognized as a crime that leads to the loss of financial assets such as cash. Related terms such as phishing and smishing are occasionally used within the wrong context. At the Global Anti-Scam Summit 2023 in Portugal last year, it was pointed out that there were no common, agreed standards in the definition of scam and fraud.^[1][2]

The conference also shed light on the challenge of defining what constitutes a “scam.” Different countries and industries often define scams in their own terms.

For instance, Singapore classifies various scenarios, including ATO (Account Takeover), malware, and romance scams, as scams. In contrast, the UK and the US categorize scams as authorized online fraud where the payment was made by the account owner. Other types of fraud are deemed not to be scams and are defined as unauthorized transactions.

The fundamental question that arises is whether the industry should work towards global cross-industry common standards or accept separate definitions. If common standards are to be established, the challenge lies in determining what these standards should be, especially considering the diversity of industries and countries.

AhnLab defines ‘scams’ as all cybercrime activities that aim to generate financial gain, steal intellectual properties, or gain unauthorized access to the victims’ assets through impersonation, blackmail, and deception. AhnLab also sees fraud and scams as terms that can be used interchangeably, albeit with slight differences. The following list of words below shows AhnLab’s definition of terms that are used interchangeably. Note that in this article, the words scam and fraud are both used depending on the context. Subtypes of scams such as phishing and smishing are used as they are to specifically describe their characteristics.

• Scam and Fraud
  • Definition: A form of crime that aims to generate financial gain, steal intellectual properties, or gain unauthorized access to the victims’ assets by deceiving them through illegal, immoral means.
  • Differences:
    • Scam: Scammers (criminals, threat actors) use direct channels such as calls, messages, emails, messengers, social media, and websites to prompt victims to voluntarily perform the criminals’ intended actions.
    • Fraud: It focuses more on financial losses and includes criminal acts where the victim is unaware such as illegitimate transactions or identity theft.

• Phishing
  • Definition: A crime of impersonating organizations or individuals that victims trust in order to steal their confidential information or access their assets (stealing login credentials, credit card information, installing and launching malware, etc.) These are called phishing scams because they are a type of scam that uses social engineering techniques, but it is normally just called phishing. Depending on the types and procedures, phishing can be divided into many subtypes:
  • Types of Phishing:
    • Smishing (SMS Phishing): A phishing attack that uses mobile text messages to approach victims.
    • Voice Phishing (Vishing): A phishing attack that approaches victims using voice calls.
    • Spear Phishing: A targeted phishing attack that sets specific individuals or organizations as targets and has a higher chance of being executed.
    • Business Email Compromise (BEC): A spear phishing attack that takes the disguise of trustworthy individuals or organizations to steal money or sensitive information from finance managers or decision-makers.

• Spam
  • Definition: Emails, calls, or messages that are sent indiscriminately for the purpose of advertisement.

How Bad Are They?

According to the Global State of Scams Report 2023 published by the Global Anti-Scam Alliance (GASA), 59% of the world’s population is exposed to scams at least once a month, and 78% or more have taken a direct hit from scams over the past year. Global losses inflicted by scams are estimated to be 1.026 trillion USD (about 1,370 trillion KRW). It has come to the point where the financial damage caused by these illegal and immoral frauds has surpassed 1% of the entire global GDP. The scale of losses varies by country and is especially large in developing countries such as Kenya, Vietnam, Brazil, and Thailand.^[3]

The severity of the financial losses can also be found in the Consumer Sentinel Network 2023 report published by the US’s Federal Trade Commission (FTC) based on the number of consumer-reported cases. The number of reported frauds has been increasing over the last 20 years, with over 26 million cases being reported for fraud last year. Among them, 27% have taken actual financial loss amounting to over 10 billion USD (about 13 trillion KRW).^[4]

In the 2023 cybercrime trend report published by South Korea’s National Police Agency, the number of online cyber frauds has increased by at least 10% compared to 2022.^[5] According to the Korea Internet & Security Agency, over 500,000 mobile smishing messages were found in 2023.^[6] The National Intelligence Service discovered that the number of reported romance scams in 2023 has increased three-fold compared to 2020, and the financial loss amounted to nearly 5 billion KRW.^[7] It is likely that the damage is bigger when considering the number of unreported cases (all articles support Korean only for now). In January 2024 alone, AhnLab’s V3 Mobile Security detected over 4,300 cases of scam phone messages.^[8]

What Are Their Goals?

Scammers are after money, information, and access permission. They may be after one, two, or all three of them at once. The goal of most scams targeting individuals is to steal money including both cash and virtual assets. Scammers either make their victims pay or transfer money voluntarily or threaten victims using sensitive information to forcefully steal their money.

The types of information targeted by scammers are intellectual properties such as login credentials, credit card information, personal details, mobile phone contacts, and classified business data. Some scammers may just collect information, while others may seek to make money by stealing information such as credit card details or by holding the stolen information hostage for blackmails. Login credentials may also be abused later on to perform malicious activities.

The third goal is to gain access to the victims’ systems. Most notably, malicious files are used to achieve this goal. Victims may voluntarily launch files sent via mobile messengers or emails because they are from trusted source. However, this could result in the scammers gaining remote access to the system’s controls or allow them to take classified data. The threat actors can later abuse this data to steal money or disrupt business activities.

Who Become Victims?

Young or old, anyone from all age groups can become a scam victim. However, the extent of damage and characteristics of scams differ by age group. According to the Consumer Sentinel Network 2023 report, young people suffered financial losses more often compared to the older age group. This is related to the fact that scams are distributed via channels such as social media, online websites, and mobile apps that young people often use. On the other hand, elderlies suffered heavier financial losses on average.^[9][10] Scams also occasionally target specific genders. One such example is sextortion, an unconventional scam that targets young South Korean men. Scammers disguise themselves as women and approach men through mobile messengers. The disguised scammers then enters a relationship with the victims and later uses the men’s sexually explicit images and videos to threaten the men into sending them money.

There are also victims who are indirectly affected such as individuals and organizations whose names, faces, and brands are used as part of the scam process. These victims may have their reputations damaged or experience financial loss from being associated with the scam.

Amazon, the largest online shopping provider in the world, is taking active measures to block and respond to phishing websites to prevent such incidents from taking place.^[11][12] In South Korea, government agencies and companies that often become targets of impersonation continuously advise caution against such dangers.

Reporting phishing emails

If you have received an email that you know is a forgery, or if you think you have been a victim of a phishing attack and you are concerned about your Amazon.com account, please let us know right away by reporting a phishing or spoofed email.

Guardians of Trust: Amazon’s Proactive Frontline Against Impersonation Scams:

In 2022, Amazon initiated takedowns of more than 20,000 phishing websites, 10,000 phone numbers being used as part of impersonation scams and referred hundreds of bad actors globally to local law enforcement authorities.

How Do They Approach Their Targets?

Scammers use almost all of the different communication channels we use everyday to approach their targets, with the channels constantly changing as time goes on. For example, utilizing mobile messenger apps or utilizing QR codes for paying parking fees did not exist several years ago. Scammers use all of the channels listed below to deceive potential victims.

• Mobile messenger apps (WhatsApp, Telegram, WeChat, Facebook Messenger, LINE, KakaoTalk, etc.)
• Mobile dating apps (Tinder, MEEFF, WIPPY, etc.)
• Social media (Instagram, Facebook, etc.)
• Mobile text messages
• Voice calls
• Websites (YouTube, NAVER, Google, etc.)
• Emails (Gmail, Outlook, etc.)
• Online advertisements
• Offline (Parking lot, Shops, etc.)
• Others

In each country, scammers use different methods in their scams due to the differences in cultures and their digital accessibility as well as the main platform used. According to GASA’s Asia Scam Report 2023, Koreans are most exposed to mobile messages (78.8%) followed by voice calls (58.3%) and emails (27.0%). In Japan, email scams are most prevalent (54.7%), followed by mobile messages (44.1%) and calls (33.9%). In Singapore, the key scam channels are phone calls (70.5%), mobile messages (65.8%), and mobile messenger apps (54.4%).

The difference by country is more apparent in digital platforms. In South Korea, users are most likely to be exposed to scams from Instagram (27.7%), NAVER (24.0%), and KakaoTalk (20.0%). South Korea is the only Asian country where Instagram is ranked number 1. NAVER and KakaoTalk are not the highest-ranking channels in other countries. In China, WeChat is the platform where users have the highest risk of getting scammed (56.6%), while WhatsApp (74.3%) and Facebook (71.5%) are most dangerous in Indonesia and Vietnam respectively.

What Do They Prompt Their Targets To Do?

To achieve their goals, scammers utilize various means to prompt their targets to perform certain actions and can prompt them to perform more than two actions if needed. In addition, the scam scenario can change whenever depending on the situation and purpose of the scam.

1. Goals: Money
   • Investment
   • Registration
   • Purchasing goods
   • Side job or employment
   • Sending payment or transferring money
   • Payment getaway or importing goods
   • Payment due to blackmail
2. Goals: Information
   • Entering account ID/Password
   • Entering financial information
   • Sending classified information
3. Goals: Gaining unauthorized access
   • Installing and launching malicious apps/files
   • Connecting to malicious websites

What Types Are There?

Scams can be categorized based on many criteria. Even within the same channel, scams can differ in their goals and prompts. For example, in a smishing scam utilizing mobile text messages, one may install a malicious app and steal personal information or the two-factor authentication (2FA) information inside the phone. Others may enter a Telegram login code to steal login sessions or prompt victims to access websites that coerce users into investing stocks or virtual assets.

Scammers who utilize emails may send simple blackmailing texts, links to phishing websites that steal login credentials of companies, or ransomware files. As seen from the examples, scams are far too complex and wide to be categorized within a single criteria. Scammers and scenarios vary greatly between scams that target individuals and scams that target businesses.

Categorization Criteria

Goals Targets Approach channels Digital platforms Prompts Period of activities Blackmail status Impersonation status Targeted status Scammers

As such, the ‘Online Scams’ series will not categorize scam types within a single criteria but group them together with cases that show similarities and explain them.

Why Do Victims Fall For Them?

Cognitive Distortion
Scammers mainly deploy social engineering techniques to find and target psychological weaknesses in people. They distort the cognitive capacity of their victims and manipulate them in various ways. Cognitively-compromised victims often ignore warning signs or rationalize their situations and open themselves to scam traps.

Greed
Scammers target people’s greed and desire for money. The scammers show off their cars and things worth hundreds and thousands along with transaction records from a fake bank account. They then tempt the victims with guaranteed ways to make a huge profit. Many people fall victim to scammers who promise them side jobs that generate easy income from home.

Forming Trust
Scammers utilize a diverse range of psychological and relationship-forming techniques to earn the other’s trust. They may build trust by talking with their potential victims for several days or build trust little by little over time. After gaining the victim’s trust, the victim willingly sends money or personal information without suspicion.

Psychological Pressure
Scammers occasionally pressure people by saying that there is an emergency situation that needs to be taken care of right away. In such situations, victims are unable to think logically and give in to the scammers’ demands.

Technological Advancement
Scammers use meticulous tricks such as replicating screens and texts that are impossible to distinguish from the real ones (including changing email addresses). Scammers often utilize tools or request the creation of tools in illegal trading markets such as the dark web. In this day and age, scammers can use translation tools to make a natural-sounding phishing text to draw in foreign victims.

Lack of Information
At the center of it all is the people’s lack of information. A vast majority of people lack information on the latest, diverse scam methods. Even when they do, they cannot keep their guard up at all times due to their day to day life. Entering information or opening files without thinking is also a part of what the scammers have planned.

In response, government agencies and industries are deploying measures such as adopting automated scam filters, blocking devices, catching criminals, and using security products, but despite their best efforts, many of us have a high chance of falling for scams. It is necessary for Individuals and companies to know the diverse scam methods used in our daily lives.

Resources

• Global Anti-Scam Alliance (GASA)
  • Research
  • Global State of Scams Report 2023
  • Asia Scam Report 2023
• Korean National Police Agency
  • 2023 Cybercrime Trends (This report supports Korean only.)
• Korean Financial Supervisory Service
  • 2022 Voice Phishing Damage Status and Key Characteristics (This report supports Korean only.)
  • Press Release (This press release supports Korean only.)
• Korea Internet & Security Agency (KISA) KrCERT/CC
  • Security Advisory (This link supports Korean only.)
  • Press Release (This press release supports Korean only.)
• USA Federal Trade Commission (FTC)
  • Data Spotlight
  • Consumer Sentinel Network 2023
  • Consumer Advice Scams

See Related Articles

1. Online Scams: Are You Safe From Impersonation, Blackmails, and Deception?
2. Online Scams: What Are Online Scams?
3. Online Scams: Fraud Through My Phone
4. Online Scams: Threats, Deceptions, and Victims
5. Online Scams: I Just Wanted Quick, Easy Money
6. Online Scams: These Are All Fakes? Distinguishing Real and Scam
7. Online Scams: Anyone Can Fall for Scams
8. Online Scams: What Should We Do About It?

[1] Global Anti-Scam Summit 2023
[2] GASA Global Anti-Scam Summit: Key Takeaways
[3] Global State of Scams Report 2023
[4] Consumer Sentinel Network 2023
[5] 2023 Cybercrime Trend Report (This report supports Korean only.)
[6] Smishing Impersonating Public Agencies Increased by 20 Times… How Well Am I Protected Against Voice Phishing? (This article supports Korean only.)
[7] Last Year’s ‘Romance Scams’ Inflicted a Financial Loss of up to 5.5 Billion Won… The Highest Ever (This article supports Korean only.)
[8] Based on V3 Mobile Security users who enabled ‘Smishing Detection’
[9] Age group of 20-29: 44%, 70-79: 25%
[10] 20-29: 480 USD on average (about 640,000 KRW), 70-79: 803 USD (about 1.07 million KRW), 80+: 1,450 USD (about 1.93 million KRW)
[11] Internet scams and phishing
[12] Global State of Scams Report 2023

The post Online Scams: What Are Online Scams? appeared first on ASEC BLOG.

Article Link: Online Scams: What Are Online Scams? - ASEC BLOG