SCAM or cyber scams: Nigeria-419
Heuristic analysis
|
Anti-relay
|
Botnet / Zombie
|
Bounce
|
Dane
|
Denial of service - DDOS
|
DKIM
|
DMARC
|
DNSSEC
|
False-negatives
|
False positives
|
Bayesian filters
|
FOVI - President's scam
|
FQDN
|
Greylisting
|
Social Engineering
|
White lists
|
DNSBl blacklists
|
Malware
|
MTA / MDA
|
Opt-in
|
Opt-out
|
Ransomware
|
Scam / Nigerian419
|
Phishing
|
SMTP
|
Spam
|
Spear phishing
|
SPF
|
StartTLS
|
Virus
|
Teergrubing
|
Turing test
|
Definition of scam
Scam is an abbreviation of “scamming”, which in French means “arnaque” or “escroquerie”. A scam is a deliberate and malicious attempt to deceive individuals, businesses or organisations by using fraudulent schemes to obtain financial benefits, sensitive personal information or to mislead victims into performing harmful actions.
What is a scam, Nigeria 419 or Nigerian fraud?
Historically, a scam is an e-mail scam, also known as a Nigeria 419 or Nigerian scam. The name comes from section 419 of the Criminal Code of the EFCC, the Nigerian Financial and Economic Crimes Commission, which is specifically aimed at combating these practices. These emails, in which you are solicited to recover millions of euros in exchange for a percentage, generally come from Africa or developing countries. We consider scams to be a form of spam. There are a large number of variants, and they are fairly easy to recognise, as they relate to areas such as work, lotteries, love, health and money lending.
Example of a scam: “My name is Mango Robert and I am a member of the management of the Dresdner Bank in Germany, South Africa. I have in my possession the sum of 4.2 million pounds in an account”.
What kind of scams are there nowadays?
Today’s scams are more imaginative in that the scammer no longer tries to extract money directly from the victim. They acquire the money by other illegal means (credit card theft, hacking into bank or paypal accounts, etc.), but use the victim as a gateway.
Scammers use psychological manipulation techniques to exploit people’s trust, curiosity or vulnerability. Scams can take the form of e-mails, text messages, phone calls, fraudulent websites, misleading advertisements and malicious software. Victims may be tricked into providing personal information, making payments or downloading malware.
The most common types of scam are:
- Phishing: A scam technique that involves sending fraudulent emails, messages or links posing as legitimate organisations to trick users into divulging sensitive information, such as login details and financial information. Example: Receiving an email claiming to be from your bank asking you to update your account information by clicking on a suspicious link.
- Spear phishing: A variant of phishing that targets specific individuals, usually based on personal information, to increase the credibility of the attack. Example: Receiving a personalised fraudulent e-mail claiming to be sent by a work colleague requesting access to confidential data.
- Social engineering: Psychological manipulation of users to induce them to divulge confidential information or perform harmful actions. Example: A phone call from an alleged technical support company convincing you to grant them remote access to your computer.
- Ransomware: A type of scam that infects computer systems with malicious software, encrypts files and demands a ransom in exchange for the decryption key. Example: Your corporate network is held hostage by ransomware demanding payment in crypto-currency to restore access to your data.
- Fake technical support: Criminals pose as legitimate technical support agents and trick users into paying for non-existent repairs or installing malicious software. Example: You receive a call from an alleged IT company informing you of an imminent infection on your computer, asking you to pay to resolve the problem.
- Fictitious lotteries and gifts: Fraudulent ads promise users incredible prizes or winnings in exchange for fees or personal information. Example: A pop-up informs you that you have won a free iPhone, but you have to pay shipping costs to receive it.
- Fraudulent ads: Fake online ads for products or services at attractive prices are designed to deceive potential buyers. Example: An ad for a top-of-the-range computer at a surprisingly low price, but once payment has been made, the seller disappears.
- Sextortion: Criminals threaten to disclose compromising information unless the victim pays a ransom. Example: You receive an e-mail claiming to have compromising evidence of your online activities and asking you to pay to delete it.
How can I protect myself against scams?
To guard against scams, it is essential to be informed and aware of the techniques used by fraudsters/scammers. Ongoing employee awareness, a healthy distrust of unsolicited communications and the implementation of robust security measures are key to protecting personal and professional data.
Here are a few measures:
- Awareness-raising and training: Organise regular awareness-raising sessions for employees to inform them about the different forms of scams and the techniques used by fraudsters.
- Identity verification: Encourage users to verify the identity of email senders. Be wary of unsolicited communications (spam) and do not share personal or confidential information without verification.
- Suspicious URLs and links: Teach employees to examine URLs before clicking on links. Fraudulent websites may have slightly different URLs to legitimate sites.
- Anti-phishing filters: Use anti-phishing solutions such as Altospam’s Mailsafe to block suspicious emails before they reach employees’ inboxes. These filters are designed to detect common characteristics of phishing emails.
- Regular updates: Keep operating systems, browsers, applications and security software up to date. Updates often contain security patches that protect against vulnerabilities exploited by fraudsters.
- Two-factor authentication (2FA): Encourage the use of two-factor authentication. This adds an extra layer of security by requiring a second form of authentication in addition to the password.
- Distrust of urgent requests: Fraudsters like to create a sense of urgency to encourage users to act quickly without thinking. Encourage employees to take their time and check requests before responding.
- Telephone verification: Following receipt of a suspicious request by e-mail or online, encourage users to verify its authenticity by contacting the company or person concerned directly by telephone, using official numbers.
- Malware protection: Install and keep up-to-date reliable anti-virus and anti-malware solutions to detect and block potential threats, including malware associated with scams.
Remain suspicious online: Encourage caution when sharing personal information online, whether on social networks, forums or websites. Fraudsters can use this information to personalise their attacks. - Deletion and reporting: Teach users how to identify, report and delete fraudulent emails, messages and adverts. The faster you act, the lower the chance of damage.
- Regular back-ups: Encourage regular back-ups of critical data. In the event of a ransomware attack, you can restore your data without paying a ransom.
- Verification of financial transactions: If financial transactions are involved, systematically check the details and legitimacy before making any payment or disclosing any financial information.
By implementing these preventive measures and encouraging a culture of security, the risks of scams for your organisation can be drastically reduced.
Email is the main vector for a cyber attack
New and increasingly sophisticated attacks are being launched around the world every day. Our solution detects and neutralises phishing, spear-phishing, malware, ransomware and spam threats in real time.
