Monday, March 9, 2015

What is fraud, what is scam, and what are they used for?

Fraud, scam and phishing. Three terms usually going hand-in-hand, and IT-based for misdeeds. Each one cannot live without the others, and users and companies suffer the consquencies. Well, but... What are the differences between them? And, above all, what is their role in cybercrime world?

Let's begin talking on Fraud, the most generic of them. Fraud is nothing more than the antithesis of truth, the opposite of what getting right things done should be. There are a lot of fraud styles, just think about recently revealed fraud affecting some Apple Pay users. In fact, several banks have chosen to block this service by default, pending the client identifies himself, to get it activated.

Inside Fraud, we have got one specimen with honorary position at the computer crimes pantheon: the scam. Scam is a type of fraud, call it dupery fraud, involving several elements that weave a corruption network. A great example is Leah Palmer,  the "profiles stealer" (at the photo of this post). A woman who discover, from dusk till down, that somebody is using pictures, both from her and from friends and family, to create several accounts and trick male gender users. So, it is not only an identity theft, it is also a true network of intercommunicated fake identities, seeming to be real.

And from scam to phishing, or what is the same, tricking your victim for accessing sensible data. What kind of attack vectors are you thinking about? Why not selling a motorcyle? Well, it rules. One potential buyer contacts you and asks some details of your product. Both of you agree the price, doubts are gone away, and buyer pays you via PayPal. Oh, but confirmation e-mail is not from PayPal, and if you click on the link to verify the payment, maybe you will find a "little surprise".

The target is not always to steal a PayPal account, surely linked to your bank account. Sometimes, target will be to install some kind of malware in victim device. And here is no OS free of risks. Just go and watch some sophisticated malware running on Linux.

Yeah. There are really so much types of fraud, and scam and phishing are the techie legs we all should be keeping in mind. Just because you have got a new message, it does not mean it is good. Therefore, common sense is the best antivirus we have got.


Post a Comment