2016 – the year of online fraud?

Mark Barrett

An unconvincing, typo-ridden email purporting to be from a well-known brand is now unfortunately a far too common sight in our inboxes and something that, hopefully, we have learnt not to engage with. The renowned spam email is, however, now just one of several threats targeting our financial details. The past 12 months have seen a significant rise in the scale and complexity of online fraud, making cybersecurity in 2016 a more important topic than ever.

The scale of online fraud can be hard to comprehend. Research by Get Safe Online estimates that the UK loses almost £11 billion a year to cybercriminals – the equivalent of £210 for every UK adult [1], while Financial Fraud Action (FFA) UK claims that a financial scam was committed every 15 seconds in the first half of 2016 [2].

Spoof emails pretending to be from trusted organizations directing users to bogus webpages have been around for some time now, but the maliciousness of these sites is increasing. One growing example is ransomware – a form of malware that locks a user’s computer until they agree to pay a sum of money, often in new digital currencies such as Bitcoin. Although many of us are now immune to these obvious phishing attempts, the people behind the scams are also evolving and setting their bait to be increasingly convincing. Earlier this year, thousands of people across the UK received emails containing their home address; emails purporting to be from established UK firms telling them that they owed hundreds of pounds. The apparent authenticity of these messages caused many to be concerned and confused as to whether they were in fact genuine. Whilst many of us like to think we’re savvy enough not to fall victim to the scammers, Get Safe Online found that although 86% of the people they surveyed claimed they hadn’t been a target of cybercrime in the past 12 months, 68% of them actually had in some shape or form [3].

Another driver of financial fraud in recent times has been the Dark Web – a place where it is now possible to obtain sensitive financial information, e.g. credit card details, from a number of sites. What is surprising is the range of details available. At one end, there are the simple credit card numbers, expiry dates, CVVs, etc; all the way up to full ‘dumps’ – the actual data stored on a card’s magnetic strip. At the most extreme end is what are referred to as ‘fullz’ – all the financial information related to a given individual. This goes beyond standard credit card information to include an individual’s date of birth, social security number and more. What many people don’t realize is that this sort of information is not just limited to the Dark Web, but can also be found on the regular Internet that we all use every day.

Another more tangible issue is the production and distribution of physical counterfeit credit cards. These can be produced by copying data from the magnetic strip of a genuine card to a fake one – a process often referred to as ‘skimming’. The size of counterfeit card fraud is sizeable; currently estimated at £45.3m by FFA UK[4], with the Dark Web, again, being the place to buy the cloned cards.

The continued growth and evolution of the Internet has created more opportunities than ever for scammers to try and defraud us. Although the traditional spoof email isn’t likely to die any time soon, the reality is that we are now under threat from more sophisticated tricks than we were five years ago, and with the growth of new areas such as the Dark Web, online financial fraud in 2016 is of more importance than ever before.

[1] https://www.getsafeonline.org/news/fraud-cybercrime-cost-uk-nearly-11bn-in-past-year/ 

[3] https://www.getsafeonline.org/news/fraud-cybercrime-cost-uk-nearly-11bn-in-past-year/