2.5 Online fraud
So far you have learned how social engineering can be a useful tool for those who wish to distribute malware. However, it can also be used to gain access to personal information, which may allow unauthorised individuals to access accounts, facilitating photo hacking. However, perhaps the most familiar form of social engineering used by cybercriminals is the phishing email, which is normally used to gain information that can be used to commit online fraud. This phishing email often appears to be from a legitimate business or bank and asks for an immediate response from the recipient in order to prevent serious consequences (for example, the account being frozen). When the recipient clicks on the link in the email, they are taken to a fake website and asked to enter their account details. By doing so, they provide fraudsters with the information needed to access their genuine account and steal money. As in the previous examples, by manipulating human behaviour, cybercriminals can gain access to private accounts without being skilled in hacking.
Advance fee fraud is another online scam with which you might be familiar with. There are many variants, but the basic format is the same. The fraudster sends an email in which they claim to need help in moving a large amount of money from one country to another and are prevented from doing so due to some unfortunate set of circumstances. The recipient of the email is asked to assist by sending a small amount of money and is offered a share of the large sum of money as their reward (Action Fraud, 2020). Of course, the large sum of money does not exist, and anyone who sends money will never see it again. Online dating romance scam (Buchanan and Whitty, 2014; Whitty and Buchanan, 2012; 2016) is a subtype of advance fee fraud, in which the scammer or scammers pose as someone interested in forming a relationship with their victim. They use photographs of attractive people to create fake profiles and make contact with their victims via social networking sites or online dating sites (e.g. Aransiola and Asindemade, 2011; Rege, 2009; Whitty and Buchanan, 2012). This is sometimes termed ‘catfishing’. The focus in this type of crime is on building a relationship with the victim so that they will then comply with requests for money.
Activity 5 Why does online dating scam succeed?
Watch the video of FBI Special Agent Christine Beining describing romance scams. As you watch the video, note down any information related to the victims’ likely characteristics and techniques used to gain trust and obtain the desired result.
Christine Beining explained that:
- Scammers usually target vulnerable women (though men can be targeted but less so than women) , using the internet, with money and willing to give it. More specifically, they target people not in existing relationships and looking for love (divorced or widowed)
- they will use information available on the internet to find common grounds and use information to manipulate victims and get their trust. The relationships become intense very quickly. So, they can start asking for money using different excuses and promising to repay back the money.
- Scammers are usually part of criminal organisations and data about victims are recorded in ‘sucker lists’, which make them even more vulnerable and easily targeted to repeat victimisations (Button et al., 2009).
Buchanan and Whitty (2014) also found that higher scores on ‘idealisation’ of romantic partners were associated with an increased likelihood of being a romance scam victim, but the other factors they investigated – including extraversion, agreeableness, sensation-seeking, neuroticism, and loneliness – were not associated with the likelihood that someone would become a romance scam victim.
You can read about the many different types of online fraud at the Action Fraud website [Tip: hold Ctrl and click a link to open it in a new tab. (Hide tip)] .