Unmasking Cyber Threats: Scams and Fraud

In the continuously advancing digital landscape, cyber threats loom large, targeting individuals, businesses, and institutions alike. To improve the state of cybersecurity, it is vital to shed light on these pressing dangers and possess the knowledge to protect yourself and your organization.

There will be two critical aspects of cybercrime to look into: Phishing Attacks and Fraud. The stakes are high, so it is crucial to unmask the deception and empower you to stay one step ahead of cybercriminals.

Phishing Attacks: The Art of Deception

What is it?

Phishing is a cunning cybercrime technique where scammers impersonate legitimate entities to deceive victims into revealing sensitive information or performing harmful actions. These attacks normally occur via email, SMS (smishing), or phone calls (vishing).

Types of Phishing Attacks

Email Phishing:

• Description: Cybercriminals craft deceptive emails mimicking trusted sources to lure recipients into clicking malicious links or disclosing confidential information.
• Tactics: Manipulating urgency, plausibility, and familiarity to heighten the likelihood of victim engagement.
• Targets: Professionals and individuals alike, with attackers exploiting email as a primary vector for their schemes.

Smishing (SMS Phishing):

Smishing has become more rampant recently. Mass SMS Sender platforms are easily obtainable and even used by legitimate companies, making smishing trickier to distinguish. Sim Registration Law, in a way, has also contributed to the advancement of smishing as registered mobile numbers have additional subscriber details like a subscriber’s name.

• Description: Scammers employ text messages posing as reputable entities to deceive recipients into giving away personal information or falling victim to financial scams.
• Risks: Unsuspecting victims may unknowingly respond to these messages, leading to identity theft or financial losses.
• Visibility: Often characterized by unrecognized numbers or spoofed display names, rendering detection challenging for recipients.

Vishing (Voice Phishing):

• Description: Fraudsters use social engineering tactics during phone calls, impersonating legitimate organizations to extract sensitive information from unsuspecting individuals.
• Tactics: Caller ID spoofing and persuasive dialogue to manipulate victims into divulging personal details or succumbing to fraudulent schemes.
• Targets: Anyone who answers the call.
• Risk: Victims may disclose personal details or fall for scams. This is similar to the “Budol-budol” modus operandi that is still happening in the Philippines today.

Social Media Impersonation:

Nowadays, it is easy to create social media profiles that are professional-looking and offer various services like tech support, customer service, immigration assistance, etc.

• Description: Scammers create counterfeit profiles on social media platforms to deceive users into sharing personal information or engaging in fraudulent activities.
• Tactics: Initiating friend requests and disseminating phishing links under the guise of legitimate interactions, mostly done through PM (Private Message).
• Targets: Social media users susceptible to manipulation due to inherent trust in online connections.
• Risk: Victims may unknowingly share personal information that threat actors can exploit.

Targeting Local Banks and Financial Institutions

Phishing attacks love to prey on local banks and financial institutions in the Philippines. There has been a significant increase of phishing attacks to local banks between Q1 of 2022 to Q2 of 2023, with a certain bank (whose name shall be protected) being a chosen target 68% of the time.

• Financial Gain: Cybercriminals exploit these institutions to steal login credentials, credit card details, or sensitive transaction data for monetary gain.
• Impersonation: Mimicking official bank communications to deceive customers into divulging confidential information or executing fraudulent transactions.
• High Volume: Email serves as the primary medium for phishing attacks, with cybercriminals inundating unsuspecting users with fraudulent correspondence.
• Rising Cases: The Philippines has witnessed a surge in online scams, including phishing, worsened by community quarantines and heightened digital reliance.
• Government Response: Collaborative efforts such as Scam Watch Pilipinas aim to mitigate cyber fraud through proactive monitoring and public awareness initiatives.

What is Fraud?

Fraud refers to deliberate deception or misrepresentation with the intent to gain an unfair advantage or cause financial harm to others. It exploits trust, ignorance, or vulnerabilities.

Why Social Media?

Social media platforms serve as fertile ground for fraudulent activities due to:

• Wide Reach: With billions of users worldwide, social media provides scammers with an expansive pool of potential victims to target.
• Anonymity: Perpetrators capitalize on the anonymity afforded by fake profiles to conceal their identities and evade detection.
• Trust: Users often place unwavering trust in their online connections, rendering them susceptible to manipulation and deception.
• Personal Information: Profile data reveals a wealth of exploitable information, facilitating targeted attacks and social engineering exploits.
• Ease of Communication: Direct messaging functionalities streamline engagement, enabling scammers to establish rapport and execute their schemes seamlessly.

Types of Fraud: Job Scams and Online Gambling

Job Scams:

• Description: Exploiting job seekers’ aspirations for gainful employment, scammers spread fake job listings and demand upfront fees or personal information under false pretenses.
• Tactics: Fake job listings, upfront fees, and stolen identity.
• Red Flags: Unsolicited offers, vague job descriptions, and requests for monetary transactions before employment or as part of the hiring process signal potential fraudulent activity.

Online Gambling Scams:

• Description: Preying on gamblers’ desire for easy winnings, fraudsters orchestrate rigged games, operate sham casinos, and perpetrate payment scams to defraud unsuspecting victims.
• Methods: Leveraging deceptive tactics such as lottery hoaxes and falsified promotional offers to lure individuals into fraudulent gambling schemes.

Conclusion: Vigilance and Proactive Measures

As we navigate the digital space on a daily basis, vigilance and skepticism are our best defenses. Here’s what we can do:

1. Invest in cyber protection: Partner with a reliable cybersecurity provider like IPV Network.
2. Stay Informed: Educate yourself and your team about cyber threats.
3. Verify Sources: Always verify requests for sensitive information.
4. Report Incidents: If you encounter suspicious activity, report it to relevant authorities.
5. Protect Personal Information: Be cautious about sharing personal details online.
6. Know the Red Flags of Phishing attacks

Remember, cyber threats evolve, but so do our defenses. Stay informed, stay secure!

About IPV Network
Since 2016, IPV Network has been a trusted partner of leading enterprises in the Philippines. It brings the best-of-breed cybersecurity solutions. IPV network helps businesses identify, protect, detect, respond, and recover from cyber threats. IPV Network is DICT certified to conduct vulnerability assessment and penetration testing (VAPT) to evaluate cyber systems. Email us at [email protected] or call (02) 8564 0626 to get your FREE cybersecurity posture assessment!