A scam – in the modern, internet-era meaning of the term – is a type of online fraud in which victims are persuaded to transfer money to cybercriminals or make a payment in their favor. Social engineering tools are usually used for this purpose. Those who carry out online scams are called scammers.
Scams are closely related to another type of online fraud aimed at stealing personal data known as phishing. It is not unusual for phishers and scammers to use similar techniques to achieve their goals.
Common scams
To lower the victim’s guard and extract their money, scammers usually employ one of three tactics: making a tempting offer, evoking sympathy, or intimidation. Below are some common scenarios:
- Cybercriminals offer the victim to pay a small amount to get a larger return:
- Invest money in a promising venture with a guaranteed high return.
- Purchase a valuable item at a substantial discount.
- Obtain access to exclusive content.
- Pay a fee or tax to receive a generous payout from the government, a large company, or a rich individual.
- Pay for the delivery of a valuable prize the victim has supposedly won.
- Pay for a premium account on a fake dating website.
- Cybercriminals ask for help for an individual or charity under a real or fictitious pretext.
- Fundraising ostensibly to help sick children, build an animal shelter, etc. (often using data and shocking photos from the internet, including those from actual fundraising pages).
- A plea for money under the guise of a friend of the victim (typically using a compromised social network or messaging app account).
- A money transfer to the victim, followed by a subsequent request to return the erroneous payment to another account and cancellation of the initial transfer.
- A dating scam in which the cybercriminal strikes up a relationship with the victim, builds up trust through correspondence, and finally asks for financial help.
- Cybercriminals threaten victims with the blocking of an account (with an online service, bank, etc.) or various penalties.
- The victim is told they have to pay to have the account unblocked (direct extortion).
- The account is allegedly blocked under the pretense of combating criminal activity (such as the distribution of child pornography), and the victim is coerced to pay a fine.
- The victim is threatened with criminal proceedings.
- The victim is notified of a debt that must be paid urgently.
Typical distribution methods
As a rule, online scams are intended for mass attacks. Therefore, scammers most often use means that provide maximum no-address audience coverage:
- Banners leading to scam websites.
- Emails with links to scam websites.
- Social networks and messaging apps. Among the places where attackers like to post links to their resources are: popular channels and communities; group chats with many participants; bios on profiles with lots of activity and comments; direct messages.
- Phone calls.
- Marketplaces. Cybercriminals offer goods at attractive prices to lure in victims. Since most marketplaces feature protection against fraudulent links, potential buyers are induced to switch to a third-party messaging platform where the scammers send a link to their resource. Scammers can also place links to their websites in the comments section of product reviews.