Internet fraud is one of those things that can be hard to define and talk about, but everyone knows it exists. You almost certainly know someone who has been affected by it, even if they haven’t mentioned the issue. There are simply so many scams, instances of identity theft, and attempts that it is just a standard part of life to protect yourself against it.
And yet while it remains a constant as a concept, the details constantly change as technology improves and expands, and as cybercriminals change up their efforts in an attempt to find greater success. It is a never-ending battle, and cybersecurity and antifraud experts know this. A new scheme is born every day, and all it takes is one successful one to cause a lot of problems. That means that it is important to refresh yourself on the specifics and changes every once in a while and to simply remind yourself that staying vigilant is important to your safety.
While there is so much more that can be said on the topic and the landscape is constantly changing, here are some stats and a good primer on what you should know about Internet Fraud in 2022:
What Forms Does Internet Fraud Take?
Internet Fraud is not a one-size-fits-all phenomenon. It is instead more of an umbrella term for a wide variety of plans, schemes, and methods of fraud. Some of the more common schemes include:
Phishing Scams: With these schemes, a user (or even a bot given some instructions) imitates another person or official organization. They are extremely common and usually sent out in a “throw it at the wall and see what sticks” approach with whatever contact info they can find. However, some might be more targeted, especially if the cybercriminal can effectively impersonate someone you know, such as your boss or a family member, to trick you into giving out details or sending money.
Ransomware Attacks: Another extremely common form of cybercrime, ransomware attacks are usually the result of malware making it onto a user’s system, locking away files, and threatening to delete them or release them if the user doesn’t comply with demands (usually money). We decided to include them in the discussion about fraud as they often start because of fraud or social engineering of some sort. Rarely does a person invite malware onto their device knowingly, after all?
Business Email Compromise and Exploitation: When it comes to opportunities to make money, business email or business systems are the gifts that keep on giving. When it comes to fraud and social engineering, all that’s often needed is one weak link in the company when it comes to cybersecurity and vigilance, and they are in. And given the number of money businesses lose every year to cybercrime and fraud, one would expect there to be a lot more security and training. Unfortunately, not all companies learn their lesson the easy way.
Payment Information Fraud: When people put in their payment information online, hopefully, it is done on secure sites and via secure methods. Similarly, when details are given online, ideally they are stored safely and only accessed or given to the proper people and systems. Payment information is valuable to cybercriminals, especially en masse or for someone with a lot of money to lose. There are plenty of fraudulent sites meant to gain payment information, and other scams and forms of fraud seek to get it from people online (or through any other method).
Online Government Assistance Fraud: The positives about the expansion of government assistance management to online spaces are that it's easier than ever for people and small businesses to get the help they need, but it also opens up the possibility of fraud. Even the most humble of programs are subject to fraud. Commonly, someone will impersonate someone receiving government assistance, gaining benefits in their stead. With the recent programs of support for those affected by the recent pandemic shutdowns, there was some fraud involved, with the exact amount to be determined.
Online B2B Fraud: B2B is a big business, and the sector is growing online. Therefore, some cybercriminals might want to get in on it. These schemes are certainly less common than some of the other methods listed here, but they can cripple or even shut down a business should they occur successfully.
Romance Scams: Romance scams might have been around before the internet in one form or another, but they were perfected online. Online dating often means it is hard to confirm facts or identity without a fair bit of work. And while things may seem normal at first for the victim, suddenly they are paying for a plane ticket or transferring money so that their new prospect can travel to their state or country for a meeting, or get out of some horrible situation. And they keep paying until they catch on, never meeting them or not finding what they expected.
Get-Rich-Quick Schemes: Another scam as old as time that has only gotten more popular since the Internet grew popular, there are usually promises of an investment opportunity or a “lottery” win, just with a down payment first. The scammer then makes off with the money. Longer terms options could involve pyramid schemes or scams involving things such as cryptocurrency that many people don’t know much about.
Social Media Fraud: There is certainly misinformation on social media, but this is an entirely different matter. Quite a bit of fraud is done over social media, despite attempts by social media companies (some more than others) to put a clamp down on it. It might be in the form of posts, private messages, or something else depending on the platform. The end goals are all the same.
Cybersecurity Fraud: In a wolf in shepherd’s clothing scenario, often cybercriminals will pose as cybersecurity experts to gain the trust of their intended victim. They may want to install a program (malware) or gain remote access to the computer. In any case, the results are not good. There is usually a heavy penalty for impersonating police. There is no special penalty for impersonating a cybersecurity professional.
Other Forms: The above forms of fraud hardly constitute all the options. Others are lesser-known, and others that have yet to be invented are nonetheless inevitable as new technologies and services take to the internet. You will have to be on the lookout and be careful when it comes to what you find and read online.
Note that a scam or fraudulent activity being in one category does not preclude it from being in others. Ransomware attacks often take the form of cybersecurity fraud, claiming they are a security program of some sort and a warning. Many forms of fraud are done over social media, including get-rich-quick schemes and romance scams. Essentially, if there is a platform, someone is going to try to commit fraud on it for personal gain.
What Differentiates It from Other Cybercrime
Depending on where you look online, cybercrime and internet fraud might be used as near-interchangeable terms. We understand that this can be confusing.
According to the FBI page on the subject, internet fraud is “the use of Internet services or software with Internet access to defraud victims or to otherwise take advantage of them.”
Cybercrime is a broader umbrella than internet fraud. It might involve hacking, the forcing of passwords, DDOS attacks, data scraped by bots that are later used for fraudulent purposes, and more. Cybercrime usually involves the internet, but the tools used are more varied, as can be the victims and aims. Internet fraud also happens to be a bit more personal, often hurting someone specifically and on a personal level. It differentiates it from the massive data leaks that often hit the news.
Internet fraud must involve deception. It could involve deceiving a company, or it could just involve a couple of people. Whatever the case, there are clear threads and sometimes people don’t even know they are being defrauded until it is far too late. It effectively involves all sorts of false pretenses, misinformation, and false fronts. It may use fraudulent websites or websites designed to look like a major one (Amazon, Facebook, etc.), down to the URL. It often may use fake pages on popular websites. And it costs people and companies hundreds of billions, if not trillions, each year.
How Prevalent Is It?
There is so much we could talk about in terms of how widespread the problem has gotten, but here are a few key and outstanding facts:
- Phishing schemes are more common than ever before, with phishers impersonating large tech companies and online services to get people’s information.
- Attacks to compromise business email are similarly at an all-time high, increasing 2,370% since 2015. Even when compared to other types of attacks, that is a huge increase.
- Tech support fraud is a common and growing type of scheme, with losses totaling $146 million in 2020.
- According to the 2020 FBI Internet Crime Report, the victims numbers in the hundreds of thousands, and more than 4.2 billion dollars were lost by individuals. People over the age of 60 were the most common victims and lost the most.
- It is estimated that one in ten adults in the United States will be a victim of fraud each year.
If you haven’t been a victim of internet fraud, you might be surprised by these numbers. Yet just because it might not happen to you does not mean it doesn’t happen to people and it doesn’t happen often. Internet fraud is a serious concern across the internet, and billions are spent each year (sometimes in vain) trying to prevent as much of it as possible. Just take a look at your spam or trash folder in your email account (though by no means click any links). While most of these emails are obvious scams, the sheer number will tell you a lot about how much of a problem it can be, especially to the unobservant and not in the know.
And It’s Only Getting More Prevalent
There are plenty of studies on internet fraud and more specific crimes, and we’ll go into some more of them in a moment, but the ultimate takeaway is that there is more internet fraud and cybercrime each year. In 2020 reports of internet fraud increased to 2.18 million (rising from 1.72 million in 2019), and out of those cases, about 34 percent reported money was lost. And while the average amount lost was $311, that can be a huge amount of money to lose for some families.
So the problem is growing. And why is this? There are a few clear reasons:
- It is where the money is. More money is being spent and sent online, and criminals and bad actors, no matter the background, follow the money. The fact is that eCommerce worldwide was worth about $4.28 trillion in 2022, and not everything is necessarily counted in that total.
- Cybercriminals and criminal organizations are getting better at it, and more organized. Most cybercrime is done by organizations these days, and many of the operations are more than a one-person job.
- Fraud is on the rise, but all cybercrime and identity theft are on the rise with it. It is all part of the rising tide of cybercrime. It may be interpreted as fewer people getting into fraud so much as more people turning to cybercrime (or cybercriminals getting more efficient), with internet fraud falling under that umbrella.
- More people are online and doing things online than ever before. Because of the recent and ongoing pandemic, more people are shopping online for various goods, services, and necessities. More people are spending time online as a way to pass that time, having little else to do. More time online means those people have more opportunities to fall victim to fraud or cybercrime. Some people are truly going online for the first time, without getting the proper facts and education on how to protect themselves.
Facts About Identity Theft
Not all internet fraud concerns or involves identity theft, but that is like saying not all water is in the oceans. The truth is that the vast majority of internet fraud is meant to take information solely or as part of a greater take, and that identity theft is the end goal of nearly all internet fraud, whether it takes one form or another. Here are a few stats to take away:
- Identity theft happened to more than 47 percent of Americans in 2020. Whether this percentage goes up or down depends on the number of precautions people take and whether organizations and governments tackle the growing threat. Losses are recovered in many cases, but it is still a trial for many.
- Identity theft is responsible for more than $721.3 Billion in losses each year, and that is simply the amount we can track. The study also used a narrow definition, and other definitions of identity theft can lead to more than $1 trillion in losses total.
- Children are some of the most likely targets for identity theft, likely because children or their parents are less likely to catch on that it is happening. About 1.3 million children are victims of identity theft each year. And with more children putting information into online accounts, this is only going to become more prevalent.
- Application fraud is a common offense and so is account theft, which occurred to 37 percent of consumers.
What Are the Damages?
Internet fraud does not exist in a bubble, despite happening virtually. People regularly get defrauded and lose real money or important information, unable to get it back. Some may lose their jobs in the process, and even governments are not immune to internet fraud and cybercrime, though they would be loath to admit it.
And there is more to it than that. People and businesses who fall victim to some form of internet fraud, even if they manage to get their money or identity back, often have to spend a lot of time doing so. That time was hardly productive or restful, and people are understandably stressed out from the experience. There is a human cost to internet fraud that goes beyond the property, much like most crimes.
Furthermore, people might be less trustful of the internet after fraud, even the sites that should be considered trustworthy. This makes it somewhat harder for them to perform certain tasks and
In terms of the specific numbers for damages, you can check the following on top of what has already been noted:
- The number of losses due to cybercrime totaled 4.2 billion in the United States, according to the FBI.
- This is a 45 percent increase over the previous year.
- Cybersecurity Ventures estimates that total cybercrime losses will reach $6 trillion annually in 2021, based partially on the value of hacked accounts.
- Note that its existence also means cybercrime costs in cybersecurity as well. And cybersecurity is a big industry. Cybersecurity Ventures estimates that spending on it will total $1.75 trillion or more from 2021-2025.
Where Internet Fraud Comes From
While the image of the lone hacker permeates popular culture and media, the truth is most cybercrime is a much more organized affair, with most hackers working in tandem with organized crime or collectives. Social engineering schemes are no different, and there might be multiple people working on the same scam, allowing for more complexity and believability. If someone says they’ll contact their boss, and provides some evidence of that, you might be more inclined to believe them, for example.
Of course, the best plans are usually not shared, but that does not mean that cybercriminals do not take notes as to what is working and what is not. Remember that the most successful tactics are the ones we do not know about until it is too late.
And while internet fraud is relatively new, fraud certainly isn’t. Much of internet fraud is the same old story and methods that have been used for hundreds of years with a new coat of paint. Remember that, and be just as suspicious (if not more so) of potential fraud online as you would be in real life. What would you do if someone came up to you and said you won a lottery that you never entered?
How You Can Protect Yourself
So now that you know a lot more about internet fraud and its effects, you probably want to do something about it. The best defense and response in preventing the fraud from ever happening in the first place. Here are the key strategies and tips for doing so:
- Be careful of everything you read online, especially if it is from a source that can’t be trusted. Major media outlets aren’t out to defraud you or spread misinformation, but a small site you’ve never heard of might be.
- This is especially true of social media. Even if you are certain someone you know isn’t trying to defraud you, you cannot always be certain it's them (their account could have been hacked). If you see a close friend or family member spreading odd links or acting in a way they normally wouldn’t, give them a call or text to make sure things are alright. Alternatively, they might be an unwitting pawns in someone else’s scheme, so be careful.
- Don’t download strange files or click on links you are uncertain about. With some extensions or browsers, you might be able to better preview the link you are hovering over.
- While there might be a few hiccups, browsers block links they think are unsafe for a reason. And even if you trust the site or site owner, the site itself still might be unsafe and compromised in one or more ways. There is no excuse nowadays to not have SSL protection on a site that is taking any personal information, and you should not work with a site that does not have it.
- When interacting with someone online and you aren’t confident about their identity or the veracity of what they’re saying, ask for real-world confirmation if possible. Verified accounts can be helpful for online dating, and even a short video call with someone can help make sure you’re talking to the right person, especially if it is someone you know.
- If you still aren’t sure, stop talking to them or cut off contact online. It isn’t worth getting defrauded and anyone legitimate would be happy to confirm matters with you.
- Read up regularly on what scams people are using, and look up a website or individual if you think they might be fraudulent. You probably won’t be alone, and there might be reports (official or unofficial) about the issue in question. Simply typing “is x a scam” into Google can often give you your answer, and a little research will take you much further.
- Though even if nothing shows up, don’t let that leave a potential scammer off the hook. It might be that they are using an unknown identity or are good at hiding their tracks. Confirm whatever you can, and try to find whatever outside information you can. Even if it turns out to not be a scam, you will have more knowledge about who or what you are working with anyway.
What to Do
While you can protect yourself as much as possible, you will likely run into a problem at some point in your online life. You might not even be aware of it until some time later, given that your information might have been stolen from a company or organization you have trusted information to in the past. If you find yourself in trouble, seek out additional information related to your exact situation, but also go by the following:
- First of all, don’t panic. You aren’t the first person to deal with this, and you won’t be the last. Do not make any hasty decisions, even if the person defrauding you is trying to rush you.
- While you shouldn’t make hasty decisions, you should act quickly. The faster you act on the knowledge that something is wrong, the better the chance you can fix it. You might not be able to track down whoever is behind it, but you quite possibly can get your money back.
- Don’t try to fix it on your own. Unless you’re someone who is experienced in these matters or a professional, the fraudster has a lot more experience than you. You probably won’t be able to outsmart them at their own game, especially when they have the advantage. Consult professional help or follow the designated steps for the common types of fraud.
- If someone is giving demands or ransoming your data or information, do not give them what they want. Large cybercriminal organizations might release the data back to a corporate victim out of reputation. Whoever is defrauding you or attacking you has no reason to do so, and will just ask for more (presumably) money.
- Contact your banks and credit providers as soon as possible, as well as any other relevant organizations in your life. They can implement a credit freeze and deactivate your cards so that no one can use them and your bank accounts are safe.
- Make sure you are engaging in good cybersecurity practices after first learning about the incident. It can be hard to tell how a cybercriminal got your information in the first place, so do a full sweep of your devices and change all of your passwords and similar information. Make sure everyone except for yourself cannot get into your accounts.
- While your influence over this might be limited, make sure your employer and any organizations you are involved with are doing the same. Think about what the weak links are in your organization and see what you can do to stop them. You should be able to at least make some recommendations or bring it up with your organization’s IT professional, should they employ one. If someone found a backdoor into your organization, they’re going to use it until it is shut and locked off.
- As for whether you can or should take legal action via a civil suit, that will vary on a case-by-case basis. You cannot be certain about whether such a measure will be effective, and note that most cybercriminals will be overseas, where it will be hard to not only track them down but prosecute them. If the perpetrator is someone you can identify or in the same country, however, and the amount is significant, it might be the right call.
Internet fraud is a deeply concerning the topic that affects millions (if not more) each year. And while most attempts are obvious to avoid, the truth is there are so many attempts many of us are bound to slip up at one time or another. We hope that this article has given you some pause on the problem, some tips on what to look out for, and everything you need to know about what to do when you run into a problem. We wish you the best of luck with your browsing and may you have a sage experience.