Frauds and Scams

Fraud

• Wrongful or criminal deception that is intended to result in financial or personal gain for the attacker
• Basically they are trying to essentially steal from you in some way
• Difference between fraud and regular theft:
  • With Fraud you are going to be tricked into handing over your valuables such as your information or your money
  • In theft you will directly get things stolen from you
• One of the most common types of fraud that you will see online is known as identity fraud or identity theft
  • Identity Fraud and Identity Theft
    • Involves the use of another person's personal information without their authorization to commit a crime or to deceive or defraud that other person or some other third party
• Difference between identity fraud and identity theft
  • In identity fraud, the attacker takes the victim’s credit card number and charges items to the card
  • In identity theft, the attacker tries to fully assume the identity of their victim
    • Example: If a person outside the US stole your name address, ssn, etc. that is Identity theft, not identity fraud

Scams

• Fraudulent or deceptive act or operation
• Occurs whenever someone tries to deceive the victim onto doing something
• Most common scam is called the invoice scam
  • Invoice Scam
    • A scam in which a person is tricked into paying for a fake invoice for a product or service that they did not actually order
• Example: Employee gets a phone call, speaker asks about the type of printers or verify an order that you've placed for a certain type of toner.
  • "Are you still using the HP LaserJet A330?"
  • They may or may not know the actual model
  • They are trying to setup a pretext during the call
  • "Oh, I'll make sure to make that fix by tomorrow!"
  • A couple days later the boxes arrive to the office but the company gets the bill for that toner and it will be a really large amount over the retail cost of the same toner from an office supply store.
  • You have now received a legitimate invoice from this attacker for the toner, it will stay that there are no refunds or exchanges
  • They have recording of your employee that placed the order

Summary

• Identity fraud and invoice scams are low-tech social engineering techniques
• In identity fraud an attacker might call you on the phone and get you to give the information just like your date of birth or your mother's maiden name or things like that to steal pieces of your identity but these attacks can be technical such as embedded malware inside of an invoice scam spear-phishing email.