What is a scam?
As with traditional scams, cyber-criminals offer bait (a fictitious inheritance or supposed lottery win) for which they ask for a small amount of money up front before the recipient gets the huge sum of money. Scams are based on trickery and social engineering, rather than on the IT skills of the criminals.
What does it involve?
Probably the most infamous scam of this type is the Nigerian letter scam along with its many variants. Criminals mass mail a message that aims to make the recipient believe that a large sum of money (several million dollars) is blocked in Nigeria, and needs to be transferred to a foreign bank account.
They offer to pay a commission to the recipient in exchange for help in getting the money out of the country and ask the potential victim to pay a small amount of money up front, on one pretext or another.
This type of fraud sometimes uses good causes as a pretext for defrauding users, such as requests for donations after a disaster or fake NGOs.
Other types of scams
Online dating scams.
A study carried out by the National Fraud Intelligence Bureau (NFIB) estimated the cost of fraud on dating sites at 27 million pounds (€30 million) in the UK alone. The Bureau also acknowledged that this was a conservative estimate, as many people are embarrassed to report this type of crime. Users with fake profiles con genuine users into giving them money or even their bank details. Older people are more likely to fall victim to this type of fraud; 62% of victims are over 40, and 25% are between 50 and 59.
Tech support scam.
This uses social engineering techniques by gaining users' trust then instructing them to disable security measures on their computers. Cyber-criminals call their victims by phone, saying they work for a well-known company, such as Microsoft or the phone or electricity company. Claiming to be an engineer, the hacker tells the victim there has been a cyber-attack and that they need to take urgent measures to address the security breach. The victim is asked to visit a Web page and download a remote control tool that gives the engineer remote access to the computer to carry out 'repair work'.
As detection of phishing emails has improved, some criminals have changed their tactics, focusing on smartphones. Text messages are sent designed to trick users into sending confidential information, such as the PIN for their online bank account. In other cases, they are encouraged to go to a Web page and download a malware-infected application, as with phishing using emails or social networks.
How to identify them
Most of these messages have a common denominator: they claim to be urgent. They tell you, for example, that your bank account has been hacked and that you must immediately log on using the link they provide. Or that a routine security check has blocked your account, and you have to enter your password to gain access once again. You may even be asked to download a special application to improve your account security, always as soon as possible.
What is true is that banks don't send urgent notifications via SMS; they use more secure channels to contact you with important information. If you receive a text message from your bank, phone company, utility provider or similar, never click the links: use a trusted browser and start a session in your client area, or call customer support. Similarly, such companies will never send you a link to unfamiliar websites to download a new application. They may send you to the Official App Store or Google Play.