Internet fraud has existed for about as long as the World Wide Web itself. From year to year, cybercriminals come up with new tricks and techniques aimed at deceiving their potential victims. In this article, we will look at the different types of fraud and how you can protect yourself from them.

Unlike Internet threats such as viruses, Trojans, spyware, SMS blockers, spam, etc., fraud is remarkable for this: the attacker's target is not a computer whose protection needs to be bypassed, but a person who has are known to have their own weaknesses. Therefore, on the one hand, no program will completely protect the user, and on the other, he is largely responsible for his own security.

We have already written about the technical aspects and fraud schemes. However, the knowledge of the schemes used by the attackers does not always help to protect themselves. In this article, we will formulate simple rules by which you can avoid many pitfalls on the Web.

Fraud types
Phishing
Phishing emails include fake notifications on behalf of administrators of banking and payment systems, as well as email providers and social networks, online games, etc., aimed at provoking you to follow a fake link so that your confidential data (login, password, etc.) etc.) fell into the hands of scammers. Bank phishing is considered traditional, targeting your online bank account or account in an electronic payment system. Having learned your username and password, attackers immediately gain access to your account.

Phishers are adept at faking their letters to look like official letters from various organizations. In particular, they use the logos of these organizations and the general style of their legal correspondence. As a rule, in a letter, the user is asked to follow a link to enter personal data (usually the excuse is the latest measures to improve the security of the site, allegedly carried out by its administration, in connection with which the user must log in again). After following the link, the user is taken to a fraudulent site that looks just like the real one, and, without suspecting anything, enters his username and password in the appropriate fields. After that, the data is sent to the scammers, and the user is redirected to the real site. Fraudulent sites often contain exploits that install spyware on the victim's computer.

How to recognize a phishing email
Case 1.  You received a letter from a bank / payment system / postal provider. You are not using this bank / payment system / postal provider. It means that the letter is definitely fraudulent - just delete it.

Case 2.  You received a letter from your bank / payment system / postal provider. You have an account on this system. Carefully read the text of the message: if, under some pretext, you are asked to enter your login / password by following the link, then the letter is fraudulent - banks, payment and postal systems never ask users to log in by following the link in the letter. In these systems, the login and password must be entered only to access your personal account.

Another easy way to tell a fake email from a real one is to hover your cursor over the link. Then, in the tooltip, or in the lower left corner of the email client, you will see the real address of the site, which you will be taken to if you follow the link. Look at it carefully: the second-level domain (the one immediately before the first slash) must belong to the organization from which the mailing is sent.

If you still have doubts, go to the official site yourself, ignoring the link in the letter and entering the site address in the address bar of your browser. So you are guaranteed to protect yourself from going to a fraudulent site, and on the official site you can find out everything you need.

However, for fraudsters, the tidbit is not only your online bank account or account in an electronic payment system. They are interested in any personal information, so phishing can also target mail systems, social networks, online games - in short, any system where the user has a username and password.

Phishing: social media
Do you have an account on Odnoklassniki, Twitter, Facebook or any other popular social network today? Then you already know what an official mailing notice looks like. However, a fake notification may also look like it is intended to provoke you to follow a fake link so that your personal data falls into the hands of an intruder or opens access to your social network account. The scheme is exactly the same as the scheme of bank phishing described above: you receive a notification, allegedly on behalf of social network administrators, that someone left you a message or wants to add you as a friend, or that you need to update your account. You follow the link, but instead of the official site, you find yourself on a fraudulent one that exactly copies the legal site. Next, you enter your username and password,

False notifications from social networks may not contain a requirement to enter a username and password, the letter may look like a real one in everything except the link.

Look carefully to which site you go to, often scammers make their domain names look like the names of legal sites.

Phishing: online games

Even in free online games, there are often certain elements for which the creators of the game are asked to pay money: additional armor, artifacts, the original appearance of the character, any additional bonuses. And money always attracts scammers. The scammers' task here is to kidnap your character, with all his additional attributes, for which you paid money, as well as with all his experience and skills, and then sell it all. To do this, scammers, as in other phishing cases, try to lure the user to a fake site. Just like in other types of phishing, the address of a fake site can be very similar to the address of the official one.

Only a very attentive user will notice that the domain to which he was asked to switch contains an extra letter "i":  worlidofwarcraft.com . But there is another important indicator that this letter was sent by scammers: in real letters on behalf of game system administrators, they never offer to follow the link in the letter to enter the password!

In order to attract the user's attention, scammers can come up with more cunning excuses. You may be offered to test the beta version of the new game, to promise various bonuses and gifts - just follow the link. However, by doing this, you can get to a fake site through which cybercriminals will try to steal your personal data, or to an infected site from which various malicious programs are downloaded to your computer.

Protection methods are the same as with other types of phishing: never follow the links; enter your personal data only on the official website, which you visited yourself through a browser. You can always go to the official website bypassing fraudulent links.

Other traditional types of fraud
“Forewarned is forearmed,” the saying goes. This is true of fraud protection. Sometimes it is enough to know what methods the attackers use, so that when you see a letter in your mail, you can immediately understand that they are trying to deceive me. Let's consider the most popular types of fraud:

Fake lottery win notifications .
The letter informs you that you allegedly won the lottery. The goal of the scammers is to trick you of a certain amount of money in order to "transfer" your prize money.

"Nigerian" letters .
Letters in which you are asked to transfer money from a distant African (or any other) country to your account, and promise interest for this. In the future, the scammers will ask for your account number, allegedly for transferring money. However, instead of transferring money to you, they will withdraw your funds from the account. There is also an option when, in the process of communication, scammers ask to send them a certain amount of money, allegedly for the services of a lawyer or for transportation costs. After you send them money, they simply stop communicating with you. There is another, even more dangerous course of events: scammers use your account in such a way that you find yourself guilty of their money laundering schemes and go to jail in their place.

Financial pyramids and easy money .
In these schemes, the potential victim is asked to invest a little money, so that later they turn into a big profit. In fact, this fraudulent scheme works on the principle of "how much you invest, so much you lose."

Internet begging
Letters purporting to be from charities or people in need. In fact, such letters are either purely a bluff, or they contain links to real organizations and funds, but the specified details for transferring money belong to the scammers.
Remember, charities don't send spam, they have other methods to attract investment. If you still want to check the information provided in the letter, find the address of the relevant organization, call there and specify how you can transfer money.

SMS fraud in spam
Letters in which, under various pretexts, you are asked to send an SMS message to a short number. This also includes letters containing links to sites on which, as a payment for the allegedly provided service, it is also proposed to send an SMS message to a short number. Whatever the scammers promise in such letters, it will end up paying at least ten dollars for a nonexistent service.
So, you should immediately delete letters containing any offers related to money from people unknown to you, including:

offers to make money (easy money, help with transferring money, investments that will bring "untold" wealth);
offers to help someone with money (for treatment, a poor Nigerian beauty, etc.);
any "winnings";
offers of free software, movies, etc.
Fraud: formal signs
Obviously, there are types of fraud that are not covered in this article. Sometimes fraud can be recognized not by the content of the letter, but by the way it is written and composed. Therefore, we will touch on the common signs of fraudulent emails. Knowing them, you can easily distinguish a fraudulent letter from a legitimate mail.

The following signs indirectly confirm that the letter was sent to you by hackers:

your name is not in the "Where" field:

this means that this is a mass impersonal mailing, where the names in the "Where" field have no relation to reality or are put down by brute force;

an address unknown to you is indicated in the "From" field, while a well-known site is indicated in the letter itself as the sender:

it means that the letter did not come at all from the organization that the fraudsters are counterfeiting. Keep in mind that no large organization will send mail from a free mailbox;

some words are written in CAPITAL letters:

this is one of the techniques used by spammers to attract the attention of users;

some words are garbled ("Lloan" instead of "Loan", "Youwon" instead of "You won"):

This is one of the techniques used by spammers to bypass spam filters;

the link does not match the address of the organization's official website:

as already described above, this is a sure sign that they want to lure you to a fraudulent site;

impersonal treatment (Dear Friend, Dear Customer, Dear User, Hello!):

such an appeal means that the addressee does not know your name, that is, the letter was sent at random to many addresses.

Do not trust, do not fear, do not ask. A little about social engineering
As you know, the weakest point in protection against any fraud, including electronic, is a person. No amount of technology can protect you if you are not careful. Therefore, let's talk about human weaknesses, which scammers often rely on.

Thirst for easy money
The thirst for easy money, or, in common parlance, the love of freebies, is one of those human weaknesses that are used by scammers in the first place.

Easy money, lottery winnings, cheating a payment or other system -  all these cheating schemes are structured in the same way: "First you give us a little money, but then you get millions."  Obviously, there is no “sweat”. It should be well remembered that free cheese is only in a mousetrap.

Fear
Another natural human feeling that attackers rely on is fear. "Follow the link, otherwise your account will be blocked", "if within 10 minutes after reading the letter you do not send an SMS to a short number, your mailbox will be deleted", and other similar phrases motivating the user to take certain actions immediately, without hesitation, aimed at playing on this very feeling.

It should be borne in mind that  no postal provider will block your account  in this way and, as already mentioned, will not require you to follow the link in the letter to enter your personal data. In general, no one will rush you in any legal notification - all intimidating and urgency letters can be immediately regarded as fraudulent.

Naivety / Helpfulness / Gullibility
Good, kind human qualities, unfortunately, are also often used by scammers.

We must be aware that  all requests for help that come through spam are lies.  If you really want to help your neighbor, contact special funds. By the way: such funds never send spam.

Curiosity
Amazingly, it happens that we send money to scammers ... out of curiosity. Even if we do not quite understand what exactly we were offered in the letter, and do not expect to receive a million at all, sometimes it is simply “interesting” to follow the link and see what will happen.

Following the lead of such a curious user, I will answer right now: nothing will happen,  you will simply lose money .

Carelessness
Typically, the pace of internet life is higher than the pace of normal life. Here, as Caesar, we often do several things at once: we work, check mail, read news, communicate using IM systems, listen to music, etc. This inevitably results in distraction of attention. Sometimes it is because of this that we can take a fake letter for a real one, although with a closer look, we would immediately identify the scammer's handwriting.

Do not hurry.  Before you commit any irreversible actions, think, read the letter again.

Internet safety rules
It should be remembered that in addition to fraud, there are many other threats, in particular, a variety of malicious programs that can steal various passwords, logins, information about credit cards and much more without the fraudsters "communicating" with the user.

In order to protect themselves, any Web user must follow a few simple rules:

Use antivirus: a
modern, regularly updated antivirus will provide reliable protection against a variety of Internet threats;
Download updates regularly:
software updates close vulnerabilities that could be exploited by cybercriminals;
Do not leave your personal data on open resources:
data left on the Internet is collected by criminals' robots, who can later use them for their own purposes (for example, send more spam to your mailbox);
Do not download anything from random sites: there
is a high probability that you will receive malware along with the downloaded program / book / movie;
Do not follow links in spam emails:
such links often lead to fraudulent or malware-infected sites;
Do not open attachments in letters if there is at least some doubt about the reliability of the addressee: It is
highly likely that the attachment contains malware (even if it is a Word document);
Do not try to "unsubscribe" from spam (especially if the spam message contains a corresponding link):
this will not help to get rid of spam, rather the opposite. There are two most likely scenarios for the development of events: 1) spammers regularly launch automatic scanning and cleaning of their databases from non-existent addresses; By replying to the letter, you confirm that your address (which, perhaps, was chosen automatically) really exists, it is really read. This will induce spammers to add it to separate, "clean" databases, as a result of which you will receive even more spam; 2) following the link, you will be taken to an infected site and receive a malicious program on your computer;
Do not respond to tempting offers, especially if they are associated with getting quick money: by
responding, you will either lose your money, or, much worse, become involved in criminal fraud.
Fraud, alas, is ineradicable. And on the Internet, it lies in wait for us everywhere: in e-mail, social networks, on various sites. Over the years, attackers have been inventing new tricks, but the basic mechanisms of deception remain the same. Only the user himself can make his life in the virtual space safe. We hope you find the tips and information in this article helpful.