Employee blog: Online Security
Back to blog list

Be safe with G2A: most common types of online frauds and how to avoid them

17.08.2018

The Internet is truly amazing. You just can't say no to the vast knowledge it gives you access to or being able to stay in touch with your friends all over the world. Too bad this place is also the perfect spot for fraudsters and scammers, but worry not — specialists at G2A are here to make sure you stay safe online. Read on to find out how to spot and prevent the most popular online scams.

 Spam

Ah, the classic. Spam’s just a whole ton of unsolicited e-mails that litter your mailbox — if you let them, that is. To be honest, most junk mail is essentially commercial in nature and while annoying, this type of material is pretty much harmless. Problems arise when these messages contain links to fake websites set up for phishing purposes or other nasty stuff, such as trojans and other malware.

Who sends spam? It turns out 80% of it actually comes from malware-infected computers that comprise the so-called “botnets.” These zombie PCs send out tons and tons of mails, unbeknownst to their users. Ensure that your own computer’s security system is tough enough to prevent such schemes.

How can you avoid spam? It’s pretty straightforward:

  • Set up good mail filters, so that spam doesn’t get a single chance to pop up in your received folder.
  • Don’t post your e-mail address publicly. This includes message boards and social networks. If you have a blog or a website, use a CAPTCHA-protected contact form instead. Better yet, do not use your professional e-mail account for such things. Set up a disposable one instead.
  • Itching to click that unsubscribe button? Better not. This might actually confirm that your e-mail address is indeed active and worth sending even more spam to.
  • Don’t click on anything that’s contained in such an e-mail. Your computer might get infected this way and that’s something you just cannot afford.

Phishing

This a particularly nasty way to scam you, as it targets your sensitive data, such as credit card details or personal info. How does it work?

Imagine you received an e-mail that totally looks like something your bank, for example, would send to you. You open it and read that your account is threatened and you need to act now. They need your login credentials (including your user name/customer number and password) to confirm that everything’s fine and you are really you, otherwise the bank will have to suspend your account for so-called “safety reasons.” Typical phishing attempts go along these lines. Ranging from legitimate looking e-mail messages to elaborate copies of the most popular banking websites or online stores, these are the tools to gain your trust and, subsequently, your sensitive data.

Phishing has branched out to other types and the most popular ones include:

Spear phishing:

As bad as it is, it’s nice to see someone going to great lengths to tailor the scam to your personal tastes! While regular phishing attempts are basically just setting a trap and waiting for someone to take the bait, spear phishing is much more elaborate. Typical targets include various organizations, companies or particular executives. These are carefully-crafted, legitimately-sounding scam messages (that contain names of a person’s co-workers, for example, to appear even more trustworthy), so that high-ranking individuals are likely to open them and click on links or download files (malicious, of course) they contain, getting infected as a result. A variant of spear phishing aimed at top executives is known as whaling and it requires even more effort to be convincing.

Pharming:

This is a particularly vicious way to scam people. Why? Because even if you go to a legit site, you still get redirected to a fake one, because your computer or personal server has been infected with malicious code you accidentally downloaded when visiting a fraudulent link, for example. An extreme version of pharming is DNS poisoning. This causes an entire DNS server to redirect users to the forged website. Regular phishing attempts are pretty easy to spot, but since there aren’t any discernible signs that you are on a forged bank site, for example, even experienced users can fall prey to a pharming plot.

Vishing:

This one isn’t particularly online-based, as it involves telephones. Vishing (or voice phishing) is a way of obtaining your data through a phone call. For example, you received an e-mail alerting you to some security threats regarding your bank account, and you are urged to call the phone number specified in the message. So, you call, someone picks up (usually it’s a text-to-speech synthesizer) and asks about sensitive details, such as your login and password. Thanks but no thanks.

Smishing:

Essentially just like the above, but it involves mobile phone text messages.

How can you avoid these dangers and all these nasty phishermen? Here’s a couple basic tips:

  • Never ever open any links contained within suspicious messages or download any attachments. If something seems trustworthy, always confirm at the source that they indeed sent you such a message.
  • Watch out for fake links and forged websites. Always make sure the one you are browsing (a safe one, to be exact!) has https:// in front of its address.
  • Bank employees and other authorities NEVER ask you about your passwords and other login details. Don’t share them with anyone!

Nigerian scams

He's wealthy, but needs financial support? Odd.

We’re including these because they have become a separate (and legendary) genre of spam e-mails. Here is a classic example of this scam:

My, that sounds legitimately scary. We hope he's all safe and sound! – Nigerian Price Scam Email

Why are they called Nigerian scams? That’s because that is where they reportedly originated, but these scams come from all over the world these days. Here’s how they usually go: a wealthy royal family member or a government official e-mails you about their immense fortune locked away in their banks. They cannot access their accounts because of personal troubles, but you can come in, save the day and — that’s the best part — get a pretty hefty cut of the money! They’ll even send you legitimate-looking documents to prove it’s all real. The thing is you need to pay some advance fees before you receive your share. What a bummer!
The solution to this one (and other advance fee scams) is simple. Tick the box next to the message and click “Delete.”

Wow, she's legitimately worried.

P.S. There’s apparently no such thing as “royal families” in Nigeria. Go figure.

Man-in-the-Middle / Man-in-the-Browser Attacks

It takes three to MitM: the victim that took the bait, the entity they are communicating with and the eavesdropping “man in the middle,” intercepting communications — all without the victim being aware of this, of course. Let’s say you are attempting to transfer money from one account to another. It seems like you are communicating with the bank, but the nasty guy in the middle alters your message to the bank and the money gets transferred elsewhere as a result. A variation on this scam is the man-in-the-browser attack (MitB), where vulnerabilities in a user’s browser allow the scammer to modify its elements or the websites themselves, opening backdoors to your computer and allowing the attacker to succeed.

This is one of the most dangerous Internet threats. How can you fight it?

• Remember to install good antivirus software and keep it updated at all times.
• Unfortunately, the above is not enough — antiviruses have been known for rather low MITM/MITB attack prevention rates. Additional measures are required, including in-browser security software and plug-ins, or even safer alternatives to the most popular browsers on the market, for example Comodo IceDragon, Epic Privacy Browser, Maxthon Cloud Browser or the famed Opera.

Malware & Ransomware

Malware comes in all shapes and sizes. Viruses, Trojan horses (malicious code that allows unauthorized access to your computer), fake antivirus software, adware that litters your screen with tons of pop-ups and the like — there’s plenty to choose from (ugh, no thanks). It is mostly stuff that you can accidentally download by visiting an infected website, opening an attachment in a fraudulent e-mail, etc. However, even official software released by well-known companies can fall under this category, if it secretly acts against the user’s interests by, say, spying on their computer habits.

Ransomware takes all this to a whole new level by denying you access to your computer unless you pay. And that’s a usually very hefty fee. Typically that’s “cyber police” demanding you pay a fine for your imaginary crime of downloading illegal files. Blackmailing people isn’t exactly upholding law, is it?

Again, what can you do?

  • Keep your anti-virus software updated and remember about installing good firewalls and security plug-ins in your browsers.
  • Never open any unsolicited e-mails and make sure you are browsing only legitimate sites. They can be hacked, too, but they’re a much safer bet than totallyyourbank.co2, for example.
  • Never ever pay the ransom if you get infected with ransomware. You might lose your files (it’s always a good idea to have back-ups ready), but the infection is totally removable.

These are the most common types of online frauds that lurk in the nasty parts of the Internet. But there’s no need to worry. While good antivirus software and similar security measures offer you a very decent level of protection in case you do run into a scam or a virus-ridden website, common sense is usually your greatest weapon against these threats.

Surf safe and stay tuned for more tips on online security!

Back to news list

See Also

G2A_DEAL_logo_RGB_achromatic_on_black G2A_DEV_STUDIO_H_logo_RGB_basic_on_black