Online scams

We can hardly do without the Internet today. We need the Internet to do our job, we find important information on it, we have fun and communicate with others. But we often forget the various dangers from which we must protect ourselves.

Data protection on the Internet is a very important topic, which we have already written about in the article what is "security on the Internet" and how to protect personal data, and now we will focus on Internet fraud. So read on and find out how to expose them and what to do when you recognize them.

What is internet fraud anyway?

SCAM or internet fraud is a term used to describe abuse or plans to extort money or other property from people who do not suspect fraud. In other words, well-disguised scams that are easy to fall for and in which false information is provided in order to make a profit or confidential information.

Each of us can find ourselves the target of these well-concealed scams because their main feature is the realistic look of the message that comes to you, and is most often sent via email. Some of such scams are phishing, blackmail and / or letters from "relatives", CEO scams, chain letters and the like.

Phishing fraud

Phishing is the most common online scam. With phishing scams, the main goal is to get your confidential information, such as bank account details, social network passwords, and the like, because such information gives scammers free access to your finances and identity. Another name for this scam is online identity theft.

What this type of fraudsters will ask for are, for example, account number, username, password, credit card number and PIN, and they will explain to you why they need them, such as improving the security system, verifying accounts and orders, fraud protection, for refund taxes or bills and the like. In addition, the message they will send you will have all the characteristics of the bank from which you usually receive various information. However, your bank will never ask you for a PIN or any of such sensitive personal information. If you are really unsure of the veracity of such messages, it is safest to call the bank and ask if they needed you.

Phishing scams can also happen over the phone. In this case, the caller identifies himself as an employee of your bank and asks you for highly confidential personal information. But even this will never happen if your real bank calls you. If they call you, your real bank will then invite you to the branch to resolve a certain "situation".

Login data scams

Have you ever checked the URLs of websites where you link to your account? Probably not, but you should. But let's start over.

What is the URL of a page and what does it look like?

URL is an English abbreviation for the term Uniform Resource Locator, which means: uniform or harmonized content locator, and we usually call it the address of a website. Each address has several elements.

Protocol

An organized communication system for connecting devices is the most common HTTP, or HTTPS ("S" indicates connection security, if there is no "S" connection is not fully protected) sometimes instead of HTTPS in the place of the website address you can see a small padlock that is locked if the page is protected, or unlocked if the page is not locked.

Server name or domain name

This element helps us to identify a part of the Internet, ie the owner of the site, and can consist of one or more elements, the last mark that starts with a dot can show the country (.hr, .de, .eu, etc.).

Path to content

Everything after the first slash indicates the path, that is, the path to the content you want to watch or read.

Example URL: HTTPS: // www. ec.europa. eu / croatia / home. hr

Recently, web pages have appeared that copy the name and appearance of the ones you are used to logging in with, but they have a difference in the URL, ie the address of the web page. Once you enter your input through them, fraudsters collect them at their destination and you have given them free access to their data. Worst of all, you probably won't even be able to log in to your account through such a page because you'll be shown an error on the page. But the damage is done, your data is stored in their database, and reversals can instantly change the password.

These scams most often occur on mobile devices because the entire Internet addresses (URLs) are not visible in the window.

Blackmails and letters from distant rich relatives

In 2018, the Ministry of the Interior warned of a global fraud that also appeared in Croatia (link is external). These are automated messages sent via e-mail in which the sender claims to have private recordings of the victim because he "hacked" their computer. With this kind of blackmail, he asks them to pay money into the account. If you receive a message with this content, it is more likely that the databases of some of the pages you use have been stolen than that you have been personally "hacked". P

namely, the problem occurs when the database of a certain site (such as Google, Facebook, etc.) is hacked, then the fraudster or group of fraudsters copies information from the database of all users and sells or uses this data for its type of fraud. If you were among the members / users of that site, your e-mail is also on the list, to which one of such letters is sent to try to "withdraw" money.

A similar fraud occurred in 2014 when the so-called a lawyer from the United Arab Emirates emailed the victims that they were the heirs of a large sum of money from a very distant wealthy relative. He would ask the victims for personal data in order to make the payment, and in order to start the payment procedure at all, he would first of all demand from the victims to pay for his service as well. Although it seems rather naive at first, the fraudster elaborated the story in great detail.

The whole fraud

Chief Executive Officer (CEO) or so-called. Directory fraud (link is external) is one of the newer types of internet fraud. It is aimed at organizations, companies, accounting offices. Occurs when an employee, who is authorized to make payments, is deceived into paying a fake bill or making an unauthorized transfer from a company account. The perpetrator introduces himself as the director of the company and requires the urgent execution of an invoice that is false. The perpetrators are well informed in advance about the company, compose very convincing emails and invoices that are easy to come across.

Chain letter

This scam has spread en masse with the development of social networks, and is most often associated with some superstitions like “if you don’t pass that three years of misfortune awaits” and threats like

"if you do not forward your profile you will be deleted / hacked". Those who will forward the message / e-mail are promised rewards and thus attract people to really share the message with more people.

Internet fraud in the form of a chain letter is used as a call for fake donations, interference with communication services, harassment, surreptitious advertising, theft of personal data and the like.

During 2018, and even 2019, chain messages appeared on the WhatsApp app, asking, among other things, to fill out a survey and share a message with friends, and in return offered it to anyone who did branded items. However, anyone who really did it found themselves in a very awkward situation, namely the cell phone would stop working and the only way it could be activated was a forced reset, and of course he did not receive a "gift".

How not to fall into the trap if fraud

In order not to fall into the trap of fraud, digital literacy is most important. Read about digital communication and don’t fall prey to frivolous messages. In addition to reading, check everything that can be verified, from the URL of the pages, to the authenticity of the messages. Do not enter personal data anywhere, but only in places that you know for sure and everything that goes in the e-mail in the "spam" section should remain there. Chain messages are best ignored and not forwarded. Do not confirm anywhere and anything with "Ok" or "I agree", read carefully what is required of you. In short, be educated about sharing your personal information.

Data protection - GDPR

In May 2018, an important change in the legislation of the European Union arrived, it is the General Data Protection Regulation (GDPR) which brings a new legal framework for data protection and data transfer to third countries. The General Data Protection Regulation is a new law on the protection of privacy and personal data that will apply in all 28 EU Member States. The GDPR affects all organizations that use the personal data of EU citizens, even if they do not operate in the territory of the European Union.

The main purpose of this provision is to reduce the misuse of personal data, which includes name and surname, personal card number, address, credit card and health card data, biometric data, genetic data, IP addresses, cookies in the browser and the like. By implementing this regulation, individuals will have higher rights and controls over the use of their basic data, and in the long run, online fraud will be greatly reduced.

The GDPR sets out several principles regarding the processing of personal data. They should be kept in mind by website owners during any data processing, and the violation of which is punishable by the highest penalties. These principles are:

data may only be processed on a valid legal basis, in a fair and transparent manner to the user

mandatory indication of all purposes of processing for which data are collected

only data that are relevant and necessary to fulfill the purpose for which they are processed may be collected

the data needs to be accurate and up to date

the data may not be stored for longer than the period necessary to fulfill the purpose for which they were collected

personal data must be protected from unlawful and unauthorized processing, accidental loss or destruction

website owners must be able to demonstrate compliance with the above principles

There are also severe penalties for violating the provision, from lower fines of 10 million euros or 2% of the total annual turnover of the company that owns the website, to higher fines of 20 million euros and 4% of the total annual turnover.

However, it is not enough to just inform you about these rights. Website owners must do their best to help you exercise these rights. Therefore, they must accept and resolve your requests, such as:

inform you if they have your information

give you the right to access your personal information they possess

upon request, they are required to provide you with a copy of the personal information contained in their database

they are obliged to correct at your request incorrect information they have about you in their possession (with the delivery of accurate information)

you may request the transfer of personal data to another controller

you may request the cessation of data processing for the purpose of direct marketing

you can also request the deletion of all your data in their possession concerning them.