Internationally, only 7% of victims of online fraud manage to recover their lost money, according to a report by the Global Anti Scam Alliance, ING Bank informed.
Only 7% of victims of online fraud manage to recover their money
About 60% of the respondents to this report said that these attacks had a very strong emotional impact on them.
Fraud attempts increase exponentially, up to two or three times, around the winter holidays when users do more online shopping. At the same time, cyber attackers have increasingly started to use deep fake technology to mislead potential victims and give an increased degree of confidence to the information presented.
In this context, ING Bank Romania and the National Cyber Security Directorate (DNSC) issue a warning to all card users to be vigilant when shopping online, viewing promotional offers on social networks or booking a holiday.
“Often, attackers rely on manipulating victims to enter their personal and financial data on various phishing pages, not on developing sophisticated software solutions to steal their data. Fraud attempts occur in all industries, so we see everything from promotional offers or holiday gift vouchers, to fake investment schemes and messages impersonating different companies or travel booking platforms.
At ING, we are constantly investing in real-time monitoring systems to identify and prevent cases of fraud, as well as awareness and information campaigns for all card users about new types of fraud. Furthermore, we focus on supporting the authorities in the fight against crime by providing fast information in digital format. ING is the first bank to enter the data exchange project with DIICOT, followed by DNA and IGPR.– Alin Becheanu, Head of Fraud Monitoring and Prevention, ING Bank Romania.
From fake ambassadors to deep fake. What are deep fakes and how can they be identified
Deep fake technology is used by attackers to manipulate video footage to promote “amazing” offers and investment or get-rich-quick opportunities. As a rule, they use the image of famous people, politicians, businessmen and even journalists, to give more confidence to potential victims. In some cases, the material looks like a television news report.
“Recently, on social networks, more and more fraudulent campaigns are being propagated in which we see sponsored ads with a deep fake video. Social media accounts may be newly created and used exclusively for this purpose, or they may be compromised accounts that previously belonged to other users.
Always review video content carefully! To identify deep fakes, the clues can be: the quality of the image is poor, the movement of the mouth is not natural when the character in the image speaks, the sound is not perfectly synchronized with the movement of the lips, and the words may be pronounced incorrectly in Romanian, a sign that the attackers they used a text-to-speech solution for the audio version.
Moreover, if the information presented is shocking or particularly important, verify its existence. If no reliable source is talking about it, it could mean that the video is, in fact, a deep fake.” – Mihai Rotariu, coordinator of the Communication, Marketing and Media Directorate within the DNSC.
Dark web, a marketplace with fraud schemes
The dark web, a hidden part of the Internet, is a place where information stolen from various individuals or organizations is traded by cyber attackers.
“Passwords and personal data are stored on the computer, and all this information is saved in the browser. Attackers manage to capture this information from the browser and put it up for sale on the dark web. Prices may vary depending on certain criteria. Thus, a credit card can cost $25, a social media profile $1, while bank details can cost $1,000 and a passport $1,500. Anyone who has access to that dark market can have access to this data. Info stealer is the most popular type of malware, it is very simple to use and captures saved credentials from your browser, including card data.
As for small and medium-sized businesses, attackers target them for ransomware attacks.
Dark web monitoring is a vital practice for detecting and preventing cyber threats. By tracking dark web activity, organizations can take proactive steps to prevent identity theft, financial fraud, and other security risks.– George Drăgușin, Presales manager, Provision.
Bank transactions are automatic and cannot be reversed
Once a user confirms a transaction, it cannot be undone. According to the European Directive Regarding Payment Services – PSD2, fraudulent transactions are not considered if card data is provided and payments are approved by two-factor authentication (in the banking application or by code received via SMS). Consequently, the chances of banks recovering the amounts for their customers are almost nil in such cases.
“For added security when shopping online or at the POS, users can open a secondary account to which they attach a card, preferably virtual. In Home’Bank, they can issue a virtual card anytime, anywhere, at no cost. Thus, they are in full control, because they can decide how much money they will spend, which they transfer from the main account. No matter what happens, a fraudster will never be able to spend more than is on that virtual card.– Cristian Lia, Cards Tribe Lead, ING Bank Romania.
Tips for online security before the holidays:
1. Use a unique password for each account and change passwords regularly. Use strong passwords that include upper and lower case letters, numbers and symbols. Reusing the same password on multiple platforms is not recommended. If one account is compromised, others may follow. To manage this, consider using a password manager. These tools not only store passwords securely, but also help generate strong, random, hard-to-guess passwords. In addition, changing passwords regularly can further reduce the risk of unauthorized access.
Options: KeePass (free); 1Password (paid).
2. Use two-factor authentication (2FA), as it adds an extra layer of security. It involves receiving a code by phone/email or using an authentication application and entering an additional code along with the password. By enabling two-factor authentication, if an attacker obtains the user’s password, they would need this second piece of information to access their account, which significantly reduces the risk of unauthorized access.
3. Be careful with personal information online, especially on public platforms. Personal data such as address, phone number or date of birth can be used by attackers for identity theft or other malicious activities.
4. Don’t provide bank details for offers that seem too good to be true. Always approach such offers with skepticism and do not divulge financial information for super deals.
5. Do not allow remote access to your mobile phone or computer (via applications such as AnyDesk, LogMeIn, etc.), for technical “help” or “support”, as it may expose the device to malware or allow unauthorized access to personal or banking data.
6. Why am I the one receiving this BRIDGE and not someone else? “Experts” will not call you or contact you on whatsapp or social media networks to share the secrets of highly successful, risk-free investments. So, ignore the messages that offer easy earnings.
Together with DNSC and ProVision, ING Bank Romania organized an informal meeting where we discussed the new trends in online fraud and how we can avoid them. The following participated: Alin Becheanu – Head of Fraud Monitoring & Prevention and Cristian Lia – Cards Tribe Lead within ING, Mihai Rotariu – coordinator of the Communication, Marketing and Media Department within DNSC and – George Drăgușin, Presales manager, Provision.
To recognize online fraud attempts and not fall victim to them, constantly inform yourself about them from reliable sources such as the DNSC website and the security section of the ING Bank website.