5 minute read
7 Common Fraud Tactics You Need to Know
As commerce has increasingly shifted from cash and checks to digital payments, so too has fraud transitioned to cyber methods. And it has increased by leaps and bounds. The Federal Trade Commission reports that fraud increased by 70 percent from 2020 to 2021, and the most common fraud tactics are now online imposters and shopping scams.
While all industries and organizations face threats to their digital security, some reports identify education as the most targeted industry for cyberattacks, which as of August 2022 experienced nearly nine times more attacks than the number two most attacked industry.
To prevent today's fraud tactics and improve your institution’s security, you must first understand how and where fraud attempts happen. How does a bad actor get access to systems controls and critical information? Who or what are they targeting?
The following are some of the most common fraud tactics occurring in higher education today.
Social engineering
Sounds like a new department in the school of engineering, but social engineering is actually a new phrase for a centuries old fraud tactic—the con job. Someone impersonating a trusted source uses creative and sophisticated manipulation to get people to divulge confidential information. Social engineering happens via many avenues, from emails and websites to phone calls and fake salesmen knocking door-to-door. This category of fraud encompasses many techniques we cover below that use impersonation to trick people.
Phishing
The most common type of social engineering, phishing, is the sending of emails, text messages and other digital communications that appear to be from reputable sources and persuade individuals to reveal sensitive information, from passwords to debit and credit card numbers—sometimes just by clicking on a link in the message. It is so common because it continues to be effective despite being a well-known threat that many users have received training to avoid.
Hacking
Hacking is a general term for compromising digital devices and networks through unauthorized access. Like social engineering, it is an overarching category that includes a number of fraud techniques that take advantage of flaws and weaknesses in software and hardware. The methods of attack range from silent and stealthy to obvious and overpowering, and the targets of attack range from a small piece of electronics to a large system of servers. For instance, spyware is discrete and nearly undetectable, spreading without notice every time someone opens a file in which the spyware is embedded. On the other end of the spectrum, there are denial-of-service (DoS) attacks that overwhelm a piece of technology, from websites to servers, with a high volume of site traffic or process requests that you can see but cannot stop, causing the technology to malfunction and possibly crash.
Malware and spyware
Short for malicious software, malware is most often a file or piece of code that infects a computer and eventually the network it is connected to. Malware is installed by clicking on a website link, opening a file, and other digital means of intrusion. While malware disrupts, damages, and blocks processes, spyware secretly monitors activity and usually collects the data involved, such as passwords and financial account information. You will likely see the effects of malware soon after its infection but spyware can go undetected for months if not years.
Ransomware
Ransomware is a type of malware that attempts to encrypt everything from individual hard drives to a system’s servers. It holds data hostage, followed by a demand for payment, often to be paid in some type of cryptocurrency. This type of fraud makes the news headlines the most, as the number of people affected, the duration of the data being held hostage, and the amount of ransom demanded can all be staggering.
Sophos’ State of Ransomware in Education 2022 report states that 64 percent of higher education organizations were hit by ransomware in 2021, up from 40 percent in 2020. In addition, 74 percent of higher education ransomware incidents resulted in encrypted data, the highest rate of all industries. Financial data and personal information is captured as well as the large amounts of research data worth billions of dollars to professors, institutions, and research funding agencies like the National Science Foundation.
Exploiting public WiFi networks
WiFi access is everywhere on campuses, from coffee shops in the student union to the most cutting edge laboratories, and we often don’t think twice about connecting our devices to a network we’ve never encountered before. Unfortunately, many WiFi networks are at best not upgraded to the newest protocols to be properly secured, and at worst wide open with little if any protections for the data transferred on the network. Bad actors can capture this data just as they would through hacking and malware.
Skimming
Historically, skimming referred to an employee stealing cash from a sale before the transaction was accounted for, and so the crime goes undetected. Nowadays, in the digital era, skimming refers to installing illegal devices on ATMs, point-of-sale (POS) terminals, and other card readers that record credit and debit card account numbers, PINs, and other key information. After the data is captured, counterfeit cards are created, the data is sold, or the data is used for fraudulent online purchases. For higher ed campuses, skimming can take place at any pay point, from the dining hall to parking lots and sports and events.
Stay up-to-date on evolving cyber crime
As all industries increasingly rely on digital processes, bad actors shift to digital techniques to commit fraud. They are endlessly creative, devising new techniques for every new technology, and always expanding their targets to new organizations.
The issue of cyber crime is a hot topic that won’t cool off anytime soon. Understanding today’s fraud techniques is step one in the process of preventing them. Next steps include learning and applying best practices, and finding ways to stay on top of the constantly evolving world of information security. Stay tuned for more insights from TouchNet on how to protect your campus and community.