Abstract:

Ever since the lockdown, people have been required to radically change the way they interact with the
world. People had to be present virtually rather than in person every time they had a task to perform.
Opportunist scammers saw this and started using different scam strategies for their illegal scams.
In this research paper, we will be looking at different different ways the scammers used for their
illegal and unethical activities.

Introduction:

What Are Internet Scams?

Internet scams are different methodologies of Fraud, facilitated by cybercriminals on the

Internet. Scams can happen in a myriad of ways- via phishing emails, social media, SMS
messages on your mobile phone, fake tech support phone calls, scareware and more. The
main purpose of these types of scams can range from credit card theft, capturing user login
and password credentials and even identity theft.

Before we start, If you see something suspicious, report it to g.co/ReportPhishing or

g.co/ReportMalware, this are created by google (https://safety.google/securitytips-covid19/)

Most Common Types of Online Scams

Phishing

The top online scam today is Phishing. Internet thieves prey on unsuspecting users by
sending out phishing emails. In these emails, a cybercriminal tries to trick you into believing
you are logging into a trusted website that you normally do business with. This could be a
bank, your social media account, an online shopping website, shipping companies, cloud
storage companies and more.

Another type of popular phishing scam is the Nigerian Prince, or 419 scam. These are
phishing emails in which you’re asked to help bring large sums of money into the country,
cash phony money orders or wire money to the thief. The trick is that the scammer first asks
you for a small fee because the larger sum of money is “tied up” whether it be in wire transfer
fees, processing fees or some other tall tale.
Trojan

A Trojan horse or Trojan is a type of malware that is often disguised as legitimate software.
Trojans can be employed by cyber-thieves and hackers trying to gain access to users' systems.
Users are typically tricked by some form of social engineering into loading and executing
Trojans on their systems. Once activated, Trojans can enable cyber-criminals to spy on you,
steal your sensitive data, and gain backdoor access to your system.

Ransomware

Ransom ware is malicious software that infects your computer and displays messages
demanding a fee to be paid in order for your system to work again. This class of malware is a
criminal money making scheme that can be installed through deceptive links in an email
message, instant message or website. It has the ability to lock a computer screen or encrypt
important, predetermined files with a password.

Fake AV

One close to our industry is fake security software, which is also known as scareware. These
start with a pop up warning saying that you have a virus. Then the popup leads the user to
believe that if they click on the link, the infection will get cleaned up. Cybercriminals use the
promise of “Free Anti-Virus” to instead implant malware on a victim’s device.

Social Media Scams

Social media scams are a variety of posts you will see in your news feeds- all with the goal of
getting you to click on a link that could potentially be hosting malware.

Mobile Scams

Mobile scams can come in many forms, but the most common are phishing apps. These apps
are designed to look like the real thing, just like phishing emails. It is exactly the same
premise, however, instead of emails, the malware is passed through a fake app.
Types of Online Scams applications:

Online Job Scams

Due to the covid, many businesses were finding it difficult to sustain. Thus resulting
in people being laid off or fired from their pre-existing jobs or closing down their business.
This has led to a surge of online job scams as the scammers are using it as a golden
opportunity to rob people of what's left in their bank account.
This method of scamming includes first finding genuine business email addresses and
then creating fake email id with slight variation in it from the origin official one. Next, the
scammers then email the victims of these scams with very professionally written mail that
seems legit. Later they ask for sharing their bank details, in case of foreigners they ask for
their passport details too.
Many students studying abroad have complaints about such experience. Once they
acquire the passport details of an individual, these crooks then open bank accounts in the
victim's name and can also get a credit card or loan depending on the country's bank rules.
These scam may also sell your passport data as passport data sells in three formats on the
darkweb, digital scans, templates for creating a finished passport and actual physical
passports. These range in price from $5-$65 for scans, $29-$89 for templates and up to
$5,000 for the finished product.

The theft of as many as 5 million passport numbers from the Marriott hotel chain last year
continues to worry consumers concerned that criminals were using their information for fraud
or even travel.

Unlike credit card data or personal Social Security numbers, there are few mechanisms in
place to alert consumers that their passport numbers have been stolen and possibly used for
fraud.

According to research from cyber security intelligence company Flashpoint, passport data
sells in three formats on the dark web, digital scans, templates for creating a finished passport
and actual physical passports. These range in price from $5-$65 for scans, $29-$89 for
templates and up to $5,000 for the finished product.

Modern entry procedures in most countries can catch forgeries and lower-priced “fake”
passports have a limited use for other types of identity theft.
Some of the scam techniques involving google pay or other UPI services

Fake UPI numbers of local businesses

This is a fast-growing UPI scam these days. When you search for something
innocuous, like the phone number of courier service or a local restaurant, Google may show a
listing that is unverified and actually belongs to a scammer. The scammer achieves this by
optimising the website for social media as well as by registering as a business on multiple
platforms to convince users (and Google) of its authenticity. When you call that number, the
person on the other end will ask you for details or your package or take your order; then will
request partial or even full payment to confirm the order via UPI. After this, money will be
deducted from your account and the phone number will become unresponsive.

SIM cloning

Another way fraudsters have been able to hack someone’s bank account is by cloning
their SIM card without their knowledge. Sometimes done by directly asking on whatsapp or
mail by being persuasive. By cloning the number, the fraudster can receive OTPs, allowing
them to change the victim’s UPI PIN and access banking apps and payments services like
Google Pay, Paytm, and so on. The process for SIM swapping or cloning is not easy, which is
why it’s not popular even among scammers. SIM swap fraud has been steadily increasing in
India in recent times. Last year, a person reportedly lost Rs 25 lakh due to SIM cloning.

Notably, this method happens after some of the previous scams we mentioned such as
phishing and fraudsters pretending to be bank representatives. Once they obtain enough
personal information from the victim, they can call the mobile operator and convince them to
block your SIM number. They will then obtain a new SIM and access your banking accounts
via SMSs and OTPs.

Request Money scam

 One of the most common UPI scams is the ‘Request Money’ scam. This happens
when a user receives a request to pay money instead of getting a payment, and isn’t paying
enough attention to the transaction. OLX and Quikr are well-known for hunting grounds for
frauds using this scam. On apps like Google Pay, PhonePe, BHIM, etc., there is an option to
request money from another person, which is something fraudsters take advantage of. Say
you’re expecting a payment from a person for a product you want to sell, but instead of
paying you the amount, the person sends a payment request for that amount. You receive the
request and, unassumingly, enter your UPI M-PIN. As soon as you enter the PIN, you have
validated the transaction and the money gets transferred from your bank account to the
fraudster’s account.

Cashback/ refund scam

This is a variation of the Request Money scam, wherein the scammer will call and
pose as an agent of the bank or a major retail chain. She/ he says the user has been awarded
some cashback and asks them to accept it via any UPI app of your choice. Many scammers
even keep an eye on Twitter and Facebook for complaints shared by users on the platform;
they then call as executives of such companies and promise to process a refund. Within
seconds, the user gets a message mentioning the said amount on your UPI app; in a rush to
encash the cashback, many users enter their PIN. However, this will be a payment request —
UPI apps do not require users to enter PIN to accept a payment. This means they authorised a
UPI payment from their phone instead of accepting money from the caller. This is a fairly
common scam and many have fallen for it.

Remote access/ Vishing

UPI has a simple four-digit PIN to authorise transactions. The simplicity of this
process also makes it easy for hackers to transfer funds from your bank to their accounts once
they discover your PIN. One of the ways hackers can do this is by accessing your phone
remotely using apps like AnyDesk. This is a remote desktop software that can allow hackers
to gain access to your phone and all the OTPs it receives.
In such a scam, you can get a call from a fraudster pretending to be a bank representative
calling regarding an issue with your account. They will then try to establish a conversation,
asking for personal details such as your date of birth, name, and mobile number. They will
then ask you to download an app like AnyDesk or ScreenShare or TeamViewer from Google
Play Store. The fraudster will then ask for an OTP that is generated when setting up the app.
They will also ask you to grant all the necessary permissions in the app. Once this is done, the
hacker will have full control of your phone and can make transactions using your UPI
account.

In such a case it is important to understand that a bank representative will never ask for your
credentials such as passwords or OTPs. They will also never ask you to download a third-
party app. If anyone asks you to do any of these over the phone, they are most likely trying to
scam you. Notably, apps like Paytm will not work if you have a screen-sharing app installed
in order to protect your confidential data.

SMS forwarding scam

This is a relatively elaborate scam in which the scammer will ask you to send an SMS
from your phone in order to authenticate an order or to process a refund, etc. However, this
SMS actually contains an alphanumeric identifier for your smartphone — this alphanumeric
identifier tells UPI that the request to register a UPI account was made from the users’
registered phone number. When you send the requisite SMS to the scammer, they will get
this alphanumeric identifier too, which allows them to register for a UPI account from your
phone number. Then they will be able to steal money from your account. This usually
involves the fraud guessing the UPI PIN based on the personal info they have of the user.
However, there have been cases where the scammer convinced the user to give their PIN in
order to process refunds etc.

Counterfeit UPI apps

Counterfeit UPI apps are available by the hundreds on the Google Play Store, with
names that try to trick the user into downloading them. These include and are pretty easy to
spot due to poor ratings and few downloads. Nonetheless, if someone does end up
downloading such an app, they can not only give away their phone number in the registration
process but also their debit card PIN and access to their bank account. In many cases related
to these fake banking apps, the OTP the user receives and then enters in the app is used to
authenticate a payment/ transaction by the scammer.

PayPal Fraud

PayPal Fraud In a collection in person PayPal scheme, the scammer targets eBay
auctions that allow the purchaser to personally collect the item from the seller, rather than
having the item shipped, and where the seller accepts PayPal as a means of payment. The
fraudster uses a fake address with a post office box when making their bids, as PayPal will
allow such an unconfirmed address. Such transactions are not covered by PayPal's seller
protection policy. The fraudster buys the item, pays for it via PayPal, and then collects the
item from the victim. The fraudster then challenges the sale, claiming a refund from PayPal
and stating that they did not receive the item. PayPal's policy is that it will reverse a purchase
transaction unless the seller can provide a shipment tracking number as proof of delivery;
PayPal will not accept video evidence, a signed document, or any form of proof other than a
tracking number as valid proof of delivery .This form of fraud can be avoided by only
accepting cash from buyers who wish to collect goods in person.

Counterfeit cashier's check scam

Landlords placing advertisements on Craigslistrent.com receive an e-mail response

from a prospective renter from a foreign country, typically a student fresh out of secondary
education (high school in the U.S.). The first inquiry seems legitimate. The second usually
comes with requests for more information and an attachment from a fake company set up by
the scam artist indicating that the "student" has won a part-time scholarship from the
company. (The fraudster will often set up a fake website for the company, in order to make
the attachment seem legitimate.) The scam comes with the third e-mail: a request for the
victim's name and address so that the "company" can send a cashier's check to cover the rent
and the "student's" travel costs. The victim is instructed to cash the check and wire the
difference back to the student so that they can travel to the destination country. In the United
States, banks consider cashier's checks to be "guaranteed funds" and will typically cash them
instantly. However, unlike a certified check, the bank that cashes a cashier's check can still
take back the money from the depositor if the check is counterfeit or "bounces". Because of
the lag between the cashing and clearing of the check, the victim does not realize that they
have been had until their account is debited for the amount they wired to the fraudster, plus
any fees for the bounced check.

Short review on survey and its Results:

The above diagram shows that from our sample size 65% of the participants received fake job offers

and rest 35% didn’t. This shows that the scammers are aware of the target of their scam as most of the

participants were young college students or straight out of college recently.

The above diagram shows that almost half of the mails asked for the bank details of the participants.

That doesn't mean that the next half were not going to ask for bank details as some scammers ask for

bank details in the follow up mails.

The above pie chart represents the fraud to which user must have come across. Most of users have

come across fake advertisements.

When asked to the user about threats to consumer while shopping online most of them have

responded to chances of hacking the bank account.

Case Study on Online scam:

Preventing Account Application Fraud and Money Laundering

A top 5 UK bank launched a new promotional offering with the goal of attracting new customers. As
part of the digital checking account opening process, customers whose salaries met a certain threshold
were offered the opportunity to be automatically approved for a credit card and overdraft protection in
a single application.

Consequently, this offering also attracted cybercriminals who were opening fraudulent accounts to
later launder money or spend credit.

The bank sought a solution that would help them satisfy both business and risk objectives: safely
acquire more customers while stopping cybercriminals at the account opening stage.

Stop Criminals, Not Customers

The bank decided to leverage the BioCatch platform to analyze an applicant’s fraud risk prior to

granting immediate approval. By incorporating BioCatch risk scores and risk indicators into the

account opening process, the bank was able to implement an auto-decline process and prevent

down-the-line fraud losses.

By using BioCatch high scores, risky applicants were automatically redirected to a screen

that requested them to visit a physical bank branch to present their passport for additional

authentication. In addition, when these applicants happened to be linked to an existing customer

account, the bank sent the customer a “decline letter” informing them that their data may have

been compromised.

Further, by leveraging BioCatch medium and low risk scores, the bank allowed credit card and

overdraft protection to become available immediately, increasing customer acquisition while

ensuring minimal risk.

Realize Immediate Value

The bank was able to realize immediate value with BioCatch’s advanced fraud detection models.

Within just three months, the bank detected thousands of fraudulent applications and notified

hundreds of customers of potential identity compromise.

In addition to the bank automating an auto-decline flow based on BioCatch risk scores, they also

leveraged BioCatch insights to enhance downstream investigations of associated attacks. For

example, when an account opening session was flagged as high risk by BioCatch, the bank would

then correlate these insights with other third-party data outputs, such as the user’s email address.

In this case, the bank could see that this email was used in ten other account opening applications

and proactively pinpoint other fraudulent sessions. This added layer of behavioral context at the

core of their decisioning helped the bank drive more efficient case resolution.

Generate ROI

The bank’s auto-decline implementation of behavioral biometrics and fraud scoring stopped

fraudsters during the application journey by requiring their presence in a bank branch to complete

authentication in person. This solution reduced the cost of fraudulent account openings as well

as operational costs tied to case management equating to approximately £800K in savings in just

three months.

Discover Downstream Fraud

One unintended benefit of implementing BioCatch Account Opening Protection was the bank’s

realization that downstream fraud was occuring by exploiting mule accounts. The Account Opening

fraud team who engaged BioCatch was not thinking about fraud control against mule accounts,

as this was traditionally managed by a downstream Anti-Money Laundering team. By declining the

opening of these accounts at the application stage, the bank was able to minimize fraud losses

down the line and better protect against reputational damage.

Expand BioCatch Deployments Globally

Since realizing the results from applying the BioCatch Account Opening solution, the bank has

decided to expand deployment across the UK, US, Canada, APAC, and Australia. The bank has also

applied BioCatch’s behavioral biometrics to additional customer flows, including account takeover

controls.

Case 2:

 The Cosmos Bank hacking incident happened in 2018. As a 112-year old banking institution,
Cosmos Bank holds a high regard in the Indian Banking Industry for its security and length of service.
However, that doesn’t stop cybercriminals in penetrating the IT infrastructure of Cosmos Bank
resulting in $13.5 million stolen funds from the bank from August 10 to 13. The theft has been done
through two waves of mass unauthorized debit transactions, the first wave, the $11.5 million heist
from different countries and another wave worth $2 million debited inside the Indian territory only.

Following an earlier patient-zero compromise and lateral movement, on August 10-11, 2018, the
bank’s internal and ATM infrastructure was compromised. The exploit involved multiple targeted
malware infections followed by standing up a malicious ATM/POS switch (malicious-Central or MC)
in parallel with the existing Central and then breaking the connection between the Central and the
backend/Core Banking System (CBS). After making adjustments to the target account balances to
enable withdrawals, MC was then likely used in fake “*on-us,” foreign-to-EFT, standing-in, etc.
activity that enabled the malicious threat actor to authorize ATM withdrawals for over US$11.5
million in 2849 domestic (Rupay) and 12,000 international (Visa) transactions using 450 cloned (non-
EMV) debit cards in 28 countries.

In case of the Cosmos Bank attack, this was not the typical basic card-not-present (CNP),
jackpotting, or blackboxing fraud. The attack was a more advanced, well-planned, and
highly-coordinated operation that focused on the bank’s infrastructure, effectively bypassing
the three main layers of defense per Interpol Banking/ATM attack mitigation guidance.

Case 3:

You may have already heard about Mt. Gox — it’s easily one of the most infamous crashes in Bit
coin history, corruption, and fraud. Back in the early 2010s, Mt. Gox was a Bit coin exchange based
in Tokyo that handled the majority of Bit coin transactions around the world because people thought it
was safe. There were not very many options to buy or sell Bit coins at the time, and as such, Mt. Gox
oversaw more than 70% of all global Bit coin trades by early 2014.

Unfortunately, Mt. Gox proved to be anything but secure. Within a few short years, it faced several
massive successful hacking attacks, payment processing issues, governmental investigations, and a
massive bank run as people tried to withdraw their funds. It even turned out that a hacker had been
leisurely take out Bit coins from the exchange all along.

Ultimately, Mt. Gox gave up. In a devastating blow to the Bitcoin market, the company filed for
bankruptcy and announced that it had lost around 850,000 Bitcoins, worth about $450 million dollars
at the time, nearly $8 billion at today’s usual market value. While 200,000 Bitcoins were later
rediscovered on the exchange, the price had crashed from $800 to $400 and caused the first-ever
Bitcoin market crash.

Of course, hackers didn’t make away with all of it — in fact, it’s hard to tell just how much money
was hacked because of security issues and how much was simply stolen by Mt. Gox representatives.
Millions and millions of dollars were lost to fraud, embezzlement, and other illegal acts made by
company agents and partners. It will probably be years before we know just how deep the scamming
went.

Conclusion:

Fraud will always exist. It can be found everywhere across the spaces of the Internet: in email,

on social networks, and on various and sundry websites. Over the years, cybercriminals have

invented new tactics, but the scams are ultimately the same. Only users themselves can

guarantee their own protection in the virtual space. Innovative technological solutions are vital

to keep up with the fast pace of change. Artificial intelligence and digital tools have great

potential to protect consumers by authenticating sources and identifying harmful content and

options should be explored. As social media platforms and online marketplaces evolve,

these digital safeguards should be built-in to ensure that consumer safety is inherent in

system design.

Acknowledgement:

All the articles, reviews and case studies helped us to build this report. Also thankful to them who

responded for our short survey on online scams.

References/Bibliography:

● https://iamcheated.indianmoney.com/blogs/10-common-types-of-internet-fraud
● https://link.springer.com/article/10.1007/s11896-019-09334-5

● https://www.researchgate.net/publication/228460925_An_Examination_of_Internet_Fraud_O

ccurrences

● https://www.youtube.com/watch?feature=youtu.be&v=XfnvIXx-_FU&app=desktop

● https://www.91mobiles.com/hub/upi-scam-google-pay-phonepe-cashback-request-money-

sim-cloning/

● https://www.kare11.com/article/news/online-scams-covid-virus/89-c644180f-cdc1-414e-

8567-e5824a821cc7

● https://www.cnbc.com/2020/10/06/job-scams-have-increased-during-the-covid-19-crisis-

how-to-one.html

● https://www.cnbc.com/2019/07/05/how-criminals-use-stolen-passport-information.html

● www.biocatch.com

● https://us.norton.com/internetsecurity-online-scams.html

● https://www.kaspersky.com/resource-center/threats/trojans

● https://www.kaspersky.com/resource-center/definitions/what-is-ransomware