The internet has opened up business for all, making it simple to start selling wherever you are in the world. However, the problem with doing business online is the increased exposure to cyber crime and digital fraud. It’s one of the great dilemmas of our age.
However we don’t believe that potential exposure to digital fraud or other types of cyber crime is a reason to neglect your online presence. By being aware of the main types of digital fraud and electronic crime, you can minimise your chances of being exposed to them.
What is cyber crime?
Broadly speaking, cyber crime is any illegal activity using digital devices to defraud, steal from or exploit another person or business.
This can involve infecting a computer or cell phone to steal data or track behaviour without the user’s knowledge. It can also involve communication designed to trick a user into transferring data or money to the fraudster.
There are also a number of fraudulent actions that can cost a business money without directly accessing any of their devices. As a business owner or marketer, being aware of the threats and how to avoid exposure to them is the best way to minimise your chances of being defrauded online.
How does online fraud and cyber crime work?
To perform cyber crime, a criminal usually needs some form of access to a device, or group of devices owned by their target. This is usually where viruses, Trojans and other vectors come into play.
With access to a number of infected devices, fraudsters can perform relatively simple actions such as monitoring behaviour, through to hijacking your data or even stealing your marketing spend.
Viruses and Trojans are usually distributed via infected software, email attachments and downloads. It’s a broad subject, but you can read more about how viruses and digital infections work here.
The main types of cyber crime
This isn’t an exhaustive list of cyber crime methods, but covers the main threats posed to small to mid-sized businesses around the world.
There are a lot of fish in the sea, and it just takes one bite and you’ve got a good meal. That’s the theory behind phishing.
By using emails, text messages, instant messages, social media messages and other direct communications, phishing scammers hope to get the details of anything from your bank account to your email logins or social security details.
With this access, they can then take money from bank accounts or use your personal data for any other means. There is also the advanced fee scam, where fraudsters coax money out of you, often with the promise of a bigger return – too good to be true springs to mind.
Most people are savvy to phishing scams, but it just takes one careless lapse of attention and you could see your bank account emptied.
How to avoid the phishing scam?
The best way to avoid phishing is to avoid responding to messages demanding action directly from the message. If there is a genuine alert, contact the company in question directly. Say, for example, your bank contacts you to let you know there has been suspicious activity on your account, call or DM them and go through their security verification channels.
Basically, if someone you’ve never met before contacts you offering something that’s too good to be true, it probably is. The 419 scam, aka the Nigerian Prince scam, is a prime example of this. Ten million dollars to share, if only you’ll give them your bank details? Hmmmm…
A form of malware, ransomware is used by fraudsters to limit access to your digital devices. By encrypting the data on your data servers and company computers, fraudsters can then demand a pay out to release them back to you. Sounds far fetched?
Ransomware is one of the fastest growing forms of cyber crime and is estimated to account for $20 billion in lost revenue in 2021.
You might think that ransomware attacks might only affect big corporates. In fact, ransomware attacks in 2020 closed down public libraries, car parts suppliers in Germany, Australian logistics companies and local government offices in countries all around the world.
If there is money, there is a potential target for a ransomware attack. Fraudsters don’t care who their target might be – money is money.
How to avoid ransomware?
The most common method of delivery for a ransomware attack is a Trojan, often sent as an infected download via email. Being wary of what you’re downloading and avoiding clicking anything that you’re not expecting is the best way to avoid inadvertently installing ransomware malware on your computer.
Of course, if you’re operating a mid to large sized business with multiple computers, you’ll need to improve awareness of the threat across the board. There is also software to help prevent ransomware attacks.
Another major headache for any business is having the details of their customers and clients stolen by fraudsters. New laws such as GDPR aim to protect data security, and using encrypted cloud based servers can help. But data theft remains a major form of cyber crime in 2020.
In recent years there have been some high profile cases of data theft, including from Yahoo, Adobe, several adult dating sites and eBay. Again, data theft doesn’t just affect big corporates, but can be a huge problem for SMEs too. In fact, 60% of small businesses who are affected by a data breach go out of business within a year.
How to avoid data theft?
There are a number of processes that businesses should put in place to minimise their potential to suffer a data theft.
First is to use hard to crack passwords, and to avoid using the same password for every site that you use. Especially the sensitive ones such as bank accounts or anything with client details and records.
Businesses should also use encrypted systems for their sensitive data, and be careful who gets access to sensitive data.
This form of fraud doesn’t affect your digital network or devices, but targets your marketing spend on programmatic advertising. For example, if you’re running a PPC campaign on Google Ads, business rivals or organised fraudsters can click your ads and cause you to exhaust your ad budget.
It’s been shown that between 15% to 25% of all traffic on paid ads is from non-genuine sources, meaning that advertisers are paying out a substantial sum to fraud. In fact, in 2020, click fraud has cost digital marketers at least $35 billion.
Click fraud is also referred to as invalid traffic, or IVT. The twin practice of ad fraud is the more organised form of this common cyber crime which is what often gets the headlines due to it’s bigger impact. You can find out more about click fraud in our guide.
Incredibly, click fraud has overtaken credit card fraud as the biggest form of financial fraud.
How to avoid click fraud?
Monitoring your click traffic on paid ads is the best way to keep track of your marketing spend. Watch for traffic peaks, high bounce rates and suspicious traffic sources and block IP addresses that look suspect. Of course the best option is to use one of the many automated solutions to prevent click fraud on your paid ads.
ClickCease is actually the market leader in click fraud prevention on Google and Bing ads as well as Facebook. So, if you’re running programmatic ads on these platforms, sign up for a free trial of ClickCease to see how much fraud traffic your ads are getting.
Flood attacks aka DDoS
Distributed denial of service (DDoS) attacks are designed to shut down a business or website, potentially offering access to the database for fraudsters. This is caused by an organised targeting of the security systems by a botnet, overwhelming the bandwidth and often taking websites offline.
There have been some well publicised cases, including the shut down of North Korea’s entire internet by supposed hackers (which may or may not have been from the USA), and the infiltration of a number of American banks by hackers (which may or may not have been from Iran).
It’s not just government level shenanigans either. In 2020 there have been DDoS attacks on financial corporations, online security firms and a number of IoT devices.
How to avoid DDoS or flood attacks?
Like many of the cyber crime practices on this list, the solutions to DDoS attacks are many and complex. Putting in place processes to prevent a shut down in case of a traffic surge is the best way to mitigating the effects of a flood attack.
There are also paid software options that you can use to prevent your website or business being shut down by denial of service attacks.
The growth of cyber crime
Cyber crime continues to grow because it can be, for some, quite simple to perform, and immensely profitable. Despite being seen as incredibly technical, many aspects of online fraud usually involve some easily located code and strategy, Just search for ‘build a botnet’ to see how easy it can be.
In fact, for many fraudulent campaigns, it’s often a case of using existing network infrastructure to do a lot of the work. Click fraud and ad fraud tend to leverage existing botnets, like the Mirai botnet, which can be hired to perform complex clicking operations.
And with the anonymity of the web it’s doubly difficult to locate the fraudsters and prosecute anyone for many of these digital crimes. Although there has been some progress with prosecutions for digital fraud and cybercrime, including creating fraud botnets, the vast majority go under the radar.
So, whatever your business and marketing plans for 2021 and the future, make sure to look into how to avoid your business being affected by cyber crime.