A wave of digital fraud to citizens

Digital frauds to citizens are on the rise, and more sophisticated typologies have emerged to manage to deceive people and scam them

«I have something to tell you; add me to WhatsApp». Have you received a phone call in recent weeks in which a woman’s voice told you this phrase? This scam adds to the wave of digital frauds to citizens that we are experiencing in 2024.

Cybercriminals are targeting large companies and institutions, and digital frauds against citizens are also common.

In fact, in many cases, the frauds are carried out using information previously extracted in attacks on companies, with the added incentive of realism that gives the generated contacts the warning that real personal information is being used.

Without going any further, a few months ago, the DGT (General Directorate of Traffic of Spain) suffered a security incident that resulted in data theft on millions of drivers. Following this cyber-attack, thousands of citizens received emails and SMS informing them that they had been fined and redirecting them to a fake website where they could pay the amount of the fines.

This case is a small sample of a dangerous trend: a wave of digital fraud against citizens. Cyber-intelligence specialists have recently detected:

• There has been an increase in the number of scams related to this kind of scam.
• New types of fraud have emerged through messaging platforms, social networks, and phone calls.

Next, we are going to analyze some examples of digital fraud targeting citizens and make some minimum recommendations to help in their prevention.

Identity theft via WhatsApp

This fraud is effortless to operate. The potential victim receives a message from a user posing as a known contact requesting money or personal information.

In addition, this kind of digital fraud on citizens can include malicious links whose click or download can infect the device used with malware in the messages. Thanks to malicious programs such as info stealers or spyware, it is possible to obtain credentials to access online bank accounts or critical applications and spy on victims’ communications.

A paradigmatic example of this type of digital fraud is the impersonation of a close relative in which money is urgently requested to cover an emergency.

Using a phone call to redirect the victim to WhatsApp

As we pointed out before, digital frauds against citizens are becoming increasingly complex, with the aim of overcoming the security measures implemented to prevent them. Impersonation through WhatsApp is good proof of this.

The fraudulent campaign of calls asking us to add a contact to our country’s most used instant messaging application is a variation of the previous fraud.

Why do the malicious actors resort to a phone call made with a number from our country so that the victims can have the conversation via WhatsApp?

The application has anti-spam filters to prevent citizens from receiving messages from unknown numbers with fraudulent intentions. These filters are bypassed by getting the citizen to add the contact in the app.

In addition, using a national phone number reduces the level of suspicion of potential victims who, on the other hand, are immediately alerted when they receive messages or calls from numbers from countries located thousands of kilometres away.

To all this, we must add the role that can be played by generative AIs that make it possible to clone people’s voices. If the tone or cadence of the caller’s voice sounds familiar, we will be more likely to add their phone number to our contacts.

Fake traffic fine imposed by the Traffic Department

This is one of the most popular forms of digital fraud against citizens in Spain due to the cyberattack suffered by the DGT we mentioned before.

First, the citizen receives a communication via email, message or other channels, supposedly from the DGT. In it, he is informed about an infraction, a fine, the need to make a payment or any other event that affects him. The message also includes a link that directs you to a website that also impersonates the corporate identity of the DGT. Generally, through this malicious page, you are asked for financial information or directly invited to arrange a payment.

The paradigmatic example of this type of digital fraud is receiving an email from the DGT informing of a speeding fine and requesting payment of the corresponding fine through a fraudulent link.

Why is it difficult to discern whether these communications are false or not? As we pointed out at the beginning of this article on digital frauds against citizens, many of these scams use personal information recently compromised in a DGT leak.

In addition, we must take into account that it is difficult for drivers to know precisely whether they may have committed an infraction or not, and they may be more receptive to consult a possible fine, the failure to process it in time, on the other hand, may lead to an increase in the penalty.

Amazon «mystery» boxes

Many digital frauds targeting citizens involve impersonating the identities of companies widely known by society. One such company is Amazon, a retail multinational with a global presence.

Well, cyber intelligence professionals have detected fraudulent campaigns that resort to disseminating advertisements for boxes with surprise content. The number of these boxes is extraordinarily low, but they supposedly contain high-value products, which is why they are so attractive to victims who decide to buy them. However, the order never arrives, and the money is never returned.

In the heat of recent offer campaigns linked to Amazon, malicious actors have spread various ads, offers, and links that impersonate this multinational company to deceive citizens and scam them.

Vacation rental scams

If there is one time of the year when tourism sector fraud proliferates, it is undoubtedly the summer. Millions of people book accommodations during July and August to enjoy their well-deserved vacation. How do cybercriminals take advantage of the holiday season?

They publish fake accommodations on well-known vacation rental platforms. In these ads, the user is asked to perform some action outside the official channels provided by the platform, thus circumventing its fraudulent activity detection mechanisms.

Generally, once the victim contacts the fictitious property they wish to book, the supposed owner or manager urges them to hold the conversation or make the payment for the accommodation outside the channels provided by the platform.

Why would the citizen agree to leave the platform? The scammer often claims the possibility of reducing the price of the stay.

However, the accommodation does not exist, and this circumstance is sometimes not known until the day of arrival.

Labor scams

Another digital fraud against citizens that has become popular in recent months is fake job offers.

In this kind of scam, malicious actors post fake offers on social networks or send them to their victims’ emails. Then, they require people who want to apply to make initial payments to access their registration or bag. Or they ask for personal information, arguing that it is necessary to provide it to register the interested party successfully.

A prototypical example of this kind of digital fraud to citizens consists of requesting a set of personal data from interested parties. The purpose? To better understand potential candidates for the job offered.

What is this personal information used for? It is used to impersonate the victim at online gambling houses, which has a great impact on the affected person’s income statement.

TikTok bonus scams or other social networks

Social networks play a significant role in the lives of millions of people. Hence, they are a medium that cybercriminals want to exploit to perpetrate digital fraud on citizens. How are the scams carried out?

Messages are sent through social networks or other channels such as WhatsApp. In such communications, potential victims are offered easy money for giving «likes» on applications such as TikTok, Instagram or Facebook. However, upfront payments are required before the money is paid, resulting in a financial scam.

A campaign employing this malicious technique sends messages via WhatsApp, offering a TikTok bonus for completing surveys and liking. Once victims complete the tasks outlined by the malicious actors, the promised payment never occurs.

False insurance policies

Home, health, car, life, pet insurance… Nowadays, citizens and companies can take out various insurance policies, and malicious actors are ready to take advantage of them. Malicious actors are prepared to take advantage of insurance policies by launching offers of fake policies at low prices to seduce victims and get them to pay for insurance that does not exist. To do so, they resort to techniques such as phishing, SEO poisoning or malvertising.

A typical example of this kind of digital fraud against citizens is the offers of insurance policies for drivers. In these scams, the entire enrollment and payment process is carried out, but the service offered is not provided in the end.

Use of social engineering to collect personal or business information

Social engineering techniques are fundamental to the success of digital fraud against citizens.

One of these scams involves tricking a person into providing confidential information about him or his work environment. This technique is generally carried out through telephone calls.

A common operation of this type of fraud is for a malicious actor to call the victim, claiming to be a professional from the company’s IT department. During the call, he asks for the victim’s computer password to perform a supposed system update. In this way, the cybercriminal obtains the access credentials to the corporate system.

Exploiting chaotic circumstances or unexpected needs

In crisis situations it is easier to carry out the impersonation of multiple organizations or services using a very attractive argument: you want to help the person or company that is in this situation to overcome it, offering assistance and solutions.

To analyze an example of this kind of digital fraud against citizens, we only need to look at one of the most relevant technological events in 2024: the crash of millions of Windows devices following a failure linked to the cybersecurity solutions company CrowdStrike.

This incident, which caused massive flight cancellations, affected the business continuity of thousands of companies and impacted critical organizations such as hospitals and healthcare centres; criminals exploited it to commit digital fraud against citizens.

Thus, from the first minutes, it could be seen:

• Phishing campaigns impersonating CrowdStrike, sending emails to employees of the affected companies offering support. In these emails, Microsoft Word documents were attached containing instructions that, once opened, spread an infection.
• Creation of fake websites impersonating Crowdstrike to redirect the user to other malicious web pages.
• Phone calls by people posing as Crowdstrike or Microsoft representatives.
• Phishing messages sent by messaging applications from numbers that have impersonated CrowdStrike or Microsoft.
• Phishing attacks related to flight rescheduling, banking, and retailer information alluded to the need for alternative payment methods.

The importance of cyber-intelligence in early fraud detection

Although most of the frauds mentioned above are aimed at citizens and not so much at specific organizations, companies can take many actions to try to reduce their impact.

In this regard, Tarlogic’s Cyber Intelligence and Global Risks department has been working for years on the early identification of fraud cases. This activity, which goes beyond the already known and necessary detections and takedowns, is based on the investigation and interaction with:

• Fraud campaigns.
• Technologies that support them.
• Actors involved.
• Patterns followed in their deployment.

The knowledge acquired during the investigation allows us to warn and block the beginnings of activities of this nature that are generated in its impersonation.

Recommendations to prevent digital frauds against citizens

In parallel, it is no less relevant the need to follow, as citizens, some simple recommendations that allow us to reduce our exposure to this type of attack:

1. Having a keyword allows us to identify ourselves with our closest environment, making them aware of this type of fraud.
2. When you receive an official communication, leave it without interacting with it and go to the website or call the company that provides the service to verify its legitimacy.
3. Be wary of links and attachments from unknown senders, and if you can identify them, do not click or open any of them.
4. Use two-step verification methods and never share passwords or security codes.
5. Make all transactions and communications through the official channels provided by the different platforms and services.
6. Do not provide any personal data to third parties under any kind of argument.
7. Any suspicious communication that may be linked to the company you work for should be brought to the attention of the company’s cybersecurity team.