A guide to the most common fraud methods

Data theft and ID fraud is booming and as it grows, attacks are becoming more varied and complex than ever. Keeping up with the growing list of threats can be a challenge in itself, so here is our quick guide to the most common scams you should be looking out for.

Spyware, Worms and Viruses

First, let’s look at some of the types of infections which may target your computer.

  • Spyware: This works in the background of your computer or device processes, recording your activity. It transmits information covertly from your hard-drive giving scammers access to personal information and passwords.
  • Virus: A programme which piggybacks onto other pieces of software. When that programme starts up, so does the virus. It will attempt to spread to other programmes, wreaking havoc as it goes. If it spreads successfully, the virus can corrupt essential programmes and lead to important data being lost.
  • Worms: Unlike viruses, worms do not need another programme to latch onto. They replicate themselves and use a network to spread to other systems. It can slow the running of a computer and can be used to take control of devices to steal information.
  • Trojan Horses: This attack attaches itself to a useful programme, such as a game or streaming service, to get onto your system. The programme may continue to give you value, but unknown to you it will have already released its malicious cargo.

These different types of malware can get onto your devices in a variety of ways. Some will come through an email, others through internet downloads. Regardless of how they’re delivered, they all have the potential to give scammers access to a treasure trove of personal data.

Email Scams

The most common line of attack into your computer will be your email. Criminals may email thousands of people with messages designed to get malware onto the system or to persuade them to give away sensitive information such as bank details.

Most people will discard these emails. Indeed, your email programme will probably screen them out as spam. However, a small percentage will fall for the scam which is all the scammers are looking for.

Scams and frauds may come in all sorts of shapes and sizes. Here are some of the most common:

  • The Nigerian Prince Scam: This method has been doing the rounds for a long time and will be familiar to many. The email will come from a wealthy person who, for one reason or another, needs your help to get out of a sticky situation. He or she will be looking to transfer some money to your account for safekeeping until they get to the UK – they just need you to trust them with that all-important financial account data.
  • The Lottery Scam: Great news – you’ve been selected in a prize draw to win a massive cash prize. If you provide personal information such as online banking details that is. Yes, in case you haven’t guessed, emails like this are scams. However, they have become a little more convincing in recent years as they can emulate the branding and design of well-known companies. For some, their trust in the brand can be enough to overcome natural caution.
  • Advanced Fee Scams: Fraudsters will get in touch promising something fantastic in return for an advanced fee. They often do this with tickets, loans, gifts or investments. For example, if you struggle to get a loan anywhere else, they may offer you one at an affordable rate if you pay an ‘arrangement fee’. They may then make up all sorts of other fees until they feel they’ve taken you for enough, after which they simply disappear.

The list of scams goes on and on, but they all have something in common. They will pray on instincts such as greed, desire or desperation to overcome common sense.

Internet Fraud

Your email may be the most common point of attack, but scammers may also try to hook you in when browsing the web. Fraud takes many forms from internet dating scams to irreputable e-commerce sites that collect personal and financial data to sell on to the highest bidder.

All online fraud takes advantage of the anonymous nature of the internet. We often find ourselves making deals with people we have never met and, by extension, can never trust. Tracking criminals down, once fraud has been committed, can prove to be impossible – even for law enforcement. However, a conversation with your bank and credit monitoring provider should be able to minimise the amount of lasting damage to your financial profile.

It’s not possible to be completely protected from fraud, but you can take precautions.

If you’re shopping online – conduct some research into the store’s track record or, alternatively, use companies that have a trusted brand. Make sure all transactions are made within a secure payment network – don’t go outside of this for any reason. Take some time to understand the site’s security measures and what steps you can take if there is a problem.


How much would you pay if someone froze you out of your computer or mobile device? As the rise of ransomware indicates, many people are willing to meet whatever is demanded. This is unsurprising, as we keep a huge amount of sensitive information on our computers including passwords, photos and much more.
You should regularly back up all files onto a secure cloud service (such as Apple’s iCloud), but that’s not something everyone does as regularly as they should, so if you lose access to a device you could face losing all those files forever.

This is what ransomware attackers are counting on. Using a piece of malware, which often comes through a phishing email, they can deny access to your computer. You may receive a message along the lines of:

“Hackers have taken control of your computer. To have access to the computer restored, call our support line.”

Many ransomware attackers have become remarkably professionalised. They have their own call centres and even go some way towards maintaining good customer service. To them, this is a day to day business. Once you have made the payment, they will probably restore access, but there is no guarantee of this. Some may have already stolen your personal information to sell onto people who can use it to commit ID fraud.

Ransomware is one of the fastest growing forms of cybercrime and recently became a $2bn global industry in its own right. Many people think of this as being an industrial form of fraud, targeting businesses and other organisations, but attacks against individuals are increasingly common.

Social Engineering

What’s the easiest way to rob a bank? Persuade the bank manager to hand over the keys. That’s the principal behind social engineering. Hackers will try to fool you into giving away your passwords, account numbers and access codes and the chances are they can already access all the information they need to do this through social media.

Most of us use at least one social media site whether it’s Facebook, Twitter or Instagram. While we like to think we keep our information safe online there may well be more of it out there than you think.

For example, if you post pictures from an office party, hackers may know where you work and who your colleagues are. If you complain about customer service from a company, they may know where you shop and who you bank with. Some people even post their email address on social media. All too quickly they can build a comprehensive picture of who you are, and what online services you use. Using this information, they can develop phishing emails that are much more convincing.

While you won’t hand your details over to someone you have never heard of you may do so to your bank or an e-commerce store. Criminals have become extremely adept at mimicking the branding and appearance of online corporate communications and may even take you to a site which looks and feels like the real one for the purpose of having you hand over your information unknowingly.

Staying Safe

Scammers are becoming more sophisticated in how they approach stealing personal information. The more we share data across different platforms, the more vulnerable it becomes. Attacks are evolving, but while it is impossible to be 100% safe all the time, there are many things you can do to make it tougher for the cybercriminals.

Here are a few core principles:

  • Make sure your passwords are strong and varied – never duplicate a single password over multiple accounts
  • Regularly update your security software and perform frequent scans
  • Frequently back-up your files so you have access to them in the instance of theft
  • Never conduct transactions over public Wi-Fi or on sites you aren’t 100% confident in
  • Don’t post unnecessary personal information on social media sites and ensure your security settings are as high as possible

The more difficult a target you make yourself, the less likely they will try. Like most criminals, they like soft targets and there are plenty of those to be found elsewhere. The more you know and the more precautions you take the safer you will be.