In today's internet-connected society, communication has become easier and knowledge of nearly everything is at our fingertips. But this new collaborative internet age comes with a price: Cyber criminals are always trying to scam people out of their hard-earned money. Online fraud has impacted a staggering number of people, and it seems like each time a new piece of ransomware or new scheme comes to light, twenty more replace them.
In the U.K., the Office for National Statistics released a report earlier this year detailing just how many people had fallen victim to online scams. In the 12-month period from March 2015 to March 2016, 5.8 million incidents of cyber crime occurred – that's one in 10 people in England and Wales. Cyber-related crimes made up just over half of these incidents, with 68 percent of them malware-related and 32 percent related to hacking. According to Financial Times, 530,000 people had their systems hacked from January to March this year.
What can be done about the massive amount of online fraud that takes place in companies every day, leading to astounding amounts of money being stolen on a regular basis?
What does online fraud look like?
Online fraud comes in many forms, and any one of these ways can be used to scam businesses out of money by targeting the weakest link: employees.
Social engineering is one method by which cyber criminals worm their way into scamming people out of their money. One of the most well-known ways online fraud takes place is through something called a "business email compromise" scheme. This is a form of online fraud that targets firms that work with large foreign partners. The email will generally look like a missive from a supervisor that directs employees to deposit money in the foreign accounts, or to wire "emergency funds" into a different account.
"While some cases involve the use of malware, BEC schemes are known for relying purely on social engineering techniques, making them very hard to detect," Trend Micro researchers wrote. "Recent incidents showed how employees were duped by emails masquerading as legitimate messages coming from company executives asking for information."
It's understandable; an employee opens an email from someone they assume to be the boss, which tells them to move money into offshore accounts. This seems like a regular occurrence, right? So they move the money, but it turns out that the account was that of a social engineer – resulting in unconscionable loss.
The costs of online fraud
These kinds of scams aren't kind to the economy. According to Trend Micro researchers, enterprises lost an estimated $3.1 billion due to online fraud from 2013 to 2015. What's more, since January 2015, identified losses have increased by 1,300 percent, costing around $140,000 per event. It's clear that losses of this nature aren't good for neither these businesses nor the overall marketplace, but they continue to happen at unprecedented rates.
Along with online fraud, data breaches are another way enterprises lose money on a consistent basis. According to the annual report conducted by the Ponemon Institute, the average consolidated cost of a data breach is now $4 million, an increase from last year's estimate of $3.8 million. It's incredible to think that this much money is being lost every time a hacker or social engineer worms his or her way into the system.
How do you prevent this kind of loss?
As in any cyber security strategy, education is key. Employees need to learn what social engineering is and what it looks like, so that companies can avoid network intrusions and scams designed to steal the money right from under their noses. Implementing employee training programs that teach people not to click on unsolicited links in emails and help them understand what the warning signs are for when they're being phished.
Another way to circumvent online fraud is to implement strict password policies for employees. Make sure they know the importance of using different, strong passwords for different platforms and use two-factor authentication where available.
"You can further increase the security of your passwords by using two-factor authentication features, when applicable," wrote Entrepreneur contributor Brian Honigman. "These features make users enter an additional pin code that can be sent to your mobile device, and some require users to input their fingerprint to grant access, something that is difficult for hackers to replicate. Authentication that uses these extra steps can better secure your online accounts beyond the basic login identification and password requirements."
More and more people are becoming victims to online fraud, and the amount of money it's costing the economy is staggering. Consumers and businesses alike should protect their data – and money! – by following best practices and investing in the right kind of cyber security tools.