Online scams are the most reported type of crime. On the 9th and 10th of November 2022, the 3rd Global Anti Scam Summit (GASS) was held bringing together governments, consumer & financial authorities, law enforcement, brand protection agencies, and commercial organizations. The goal was to share knowledge and insights on fighting online scams and define concrete actions to combat online fraud more effectively and efficiently. The event combined presentations, lectures, and workshops.
The summit was held at the Hague Security Delta in the Netherlands and hundreds of attendees also participated virtually. If you are interested in speaking or supporting next year's event, please contact us.
“Scams have become a global pandemic as it no longer is a Western issue,” said Jorij Abraham, Managing Director, ScamAdviser & Global Anti Scam Alliance, as he officially welcomed attendees at the GASS Summit. Mr. Abraham defined scams as the gap between the product and what you get.
“To turn the tide on scams, we need to build a dike together,” he continued. Mr. Abraham called on all stakeholders to join forces in order to win the war on online scams. He noted that scams have become an industry and are now becoming harder to detect as they are very complex.
Though raising scam awareness helps, it's not good enough as more needs to be done. He called on all involved in the summit to define concrete solutions to help turn the tide.
“The world needs to build resilience and justice to fight online fraud,” said Nathalie Jaarsma, Ambassador-at-Large for Security Policy and Cyber, Kingdom of the Netherlands. Ms. Jaarsma, who officially opened the conference went on to say that stakeholders need to trust each other and share information to aid this fight.
She noted that the Dutch government is partnering with the UN Cybercrime Department to fight online fraud. Ms. Nathalie Jaarsma further said that building even a small resilience goes a long way in fighting scams. Furthermore, she cautioned against victimizing and blaming people who have lost money to scammers.
She closed by saying that stakeholders need to build capacity which will help in accurate reporting and give law enforcement a better chance of catching cybercriminals.
“A scam is the huge gap between a product or service which is promised to you, versus what you get.”, explained Jorij Abraham, General Manager of Global Anti Scam Alliance & ScamAdviser.com. Mr. Abraham added that scams are now affecting every part of the world with the younger generation losing more to scams.
He continued by saying that the money lost to scams is more than what is currently reported. “Scams are becoming more complex and hard to recognize, as some, like romance scams, are using AI to create fake faces and deep voices,” said Mr. Abraham.
Mr. Abraham also mentioned that scammers are winning and law enforcement agencies need to catch up. It’s not all doom, however, as countries are getting creative in fighting scams. For example, China has launched an app for fighting scams which has over 500 million users.
“There has been a steady increase in phishing trends,“ said Foy Shiver, Deputy Secretary-General, Anti-Phishing Working Group (APWG). He stated that in the second quarter of 2022, there was over $1.1 million lost in phishing attacks. APWG also observed that a lot of the BEC attacks were targeting middle-level companies.
Mr. Shiver also noted that there was a 47% increase in phishing attacks on social media and ransomware attacks from the healthcare and transportation sectors also increased.
Zoriana Dmytryshyna, Director of Institutional Relations, APWG.eu, spoke in detail about the organization’s work pillars against cybercrime, which are data exchange, cyber awareness and research.
“Most of the targets are financial institutions and social media users”, remarked Mr. Shiver. He concluded by saying that despite SSL certifications, fraudsters are finding ways around phishing.
“We need to fight for a better and safer internet,” said Alejandro Fernández-Cernuda, Director of Engagement, Internet Integrity Program, Global Cyber Alliance.
Mr. Fernández-Cernuda highlighted how scammers collaborate and leak recommendations made by scam fighters. Thus, stakeholders involved in the fight against scams must also collaborate. “We must do systematic collaborations in order to make [scammers’] lives difficult.”
He said that the Global Cyber Alliance, a non-profit organization, is making cyber security tool kits to help end users protect themselves. He further said that the organization is helping communities around the world improve their cyber capacity to enhance their resilience.
The Global Cyber Alliance has over 7 million domains in its data set and is experiencing a steady growth of 1 million per quarter. They also take down over 8,000 domains per week. Mr. Fernández-Cernuda called on all the stakeholders to join the effort promising a community of trust operating under the same rules.
“Losses have increased 92% to AU$473 million“ said Jayde Richmond, Director Consumer Strategies & Engagement, Australian Competition & Consumer Commission.
“This week is Australia's scam awareness week and there are 360 partner agencies, collaborating with Government law enforcement, private sector and consumer markets in fighting against scams”, she continued. Additionally, Ms. Richmond said that Australia is focused on lots of engagements with different organizations to ensure people are protected and educated on how to deter scams. One of the focuses is the role of telecommunications, which plays a vital role in scams.
She also noted that ScamWatch forecasts an increase in cases of scams by the year 2023 which is even more reason for the government to work on creating better regulating telecommunications.
“There is a surge in victims of online banking fraud,” said Katsumi Ono, Economic & Financial Cybercrime Team Leader, Japan Cyber Crime Centre (JC3). He noted that the JC3 was collaborating with other stakeholders like academia, industries and law enforcement to fight crime.
Mr. Ono also said that banks are highly targeted for personal information and added that since 2019, phishing has been a major concern for the banking industry in Japan. But since the banks joined forces, the losses from these attacks have gradually reduced.
“Fake webshops are imitating genuine online shops and causing massive losses,” continued Mr. Ono. He further remarked that these fake online shopping sites are usually ranking high on search engines thanks to SEO poisoning. It has been established that as many as 10,000 fake online shopping sites are operated outside Japan.
“Social engineering schemes like phishing and vishing continue to grow, which means the gross loss for banks and customers is also growing”, remarked Dana Vermaak, Information Management Analyst: Financial Crime, SABRIC.
Mr. Vermaak said that these methods are often used in one segment or as a combination of a broader scheme. This has led to internet banking fraud to continue rising. Impersonation fraud has also led to many customers falling prey to phishing attempts as they are bombarded with numerous calls. The victims end up giving personal information to scammers.
The South African Banking Risk Information Centre (SABRIC) has come up with five steps to help aid in the fight. These are; information sharing, engagement with judiciary and law enforcement, Cyber forensic center, relationships or economies of effort, intelligence and capacity building.
“Our main goal is to identify fraud and take down frauds,” said Bruno Homem, Enforcement Takedown Manager, Axur. He stated that the organization has been taking down over 40,000 links per month.
He shared that the two most common types of scams in South America are Phishing Scams and Online Shopping Scams. “Brazil is a target for almost 13% of all phishing websites worldwide,” Mr. Homem added.
Further, he raised concerns that scammers are using automation to boost their phishing kits for attacks. They are spreading phishing kits through paid ads on social media, paid web search results and Google Shopping. The phishing kits are offered as ‘phishing as a service’ and use various tactics to evade detection by anti-phishing algorithms.
Mr. Homem also noted there is an increase in fake social media profiles used for phishing but they are less sophisticated. The main aim is to exploit the victim’s social network.
“The FTC seeks to challenge deceptive and unfair business practices that harm the consumers' ability to make an informed decision about what they will buy,” said Laureen Kapin, Assistant Director for International Consumer Protection, Federal Trade Commission (FTC).
Ms. Kapin spoke about the FTC’s toolbox that includes cases, rules, guides and education materials both for organizations and individuals to help fight scams. She stressed upon the need for an international cooperation toolbox through information sharing, investigative assistance and gathering information for law enforcement to aid this fight.
Ms. Kapin also mentioned that the FTC has a Consumer Sentinel Network program which has unique investigative tools to help in the fight against fraud. Members of the network can access the reports that consumers have shared as well as reports from data distributors.
She also noted that the FTC has been targeting frauds, especially Veteran-related and older-adult frauds. They have been offering publically available data to help raise awareness.
“The UK lost over €360 million to Push Payment Fraud,” said Mike Haley, CEO, CIFAS. Mr. Haley said some of the most common scams were Business Email Compromise (BEC) scams, purchase scams, investment scams and energy scams.
As to why the UK remains highly targeted, he said that the use of the English language globally makes them an easy target. Other factors include; faster payment systems, ease of opening accounts, scammers targeting wider demographics, use of social media and glorification of frauds.
Mr. Haley said that CIFAS in the UK is raising awareness of scams which is helping consumers protect themselves. There is also a “Stop Scams UK” helpline number 159 which consumers can call to check for scams.
“Ponzi and Pyramid schemes can easily overlap which led to confusion,” said Prof. Dr. Mark Button, Director of the Centre for Counter Fraud Studies at the University of Portsmouth. This overlapping is creating a loophole when it comes to national legal systems for dealing with such frauds.
Prof. Dr. Button defined a pyramid fraud scheme as an unsustainable business model which rewards people for enrolling others and offers worthless products. A Ponzi scheme was defined as a ‘get-rich-quick’ investment scam that pays investors from their own money.
Prof. Dr. Button noted an increase in an economic downturn can lead to higher uptake of Pyramid and Ponzi scams. Other factors include globalization, societal structure and technological enablers like social media and the internet.
Some of the strategies that scammers use include presenting desirable lifestyles, targeting vulnerable groups, high-pressure sales techniques and developing religious cult-like appeals, among others. Prof. Dr. Button concluded by saying there is a need to be alert to such schemes.
“There are top 5 brands which continue to experience high levels of impersonations,” said Jon Clay, Vice President, of Threat Intelligence at Trend Micro. These brands are DHL/USPS (Delivery Scams), Walmart, Costco, Netflix, T-Mobile and Amazon/PayPal/Apple (Phishing Scams). Scammers continue to impersonate these well-known brands to exploit the trust people have in these companies.
Mr. Clay further noted that other common scams Trend Micro encounters include fake online shopsand e-skimming. He said that some of the selling points of fake online shops include too-good-to-be-true prices, flash sales and unusual payment methods, among others.
Coupons, fake online surveys, shipment notifications and fake login pages are the go-to tricks for phishing scammers. Scammers are also using malware embedded in the checkout of some online stores to steal customers’ data.
He said that Trend Micro will continue to invest in people, processes and technology to fight scams. Trend Micro is also open to public-private partnerships according to Mr. Clay.
“There were over 2,000 rogue domains that were registered in the first half of 2022,” said Camill Cebulla, Director, Group-IB. This was 335% increase compared to the same period in 2021. Mr. Cebulla also noted that scammers are turning to YouTube streams to market their so-called “crypto products”.
He spoke about how scammers are now using deep fake of popular figures like Elon Musk to look convincing. By doing so, scammers earn the trust of their victims who end up sending their crypto wallets or sending money.
“When it comes to investment scams,” Mr Cebulla continued, “ EU is mostly targeted which over 11,000 unique domains revealed in July 2022.” He mentioned that the reason why scams are tripling is because of the economic crisis being felt, social engineering and brands becoming more popular.
Dmitry Tiunkin, Head of Digital Risk Protection, Group IB then revealed that the organization had executed a “scam campaign” on 100 participants of the Summit by harvesting online data to target them using fake LinkedIn accounts.
Group-IB set up a fake website for the event to collect personal information of the targets by impersonating GASA. This resulted in 15% of the targets compromising their personal data while 2% submitted a ‘customer support’ form which would have allowed the “scammers” to contact them. Mr. Tiunkin ended the talk by cautioning, “Please be suspicious.”
“Most of the scam victims are likely to be men,” shared Jack Whittaker, PhD Candidate (Crim.) at the University of Surrey. He also mentioned that 48% of those targeted fell for scams. However, this was a significant drop from 67% the previous year.
Mr. Whittaker indicated that the three most common scams were phishing scams, investment scams or promises of money, and crypto scams. “3% of people never check if a website is legit or not,” he stated.
With only 41% of people who are confronted with scams actually reporting them, more needs to be done to curb the menace. Mr. Whittaker revealed that 72% of customers rate police and goverments’ efforts against scams as very poor. Since only 12% of customers are satisfied with the efforts by law enforcement, stricter action needs to be taken.
“We need to improve the capacity of disadvantaged groups,” said Louise Beltzung, Head of Research OIAT/Watchlist Internet. She noted that consumers take a lot of time before reporting scam cases which makes it harder to take action.
Österreichisches Institut für angewandte Telekommunikation (ÖIAT) has developed an AI-based fake shop detection program that helps with real-time reporting, advice and support, and safe shopping. She also reiterated that cooperating and sharing knowledge between various stakeholders is key in the fight against scams.
Ms. Beltzung further noted that in Austria, Watchlist Internet is creating fake webshops to educate customers on just how realistic online scams can be. The “shops” are made as realistic as possible but in the end, just before a customer pays up, a warning message appears. They are also making consumer awareness campaigns fun as they allow users to prank their friends. At the end of the prank, a pop-up warning appears. All this is meant to help raise awareness of scams.
“My goal is to expose both the crime and people behind the scam,” said Jim Browning, ScamBaiter & Investigator. Mr. Browning is a well-known YouTuber with over 4 million subscribers and has disrupted multi-million Tech Support Scams. He explained that he created his YouTube channel for the purpose of educating people on how to avoid these scams which use a scripted format.
He deliberately brings/lures scammers, notes their IDs, do things in reverse to get their detailed information. He spoke about a documentary made in collaboration with BBC about companies running tech support scams. He was able to get inside the call centre supervisor's computer, access the CCTV and listen in on their conversations. Although half of the agency operates legitimately as a travel company, it is used as a front for the other half part of the company which operated scams. Ultimately, using evidence provided by Jim Browning, the Indian police were able to arrest Amit Chauhan.
Even though Mr. Browning has virtually invaded several scam call centres, most cases do not result in scammers being arrested. Jim Browning is searching for ways to create mechanisms for rapidly arresting scammers.
“In Denmark, we realized we needed to do more about the online security of our people,” said Jakob Bring Truelsen, CEO, DK Hostmaster. He continued by saying that the Danish registry introduced identity control measures where anyone registering a domain had to produce some sort of identification document.
Mr. Truelsen noted that over 3,800 domains were removed from the .dk registry for failing to comply with the new requirements. “In Denmark, people are required to show who is behind a domain,” he remarked.
He concluded by saying that adding lots of thin layers of security adds up to something concrete and more secure. By doing so, Denmark has effectively reduced the number of dubious sites using .dk domains.
Chaired by Foy Shiver, Deputy Secretary-General, APWG & Pablo López-Aguilar Beltrán, Director of Technology, APWG
Chaired by Cláudia Maia, Chief Editor, Deco Proteste & Sónia Covita, Coordinator Legal & Economic, Deco Proteste
Chaired by Joseph Selolo, Company Secretary, National Consumer Commission (South Africa)
Chaired by Helen Fairfax-Wall, Head of Digital and Scams Policy, Which?
Panelists for the discussion were:
“Scams are complex and affect everyone including Generation Z,” said Abigail Bishop, Head of External Relations, Scam Prevention. Amazon. She further noted that over half of the impersonation scams in North America involve top brands, including Amazon.
She highlighted the fact that though Amazon itself is not hacked or compromised, scammers make convincing copycat sites and apps to trick people into thinking they are dealing with Amazon. “Amazon is taking a strong stand against impersonation scams,” Ms. Bishop asserted.
As part of the fight against scams, Amazon is raising customer awareness by creating an information page on its site. Additionally, they have also partnered with other organizations like Better Business Bureau and National Cybersecurity Alliance.
Ms. Bishop concluded by saying that stopping scammers as early as possible in their cycle is the go-to method in the fight against scams.
“The main threat to the internet is the loss of trust,” stated Miguel De Bruycker, Managing Director, Centre for Cybersecurity Belgium. Trust is the basis of all security implementations, the main reason why the Cyber Security of Belgium is working hard to gain the trust of their people to the use of the internet. Organizations need to ensure their trustworthiness by adding additional layers of reliability and accountability.
They need to create a digital identity-based trust to the gap between synthetic trust and the alarming zero trust brought by scammers. He gave the example of how one cannot buy a SIM card without showing his/her identification card in Belgium. They consider a person’s digital identity as the strongest public/private partnership. The CCB’s mission is to make Belgium the least cyber-vulnerable country in Europe. Mr. De Bruycker concluded the speech by saying, "We must not only make humans ready for the internet. We also need to make the internet ready for humans."
“Tech is not well understood and the use of jargon makes it easier for cryptocurrency scams to thrive,” said Nick Smart, Director of Blockchain Intelligence, Crystal Blockchain Analytics. He also said that the perceived high returns and influence of famous people like Elon Musk means people are rushing into the cryptocurrency market without enough information.
He further noted that since crypto combines two of the less understood sectors, namely Finance and Technology, many people have lost their hard-earned money with reported losses of $2 billion.
Mr. Smart also noted that there is an increase in money recovery scams as many victims are desperate to claim their money back. Law enforcement is always slow since tracing crypto transactions is a time-consuming process. This leads to a strong motivation for victims to request assistance from non-official channels. Sadly, most end up losing more money.
Chaired by Alejandro Fernández-Cernuda, Director of Engagement, Internet Integrity Program,Global Cyber Alliance
Chaired by Wayne Bath, Head of Strategy and Policy, CIFAS
Hosted by Maarten Kronenburg, Board Member, Netsweeper
Have you fallen for a hoax, bought a fake product? Report the site and warn others!
As the influence of the internet rises, so does the prevalence of online scams. There are fraudsters making all kinds of claims to trap victims online - from fake investment opportunities to online stores - and the internet allows them to operate from any part of the world with anonymity. The ability to spot online scams is an important skill to have as the virtual world is increasingly becoming a part of every facet of our lives. The below tips will help you identify the signs which can indicate that a website could be a scam. Common Sense: Too Good To Be True When looking for goods online, a great deal can be very enticing. A Gucci bag or a new iPhone for half the price? Who wouldn’t want to grab such a deal? Scammers know this too and try to take advantage of the fact. If an online deal looks too good to be true, think twice and double-check things. The easiest way to do this is to simply check out the same product at competing websites (that you trust). If the difference in prices is huge, it might be better to double-check the rest of the website. Check Out the Social Media Links Social media is a core part of ecommerce businesses these days and consumers often expect online shops to have a social media presence. Scammers know this and often insert logos of social media sites on their websites. Scratching beneath the surface often reveals this fu
So the worst has come to pass - you realise you parted with your money too fast, and the site you used was a scam - what now? Well first of all, don’t despair!! If you think you have been scammed, the first port of call when having an issue is to simply ask for a refund. This is the first and easiest step to determine whether you are dealing with a genuine company or scammers. Sadly, getting your money back from a scammer is not as simple as just asking. If you are indeed dealing with scammers, the procedure (and chance) of getting your money back varies depending on the payment method you used. PayPal Debit card/Credit card Bank transfer Wire transfer Google Pay Bitcoin PayPal If you used PayPal, you have a strong chance of getting your money back if you were scammed. On their website, you can file a dispute within 180 calendar days of your purchase. Conditions to file a dispute: The simplest situation is that you ordered from an online store and it has not arrived. In this case this is what PayPal states: "If your order never shows up and the seller can't provide proof of shipment or delivery, you'll get a full refund. It's that simple." The scammer has sent you a completely different item. For example, you ordered a PlayStation 4, but instead received only a Playstation controller. The condition of the item was misrepresented on the product page. This could be the