January 28, 2023 - Online scams are more and more prevalent in Croatia, reports Vedran Salvia on Index.hr.
There are more and more online scams in Croatia. Hardly a day goes by without the police sending out reports about all the people who have been scammed.
Huge increase in 2022 vs. 2021
Ten years ago, most people scoffed at attempted scams. At that time, it was mostly about various Nigerian princes who needed your help to free their millions. Today, Nigerian princes with funny Croatian language, which were made possible by then still undeveloped translation programs, are no longer in fashion. Today, the impression is that people of all ages fall for scams, and they do so for substantial sums for which they have been saving for years.
As for the year 2022, the Ministry of the Interior answered Index that a total of 1,864 criminal acts in the field of cyber security crimes were recorded, which is an increase of 19.3 percent compared to the same period in 2021.
"The largest number of cyberattacks is represented by various forms of computer fraud, the number of which increased from 1,158 to 1,425 criminal offenses, which represents an increase of 23.05 percent compared to the same period last year. The resolution of cybercriminal offences is 62.3 percent," said the police response.
How much damage is involved? We do not have data for the entire year 2022, but for the first 11 months, as informed by the head of the Cybersecurity Service of the Police Directorate, Renato Grgurić, in December of last year when he presented the project Strengthening the capacity of the police to combat cybercrime.
It is about the damage resulting from the cases that have been reported. Logically, there are indications that some do not register because people are ashamed.
"Damage this year was over six million euros, and this is only about the reported cases, which means that this number could be much higher, and that is a good enough reason for conducting this campaign to make citizens aware and prevent them from becoming victims of criminal acts," he emphasized.
We also checked how many cases of computer fraud there were in 2012, ten years ago. At that time, 505 computer frauds were recorded, which is almost three times less than today.
These are the most common scams
What are the most common internet scams? Here is how the police categorize them:
1. Identity theft (an independent crime or a preparatory act):
· Vishing - Phishing: A telephone scam in which fraudsters call you and try to get you to reveal your personal, financial or security information or to pay them money.
· Phishing - Online identity theft with fake e-mail messages: Fraudsters send you fake e-mail messages that try to trick you into sharing personal, financial or security information.
· Smishing - Identity Theft by SMS: This is an attempt by fraudsters to obtain personal, financial or security information via a text message.
2. CEO fraud / director fraud - Fraudsters pretend to be your boss or superior in the organization and trick you into paying a sum of money into a fake account or making an unauthorized transfer of money from a business account.
3. BEC (Business Email Compromise) Scam or Account Fraud - Scammers pretend to be your customers/suppliers and trick you into paying future bills to another bank account.
4. Counterfeit bank websites - A fake bank email with a link to a fake website is used. Once you click on a link, various methods are used to collect your financial and personal information. The page looks like a real website with a few small differences.
5. Romance Scams - Scammers pretend to be interested in a romantic relationship. These usually take place on online dating sites, and scammers often use social media or email to make contact.
6. Investment Scams and Online Shopping Scams - Trick you into thinking you're on a smart investment trail… or give you a great fake online deal.
7. Theft of personal information - Your personal information is collected through social media channels.
Frequent thefts via Njuškalo or Facebook Marketplace
The police added that by frequency we can single out the reported computer frauds where the victims sold items of negligible value on various online advertising platforms.
"The perpetrator would contact the seller-damaged through messages on various social networks/mobile applications, that he was supposedly interested in buying the item, stating to the victim that he had directed a postal delivery person to pick up the item he was selling, that he had already paid for the item and the cost of delivery to the online advertiser or to the delivery person or that he intends to pay the costs to the seller's bank account.
The victim is sent a phishing link that redirects them to a fake website, for example, which in terms of graphic design resembles the Croatian Post website, where a pop-up window opens for the victim to authorize payment by bank card. Thinking that he is paying the delivery man, the victim actually sends his confidential bank details to the perpetrator and thus ends up without money.
When we talk about internet platforms for which computer fraud is reported, these are Njuškalo, Facebook Marketplace and other online platforms for advertising," MUP states.
Due to the "new version of mobile banking", the company was left without several thousand euros
We wrote on Thursday that the company near Bjelovar was left without several thousand euros due to a computer fraud after the fraudsters induced its responsible person by e-mail to update the supposedly new version of mobile banking, but in fact it was about the so-called malicious message.
The Bjelovar-Bilogor police announced that a message was received on the e-mail of a company from Nova Rača with the name of the bank where it has an account and an alleged request to update the new version of mobile banking.
For that, you had to sign up at the link that was in that message, and when you clicked on the link, you were asked for your mobile banking login user number, PIN, and a one-time password that you received via SMS from the bank's number. During the day, a new e-mail message from that bank arrived, asking users not to open the earlier message because it is a malicious e-mail, that is, a phishing campaign aimed at the bank's clients.
Since the aforementioned employee opened the malicious message earlier, she called customer service and found out that several thousand euros were missing from the company's business account.
She paid a total of 17 thousand euros on 13 occasions
Just a day before, we wrote that the Dubrovnik Police Station received another report of the criminal offense of computer fraud.
"The fraud was reported by a 51-year-old woman who stated in her report that, after searching for information on how to trade cryptocurrencies, she received a phone call from a male person who communicated with her in English about the procedure for investing in cryptocurrencies," the police write.
Following his instructions, the injured party created her user account on the website of the company he recommended, after which she installed an application that enables remote control of a remote computer or mobile device.
"She then paid a total of 17,000 euros on 13 occasions, and when she saw a profit of 100,000 euros on her account, she requested the payment of said money. Since she has not received any response until today, she realized that she had been deceived and reported the whole case to the police," described the police.
The police announced at the time that in the case of cryptocurrency investment scams, the perpetrators usually contact the victims by phone from the +44 area code (area codes from Great Britain), and then direct them to fake investment websites.
In addition to fake sites, which really seem legitimate, the first step is to ask people to install applications that allow control over your computer, and then, if it is a scam, after installing various fake platforms that show a false statement about the earned income, potential victims are encouraged on further investments, which leads the victims to increasingly large sums for which they will eventually be defrauded.
There are a lot of investment sites and they are constantly shutting down and creating new ones. It is best to do some research before making any investments, suggests the police. "Sites that are used for fraudulent investment will usually offer posts in the Internet search engine itself, in which people express their negative experiences through comments and report these sites as fraudulent," the police write.
She wanted to trade in oil shares, she was left without half a million kuna
We also remember the case from December when a 63-year-old woman from Krk was left without half a million kuna, who, in the hope of making a profit in trading oil shares, paid money online to fraudsters who falsely presented themselves as brokers.
In the Primorje-Gorski Kotar police, they stated that the injured woman had complained to them that since September, unknown persons had repeatedly called her on her mobile phone and, posing as brokers, had convinced her of the profit by trading oil shares through their "trader" on the website .
Under the delusion that she would make a profit, she paid them about half a million kuna to various accounts on several occasions until December. But soon she came across warnings on the Internet and information that it was a group of organized fraudsters and that they would not return her money. She realized that she was deceived and reported everything to the police.
An "American woman" promised him marriage and then robbed him
It's not always about brokers or cryptocurrencies. In February, we wrote that a case of romantic fraud was reported to the Dubrovnik-Neretva Police Department, when at the end of January the year before last, a 57-year-old man was contacted via social media by a woman who introduced herself as an American citizen who is currently in Syria with her father, who is there engaged in the military.
The communication soon intensified and became romantic, the police write further, after which the woman announced her arrival in the Republic of Croatia in order to legalize their relationship. She soon announced that her father was killed in the war and left a sum of 200,000 dollars, which she wants to bring to the Republic of Croatia and put in the account of the 57-year-old, to which he agreed.
Then they described how the fraud and robbery took place.
"After that, the woman switches the communication to an alleged agent who will bring the money to the Republic of Croatia, and who asks the 57-year-old on two occasions to pay money for customs duties in order to successfully bring the money into the Republic of Croatia, to which the 57-year-old agreed and pays on two occasions a total of 4650 euros.
When he was asked to pay the money a third time for the same purpose, the injured man realized that he had been deceived, after which he reported the whole case to the police," they add.
Cyber security expert Morić: It is easier for fraudsters to find victims today
Index talked about this topic with Zlatan Morić, head of the cyber security department at Algebra University. It tells us that there are more scams today than there were in the past.
"Primarily due to the growth in popularity of the Internet and the increased amount of information being transmitted over the network. One of the reasons is that fraudsters are now able to use more sophisticated technologies and tools to produce fake websites and e-mail messages that look legitimate.
In addition, today it is easier for fraudsters to find potential victims through social networks and other online platforms. Today, people are more inclined to turn to the Internet for shopping and banking, which provides more opportunities for attacks," he adds.
"Fraudsters are now able to use more sophisticated technologies and tools to make an attack difficult to detect. Most commonly, various phishing techniques (content that looks legitimate and distributed via email or web pages) are used to gain personal information and/or access user accounts.
More sophisticated scams also include the use of technology such as malware (malicious programs - viruses), ransomware (malicious programs that demand a ransom) and Trojan horses (programs hidden inside another legitimate program) to break into users' computers and data.
Scammers also use advanced machine learning and data analytics techniques to automate the process of finding potential victims and personalize their scams. For example, today online translation services are much better than before and it is increasingly difficult to detect that it is a machine translation," he says.
"People believe what they see on the Internet"
He also touched on the question of why people fall for scams so easily.
"One of the main reasons is the desire for easy money. They can easily be deceived when they are offered the opportunity to make quick and easy money. It is also affected by carelessness or ignorance. People often do not pay attention to the details or do not understand how Internet fraud works , which makes them more susceptible to fraud.
Attackers try to take advantage of people's vulnerability (social engineering) because most people have difficulty responding rationally to different emotions (fear, guilt, empathy...) and make decisions without thinking. In addition, we also have the problem that people believe what they see on the Internet and do not check the information before using it in making decisions," he adds.
He says that it is difficult to determine precisely the ratio of frauds that concern financial gain and those that concern the destruction of computer systems, because different types of frauds intertwine and can have multiple goals.
"In general, in the last 10 years or so, behind most attacks is some form of financial gain. Fraudsters use a combination of different methods to get as much benefit as possible from each fraud. For example, fraudsters who use malware (primarily used for attacks on computer systems) often they also use the data they collect on the computer for financial fraud," he says.
"Cybercrime can be considered easier to carry out than the usual one"
Is cybercrime easier to commit than ordinary crime?
"Cybercrime can in some respects be considered easier (or safer for the attacker) to commit than conventional crime. One reason is the anonymity provided by the Internet. Fraudsters can remain undetected and operate from any location in the world, allowing them to avoid criminal prosecution.
Another reason is the wide availability of tools and technology to carry out cyber attacks. There are many free tools and scripts that can be downloaded online, allowing even inexperienced fraudsters to carry out cybercrime.
Attacks can also be automated, making it possible to attack a large number of potential victims regardless of where they are in the world. "When an attack is carried out on a large number of people, even with a small percentage of people being deceived, the attackers can make a lot of money," he explained.
There is also deepfake technology, it uses fake videos and has not reached us yet
Are there any frauds that, for example, have not yet come to us, but are frequent abroad?
"Throughout history, we are constantly playing 'cat and mouse' in the world of cyber security. Attackers discover new methods to exploit vulnerabilities, and then solutions are developed to prevent these attacks. As most attacks are based on social engineering (attacking people), there technical measures cannot give us complete protection.
I think we all lack a positive dose of mistrust. The Internet is global and most attacks occur in all countries. Sometimes, some more advanced methods are first discovered in more developed countries for potentially greater financial benefit.
The reason is that when a type of attack is detected, the manufacturers of antivirus solutions make an upgrade that prevents it. Attacks that are already happening in developed countries, and as far as I know, have not been reported here, are attacks based on deepfake technology (deepfake is a technique of using machine learning to create fake videos or audio recordings that look like they were recorded by another person).
As part of the Internet users are aware of the danger, and when they receive an email asking them for something unusual, they will try to do a check.
That's why attackers started using machine learning to simulate the voice of a person known to the victim (colleague, superior, etc.) and make the same request via phone/video call. With such attacks, our level of mistrust decreases and we are more ready to fall into the attacker's trap," he says.
These are tips
He points out that the development of technology leads to a greater number of attacks.
"The reasons are various, the increase in the number of Internet users also increases the number of potential victims, the increase in the number of different services increases the number of vulnerabilities that attackers can exploit," he states.
We asked him what he would advise people about their behavior on the Internet.
"In general, try to behave online as you would in real life. If someone approached you on the street and asked for your credit card number/PIN, you probably wouldn't be willing to give out such information without being sure who is asking and why. Likewise you should also act when they ask you for the same information via e-mail," he adds.
He explained the basic safety tips for staying safe online:
Be careful when someone asks for your personal information.
Don't trust fake emails or messages asking you to enter your information.
Do not click on unknown links in e-mails or messages.
Do not disclose your PIN or password to anyone.
Don't answer numbers that have a strange area code or that ask you to enter financial information.
If you find yourself in a situation where you doubt the sincerity of the person you are communicating with, try to verify their identity or contact a professional for help.
Download and install a computer security program that will protect you from malware and other harmful programs.
Use strong passwords and change them regularly.
Be aware that scammers often use emotional tricks to get you to take quick action.
Police: Cybercrime is unlikely to decrease
Also, the police add that cybercrime is very dynamic and it is difficult to predict in what forms it will appear in the long term.
"However, cybercrime is unlikely to decrease, and new threats that emerged during the covid-19 pandemic will continue even after the current crisis is over.
The measures to prevent the spread of disease introduced during the pandemic significantly expanded the types of attacks and attack vectors (directions), as both citizens and companies used digital and Internet solutions more than before.
Lifestyle changes that emerged during the pandemic, such as working online, widespread online shopping, are unlikely to disappear after the pandemic is over. Cybercriminals will continue to look for opportunities to exploit these habits by adapting existing or devising new attacks," they added
In all police departments there are specialized police officers for cybercrime
"We believe that the risk of cyberattacks, including the misuse of personal data on the Internet, is still high, and in this context, the Croatian police continuously undertakes preventive activities to raise awareness of the public through thematic press conferences, announcements and the creation of audiovisual materials available on our website, Twitter and YouTube channel of the Ministry of Interior, and a web domain specialized in helping victims of cyberattacks with cryptolocker ransomware.
Below is the website of The No More Ransom Project and the announcement of the held press conference - Presented results of the NUBES operation and the redesigned NoMoreRanso website.
All police departments have specialized police officers for cybercrime, and any fraud or attempted fraud should be reported to the nearest police station. When applying, all available 'evidence' should be attached, i.e. correspondence that occurred during the commission of the fraud," said the Ministry of the Interior.