Close panel

Close panel

Close panel

Close panel

The ranking of the most popular scams on the web

David Corral (BBVA Creative)

It is possible that this is not the most fun ranking among all the possible rankings, but it is probably the ranking we should all know to be alert and not to lower our guard when we move in digital environments.

We are witnessing the rise of social engineering techniques and scams on the net. Every day we make up with new warnings from different authorities.

The pigeon drop scam has evolved thanks to messaging systems, mobile devices and social networks, all perfect ecosystems for creating and spreading scams and frauds. You must be alert and know what baits they use to catch their victims and be prepared to avoid them.

The most common Internet scams

1. Phishing

It is considered the most widespread modality in the network to steal information. It involves impersonating a known company or entity in order to trick users into providing their data, including bank passwords.

One of the last cases of phishing detected was carried out by impersonating Google Docs: the user received an email saying that a folder had been shared with him. The objective was to encourage users to enter their passwords to view the content of the folders, which were then captured by the attackers.

Every day, new and increasingly orchestrated phishing attacks are discovered, either targeting general targets through massive spam campaigns or specific targets through targeted attacks. In these targeted attacks, criminals use information from the victim's environment to make phishing more credible and effective, and are very common in corporate environments. An example of this type of attack is ‘CEO fraud’, which consists of impersonating a manager to get employees to make payments or reveal confidential information.

2. Messaging fraud

These are messages sent by WhatsApp or SMS with false discount coupons or false offers whose purpose is to get the user to enter their data to obtain their coupon. By doing so, they are unwittingly subscribing to a premium SMS service.

3. Fake news

Many social networks and sites are used to launch fake ads or news that play on the impact, curiosity, fear or morbidity of users in order to spread quickly and redirect users to infected sites that introduce 'malware' into their computers to hijack information or generate false 'clicks' that can monetize.

ENISA, the European Union Agency for Cybersecurity, has created several campaigns to learn how to identify them and prevent their spread.

4. Fake contests, lotteries and easy money

Social networks are plagued by these types of lotteries and fake contests where you must provide your data or share the publication to participate. The objective is again the theft of information, obtaining income through deception and the involuntary subscription to premium messaging services of additional pricing.

There are also plenty of ads to easily earn money from home or get a bargain: this type of bait appeals to the sense of opportunity and plays with urgency so you don't have much time to think, last units, last hour or last places are the expressions that usually include their ads, don't take the bait.

5. Fake apps

Another increasing modality is the use of fake applications. These are apparently harmless applications that have criminal objectives to steal information or create involuntary subscriptions to premium rate services, such as SMS.

One of the most well-known scams in Android is Judy. It has infected more than 36.5 million users around the world with apps called Judy that were intended to make a profit through advertisements.

Another more recent case of application scams is known as ‘Operación Rikati’, where scammers create simple applications such as flashlights or a list of tricks for WhatsApp that, hidden from the user, make automatic calls to special rate numbers or activate subscriptions to premium message services.

10 tips to avoid taking the bait