Protean, often ingenious, attacks on our bank accounts are often difficult to detect. Here is, in summary, what you need to know about the procedures and tools used by online scammers.
They all have the same goal: steal your money. To achieve this, fraudsters compete with duplicity, but it must also be accepted smartly.
Financial scams are, in fact, protean, constantly adapted and, in fact, sometimes so sophisticated that they become difficult to detect. Therefore, the importance of knowing well the methods of operation of fraudsters and the means they use to achieve their goals.
Two main categories of fraud
The first strategy of scammers to rip you off isget the money from the source, that is, in your bank account. This is what INSEE says in its annual study on victims of crimes and criminal offences (1)class likebank fraud.
To achieve this, they divert your means of payment, most commonly your bank card. To do what? In 2018 (2)56% of bank frauds materialized through a purchase paid by credit card on an e-commerce site. Purchases paid by bank card in a traditional store were rarer (10%), as were fraudulent transfers (9%) or ATM withdrawals (6%).
The second category of fraud: what INSEE classifies asLies. Here’s yours means of payment are not diverted. It is you who, duped, agrees to pay for a product or service that will never be delivered or returned (36% of cases in 2018), or to transfer money, as part of blackmail or fake romance. (2) (21%).
From an accounting point of view, these two categories of fraud weighed in 2018 (3), approximately the same weight. That year, an estimated 1.26 million people were victims of a fraudulent debit; 1.24 million scams. The damage suffered is generally less severe in the case of fraud. In one third of the cases, it costs the victim less than 50 euros. The damage exceeds 1000 euros only in 18% of cases, compared to 29% for bank fraud.
Conversely, in the case of a bank fraud, 79% of victims were reimbursed, most often by their banks. A figure in accordance with the results of our exclusive survey, conducted in partnership with YouGov France (4): 65% of people surveyed said they were fully compensated after fraudulent debits and 17% were partially so. On the other hand, the case of a scam is much rarer: in 2018, 6% of victims stated that they had been reimbursed. It must be said that only a quarter of them had requested compensation.
One fuel: personal data
Either way, fraudsters need fuel to fuel their misdeeds: personal data. Three types of data in particular:
- of identity information (marital status, addresses, identifiers, account numbers, etc.)
- of Passwords;
- of bank card details.
By collecting and cross-referencing this data, fraudsters hit the jackpot. They open up a wide field of possible fraud. They have the keys, in particular, to try bypass safety devices – so-called strong authentication – set it up to protect your means of payment.
A recent news story provided a good illustration of this. Scammers do not hesitate to call their victims directly on the phone, pretending to be a bank adviser, a public service, a delivery company. Impersonations are made credible by the degree of information they have about you.
Mobile payment: here’s the weak point that explains the massive fraud in Apple Pay
Objectives that go beyond simple fraudulent debits
Debiting your account without your knowledge isn’t the only goal of fraudsters. Stealing your personal data also enables themsteal your identity. Why? ABOUT get a bank loan in your name, for example, which you will then be asked to pay. Or for open an online banking account (particularly in non-banks) which they will then use to pass on the proceeds of their scams.
To achieve this level of usurpation, fraudsters must gain access not only to information, but also to highly personal documents such as identity documentsof account statements or even slips. And they have strategies to get their hands on it, as we told you last May.
Who’s Behind Online Loan Scams?
A favorite method: phishing
The strange anglicism has already entered the everyday language, thanks to the warnings given by banks or institutions responsible for guaranteeing the protection of citizens. The most frequently implemented data theft technique is, in fact, phishing, or hameonnage in French.
Nobanques: the cheapest offers to control your budget
The principle is always the same. It manipulate his victim into revealing, of his own free will, sensitive and personal informationusurping the identity of a well-known service: bank, tax, public service, social organization, etc.
The means to achieve this, on the other hand, are very different. For a long time, the preferred medium was fake e-mail, before mailboxes strengthened their anti-spam filters. The fashionable method now is a variant called smishing, SMS shrinking and phishing. The advantage of SMS: fraud is easier to hide in a short text message. All the more simple because there are ways to usurp the phone number of the service used as a hook, to make the victim believe.
To encourage the victim to take the hook, cybercriminals generally create a sense of urgency. His message insists on the risk of a quick suspension of a service, the loss of a social benefit or even a fine. To prevent this danger, the victim is encouraged click on a link which will allow him to fix his situation. Then it goes to a fake websitecopy of that of the impersonated service, where they will be asked to provide, most often, credit card identifiers, but sometimes much more.
The method is well established: two out of three times, victims of bank fraud do not realize the fraudand therefore are unable to tell when and how their personal data was stolen.
Among the hooks used during the current crackdown campaigns, we find the Crit’Air sticker, supposedly now mandatory, the Netflix account, which will be suspended for non-payment, or the Vitale card which is about to expire. . But new hooks appear regularly to replace those that have been seen and published. Faced with this perpetual renewal, there is only one solution: systematically apply some safety rules.
Our advice to protect your bank account
(1) The Environment and Safety Survey provides annual statistical monitoring of victimization, including fraud and fraud, regardless of whether or not the facts have resulted in a police report. It is carried out by the National Institute of Statistics and Economic Studies (Insee), in partnership with the National Observatory of Delinquency and Criminal Response (ONDRP, abolished in 2020) and the Ministerial Statistical Service for Security (SSMSI, established in 2014). . (2) A type of scam in which the scammer pretends to be a potential romantic partner, often through dating sites, apps, or social media. (3) Source: Environment and Safety Survey, latest figures available. (4) The survey was conducted with 1,003 persons representative of the French national population aged 18 and over. The survey was conducted online, on the YouGov France proprietary dashboard from October 28 to 31, 2022.