7 most common online financial scams & how to avoid them Bron Europol | Stop Pesten NU


7 most common online financial scams & how to avoid them Bron Europol

Cybercriminals are constantly looking for ways to make money at your expense. Individuals and organisations often fall prey to frauds that involve various forms of social engineering techniques, where the information required is garnered from a person rather than breaking into a system.

These scams are typical examples of how cyber attackers can easily play on people’s psychology and perceptions. The tips provided here are aimed to help you protect yourself. Awareness is your best defence!

General tips:

  • Check your online accounts regularly.
  • Check your bank account regularly and report any suspicious activity to your bank.
  • Perform online payments only on secure websites (check the URL bar for the padlock and https) and using secure connections (choose a mobile network instead of public Wi-Fi).
  • Your bank will never ask you for sensitive information such as your online account credentials over the phone or email.
  • If an offer sounds too good to be true, it’s almost always a scam.
  • Keep your personal information safe and secure.
  • Be very careful about how much personal information you share on social network sites. Fraudsters can use your information and pictures to create a fake identity or to target you with a scam.
  • If you think that you have provided your account details to a scammer, contact your bank immediately.
  • Always report any suspected fraud attempt to the police, even if you did not fall victim to the scam.

INFOGRAPHICS, Download the Cyber Scams infographics (PDF)Spoofed Bank Websites

Romance Scam
Phishing / Vishing / Smishing
CEO/Business Email Compromise (BEC) Fraud
Investment Scams
Invoice Fraud



1. THEY PRETEND TO BE YOUR CEO, What are the warning signs?

CEO/Business Email Compromise (BEC) fraud occurs when an employee authorised to make payments is tricked into paying a fake invoice or making an unauthorised transfer out of the business account.

  • Direct contact by a senior official through an unsolicited email or call.
  • Request for absolute confidentiality.
  • Pressure and sense of urgency.
  • Unusual request in contradiction with internal procedures.
  • Threats or unusual flattery and/or promises of reward.

How does it work?

The method is based on an employee’s eagerness to quickly carry out tasks when they are specifically requested to do so by senior management. The fraudsters appear to have considerable knowledge about the organisation and the emails appear very convincing.


How does it work?

A business is approached by somebody pretending to represent a supplier/service provider/creditor. These approaches can be made over the telephone, by letter, fax or email. The fraudster requests that the bank details for a payment (i.e. bank account payee details) of future invoices be changed. The new account suggested is controlled by the fraudster.


Phishing (i.e. via email), smishing (i.e. via sms) and vishing (i.e. via voice call) are the most common social engineering attacks targeting bank customers.

Bank phishing emails

Phishing refers to fraudulent emails that trick the receivers into sharing their personal, financial or security information.

How does it work?

These emails:

May look identical to the types of correspondence that real banks send, replicating the logos, layout and tone of real emails;
Use language that transmits a sense of urgency, for instance implying a penalty if you don’t respond;
Can ask you to download an attachment or click on a link.

Cybercriminals rely on the fact that people are busy; at a glance, these spoof emails appear to be legitimate. As a result, recipients are more likely to take what is written in them seriously and act upon it.

Bank vishing calls

Vishing (a combination of the words voice and phishing) is a phone scam in which fraudsters try to trick the victim into divulging personal, financial or security information or into transferring money to them.

Bank smishing SMSs

Smishing (a combination of the words SMS and Phishing) is the attempt by fraudsters to acquire personal, financial or security information by text message. They act as a

How does it work?trustworthy source, impersonating a bank, card issuer or utility/service provider.

The message will typically ask you (usually with a sense of urgency) to click on a link to a website or call a phone number in order to ‘verify’, ‘update’ or ‘reactivate’ your account. The website link will lead to a bogus website and the phone number to a fraudster pretending to be from the legitimate company. The goal is to get you to disclose any information that can then help the fraudsters steal your money.


Bank phishing emails usually include links that will take you to a spoofed bank website, where you are requested to divulge your financial and personal information.

What are the signs?

Spoofed bank websites look nearly identical to their legitimate counterparts. Such websites will often feature a pop-up window asking you to enter your bank credentials. Real banks don’t use such windows.

These websites usually display:

Urgency: you will not find such messages on legitimate websites;
Poor design: be cautious with websites that have flaws in their design or errors in spelling and grammar;
Pop-up windows: they are commonly used to gather sensitive information from you. Don’t click on them and do not submit personal data on such windows.


Romance scams commonly take place on online dating websites, but scammers often use social media or email to make contact.

 What are the signs?

  •  Someone you have recently met online professes strong feelings for you, asking to chat privately.
  • Their messages are often poorly written and vague.
  • Their online profile is not consistent with what they tell you.
  • They may also ask you to send intimate pictures or videos of yourself.
  • They patiently wait to gain your trust, sometimes waiting up to weeks or months. Then they tell you an elaborate story and ask you for money, gifts or your bank account/credit card details.
  • If you don’t send money, they may try to blackmail you. If you do send money, they will ask for more.
  • They will always have an excuse to justify their webcam is not working, being unable to travel to meet you and why they always need more money.


Your personal information is valuable to criminals. Protecting yourself from scams also means keeping your personal information safe and secure.

How does it work?

Even if you have your social media accounts configured as ‘private’ and properly protected, or if you are cautious and don’t share much information within your profiles (pictures, videos, status updates, etc.), scammers use different techniques to trick you into typing in your personal details (name, email, password, credit card number, etc.), information which then can be used to steal your identity.

Your personal details can help fraudsters to:

make unauthorised purchases on your credit card or open bank or telephone contracts and accounts;
take out loans;
sell your personal information to other fraudsters;
carry out illegal business under your name.

Many attacks follow a similar pattern, some classic ones include:

Twishing (a combination of the words Twitter and phishing) is the act of sending a message to a Twitter user directing them to visit a website. If the user logs in to the fraudulent site, the attacker obtains their account information (name and password).
Who viewed your profile or social media page? Such service will request that you grant it access to your profile. It will then lead to a fraudulent survey, making you share your personal information. The spammer will earn a commission each time someone fills in the survey. You will never find out who looked you up.

“Is this you in this video?” By clicking on these videos you will end up in a survey that earns money for the spammer. You could also end up infecting your device with malware.
“Your account has been cancelled”, “confirm your email account”. Such scams aim to get you to disclose your private information and account credentials.
Gift card scams and fake offers from popular, high street names or high value brands. These scams aim to get the user to reveal
personal information or sign up for expensive services. They take up a new form every month and sound too good to be true – the requested service or product will never arrive.
Miracle product, free trials! This online scheme uses free trial offers, bogus endorsements, and surveys to trick you into paying for products and subscriptions you don’t know you are signing up for (e.g. recurrent shipping fees).
“Earn loads of money working from home”. Any job that requires a fee for you to start is likely to be fraudulent. These adverts are found on social media and they direct to an offer that charges for a kit that will help you get started on making thousands of euros. You can be asked for a lot of personal details,
including your tax file number, copies of your passport or driving licence. Some job offers may be covers for illegal money laundering activities, asking that you receive payments into your bank account for a commission and then pass the money on to a foreign company. You will be acting as money mule for criminals, which is a crime.
Help, I’m in trouble!  An impersonator who pretends to be a relative in urgent need of money contacts you via social media message. The scammer will show distress and will ask you to wire him/her cash. Telephone, email or text message can be other ways of approaching you.



Common investment scams may include lucrative investment opportunities such as shares, bonds, cryptocurrencies, rare metals, overseas land investments or alternative energy.

What are the signs?

  • You receive an unsolicited call, repeatedly.
  • You are promised quick returns and assured that the investment is safe.
  • The offer is only available for limited time.
  • The offer is only available to you and you are asked not to share it.

Bron Europol