The Lernaean Hydra, whose extermination is impossible, internet and phone scams which are estimated to generate annual losses of several hundred million euros.

The astute – Greek and international circles – are constantly inventing new ways of deception, but they always use the method of social engineering to manipulate unsuspecting citizens and extract valuable information such as bank codes.

Recently, the mayor of Minoas Pedias, Manolis Fragakis, has been added to the long list of victims. One phone call from his alleged supplier was enough for strangers to withdraw 7,800 euros from his account.

OUR Hellenic Banking Association (HBA) according to recent estimates, about 500,000 euros per day, or 175 million euros per year, are stolen by bank account hackers, although many of these incidents are prevented by fraud-predicting technology systems. However, losses are estimated much higher. This is because victims are in many cases reluctant to report incidents to the authorities and sometimes spend significant sums appointing experts of questionable effectiveness (such as independent investigators) to identify perpetrators.

In addition, a very large number of different types of fraud do not fall under the pure category of online banking fraud, such as monkey investment companies that, by luring high returns, manage to gradually extract large sums of money with the consent of their initially unsuspecting individuals. victims .

The lack of territorial restrictions and techniques for hiding digital traces make it difficult to solve crimes.

It is estimated that this particular group of “investors” looking for immediate gains have collectively lost more than €200 million over the past two years.

The lack of territorial restrictions and the use of sophisticated techniques to hide digital traces make it difficult to detect computer fraud under Article 386A of the Criminal Code. So, if the money flies away, it is almost impossible to trace the perpetrators.

Ten Most Common Digital Tricks

• Phishing emails. The goal is to trick the recipient into revealing personal and financial information or security codes. These types of messages are very similar to those that banks send to their customers, with the same logo, features, and style as real emails.

• Fake messages on mobile (smishing). The recipient is prompted to click on an email link to confirm, update or reactivate their account. However, the link leads to a fake website through which the attackers gain control of the mobile phone.

• Approach by phone (vishing) of the victim. Combined with the introduction of social engineering, the victim is persuaded to reveal personal information, security codes or pin codes, or even transfer money to scammers. Accordingly, victims may receive e-mails from the retail chain for the purpose of, for example, withdrawing money from their account. In the same message, the victim is asked to call a support phone number. Unlike entering personal data into a website, this method has higher success rates, according to analysts at cybersecurity solution provider Karpersky. This is because when victims are on the phone, they are usually distracted, making the trap difficult to recognize.

• Sim Replacement Technique, whose “secret of success” is based on the fact that the use of a mobile phone number is one of the most basic elements of identifying a subscriber or transaction. Attackers impersonate the owner of a SIM card in order to deceive providers and obtain a new card that replaces the card of the rightful owner. As soon as they activate the new card, the old one is deactivated. As a result, all services (calls, SMS, Internet access) go to the offender’s device.

• Online stores and large stores proposals without real consideration. Fake contests for gift certificates from retail chains also fall into this category. The victim is asked to enter their phone number and other personal information.

• High Yield Investment Fraud accompanied, perhaps, by the largest booty. Criminals typically use tools and software that allow them to spoof their phone numbers (“fake caller ID”), impersonate fake websites as real, and create fake documents. They promise their victims that with a very small initial capital, usually 250 euros, they will be able to earn a lot by investing in financial products.

• Online Date. Fraudsters, having gained the trust of the interlocutor, ask for and, as a rule, receive personal photos or videos, and then blackmail them, demanding money for them not to be in the public domain.

• Payment of bills and documents. According to Europol, the company is approached by email, phone, etc. by someone claiming to represent the receiving supplier. The scammer requests the change of information for future bill payments (i.e. the recipient’s bank account details), thereby guaranteeing ownership of the proposed account.

• Sending corporate email employee of the company authorized to make payments. A scammer who knows the internal structure of a company poses as a high-ranking executive (such as a CFO) and urgently demands payment of an invoice, often citing a “delicate” business situation (such as a tax audit). Often a redemption request concerns making payments to banks outside of Europe.

• “Golden Legacy” In “419 scams” or “Nigerian scams” as they are called, messages are sent to random Internet users informing them that the owner of a large fortune has died. And, either there is no heir and the recipient of the message is chosen as the heir, or in order for the property to be released, it must be transferred to a foreign bank account. Thus, the recipient is informed that if he makes his account available (and sends his bank account details), he will receive a certain percentage of this property. Accordingly, people from Nigeria are looking for partners to transfer their funds and promise high commissions.

How to avoid electronic traps

“A pause is enough to avoid online scams.” This is the main message of the e-fraud information campaign run by the Ministry of Citizens’ Protection, the Bank of Greece, the Hellenic Police and the Hellenic Banking Association. Indeed, according to cybersecurity experts, common sense and judgment regarding the content of an incoming message or call is the best defense against digital fraud.

For example, in the case of messages purporting to be from banks, it can be a lifesaver to think that if an important issue arises, the customer will be notified via a message to their online banking account. Accordingly, one can avoid the pitfalls of knowing that a bank will never ask for a credit or debit card PIN or bank account password through e-banking.

In the event of fraudulent messages (phishing), experts recommend updating the latest version of the browser, antivirus program and computer operating system. They also focus on “banking” emails that ask for sensitive information (such as the password for your online banking account).

In this direction, recipients should check messages carefully and compare the bank’s email address with the one that appears in older (real) messages. Spelling, grammatical, or syntax errors are the most serious indication that this is a phishing attempt, and clicking on an email link or downloading an attached file is strictly prohibited.

Accordingly, recipients should not respond to SMS messages requesting their bank account PIN or password or any other personal security credentials (such as an e-banking username).

What does Europol recommend?

“If you think that you may have responded to a fraudulent SMS message and provided your bank account details, contact your partner bank immediately,” advises Europol.

​​​​​For phone calls, where the perpetrators are usually very polite, it is recommended that the recipients keep the phone number they received the call from and let them know that they will call back themselves. They should also be aware that scammers can find a person’s basic contact information online (such as social media or a phone book). In other words, the fact that he has this kind of information at his disposal is not proof of the real status of the caller.

When it comes to invoice fraud, businesses need to ensure that employees are informed and aware of the specific form of fraud and how to avoid it.

For their part, employees should not use the contact details provided in the change request email.