Martin Oslizlo is a former police officer and now heads the anti-fraud management department in the compliance unit at ERGO. In interview, he explained the most popular types of online fraud at the moment and how you can protect yourself.
Mr Oslizlo, what are the most common types of fraud in the Internet at the moment?
The “classic” methods are still the most popular. You order goods online, pay up front but the goods never arrive. Or you deliver goods but the payment never arrives. The web is full of enticing scam offers which many users still unfortunately fall for. One particularly well-known scam is the so-called “Nigeria connection” which has been a synonym for advance-fee scams for many years. It works like this: You receive an e-mail supposedly sent by a lawyer representing a Nigerian prince who is in possession of two tonnes of gold and needs someone who can import it to Germany. The worst thing is: The scam still works today.
Another major threat is hacking. Outdated hardware and software are often used by hackers as gateways. Malware (malicious software) is a common method used by cyber criminals to infect your laptop and then blackmail you for them to decrypt it again.
Which other methods are used?
Another method is the use of a so-called financial agent. Fraudsters who commit phishing crimes want to delete their traces and therefore need an unsuspecting account holder who transfers money from the victim’s account to the fraudsters’ own overseas accounts. These unsuspecting persons are targeted for example by phishing, i.e. e-mails sent by supposedly legitimate finance companies who promise them fast ways of earning money. All the customer has to do is transfer a sum of money onto a third party. And this sum of money is sent by an unsuspecting scam victim. In this case, the crime committed is money laundering. The victims of this type of scam are usually very naive. However, the perpetrators use very sophisticated tactics.
CEO fraud is a particular type of scam. What does it involve?
In principle, it is an extension of the scam often targeted at elderly people where criminals pose as long-lost close relatives. However, CEO fraud is a more sophisticated form of attack. In this case, the fraudster contacts a higher-ranking employee in a company and tries to manipulate them into depositing high sums of money into an overseas bank account. The attackers often give the victims the impression that they are acting on behalf of the CEO personally and that the transaction has to be carried out asap. These types of fraud are often so cleverly planned and instigated that the employees are tricked into believing them. It is a type of social engineering where humans are seen as the weak link in the security system chain.
What can victims do in this specific case?
It’s very easy: Simply call their boss. But unfortunately some employees don’t. Perhaps because there is still the view held that you don’t call the boss about such e-mails. And employees don’t often dare to pick up the phone to call their boss. It would however be so simple to clear up the matter.
How can I protect myself as a user?
Don’t be too trusting. If an offer in an e-mail sounds too good to be true, it often is and you shouldn’t fall for it. The best way to protect your IT system is by installing the best virus protection available. Cyber insurance is also worth investing in.
But one thing is clear: The real weak link in the chain is often the human and not the IT system. Humans are curious beings and like to click random links. It’s often a combined case of both ignorance and naivety. You should always be extremely cautious in the Internet. Be careful with e-mails if you don’t recognise the sender. Also look at how the e-mails are worded. Phishing e-mails are often very poorly written and translated. Emails supposedly sent by known companies can be verified by checking in the e-mail header whether the emails have actually been sent by these companies. Dual-factor authentication is enormously important in the banking sector.
What concrete action can I take if I fall victim to a fraud scam?
The most important thing to do is contact the police even if they can’t immediately track down the fraudster. The police has been monitoring this phenomenon intensely and has stepped up its response enormously in recent years. Undercover investigators work online investigating and combating serious crime. This is why it’s important to report online fraud because the police has insight to which you don’t have access. You’ll also receive help and advice from the police. You should also closely analyse why it happened to you. Do you have any vulnerabilities in your IT system? Did you click specific links or is your anti-virus software outdated?
What chances do I have of recovering my money as a fraud victim?
That’s difficult to say. With small amounts of money of less than 1,000 euros, you have relatively little chance of getting your money back. And in a large-scale fraud case, you first have to locate the money. Even if you catch the fraudster, it’s no guarantee you’ll track down the money.
What’s your professional background?
I’ve had a variety of different jobs. I started my career as a chef and hotel manager. I then joined the police force and specialised in corporate white-collar crime working for the criminal investigation department. This involved insurance frauds, staged road traffic accidents or fake damage claims. That’s where I learnt more about the issue of compliance and completed my masters on this subject. I was then given the opportunity to establish the internal investigations department at ERGO.
Your previous experiences certainly help you in your current position …
I would even go so far as to say that these experiences are essential for the job. I know a lot about how fraud is actually committed and how this can be investigated and solved. That’s important because the issue has many different interfaces which is why our team is very diverse in terms of competences and experiences. In our department, we have both lawyers and colleagues who are qualified insurance brokers and have previously worked in different areas of the company, for example in sales.
Our investigations have to uphold in a court of law which is why we have a lot of responsibility. Zero tolerance for white-collar crime is the policy at ERGO.
Interview: Benjamin Esche
Attempts at online fraud are on the rise. Although phishing attacks and CEO fraud are still very common, the number of cases is currently in decline, according to IT service provider ITERGO. This down trend can be attributed to successful campaigns against hacking infrastructures by the Federal Criminal Police Office and other authorities.
There has recently been an increase in the spread of so-called “fake sextortion” e-mails. In these e-mails, attackers claim to have compromising photos or video material of the e-mail recipient and threaten to publish them if a ransom payment is not made in bitcoins. However, there has so far not been one single case where the attacker’s claims have proven to be true.
The attackers constantly think of new ways of successfully perpetrating their crimes. “The human” and thus the employees of a company play an important role in the prevention of such attacks. Phishing e-mails are a good example, according to the Global IT security division at ITERGO. For this reason, it is very important for companies to make their employees aware of these types of attacks.