Toolkit Topic: Awareness raising of adult trainers on: video games, online gambling, online child pornography, online grooming, sexting, risks associated with online commerce, pro-suicide, pro-anorexia, pro-bulimia websites
Case Study Title: Online commerce fraud – phishing
Duration of Activity: 15 minutes
Learning Outcome: This case study will show how phishing can be a common method of scammers to enter a web user’s digital area and put them in danger
Aim of activity: Using email in the day to day in the digital media, one may come across emails or messages that look like they come from a colleague, a manager, a friend or a private or governmental institution. The ‘web attackers’ in today’s world have managed to excel their skills in social engineering. They send fraudulent messages designed to trick the web user into revealing sensitive information to them. Phishing messages can be of any topic. Here we present an educator’s experience with phishing on the topic of online commerce.
Since the start of the Covid-19 pandemic, as people were required to shop online as physical stores were closed, the number of frauds in the e-commerce sector continued to increase. The attackers were looking at every possible opportunity to take advantage of web users.
A friendly fraud is considered to be one of the most common types of online commerce fraud. In this type of fraud, consumers purchase goods or services with their cards, but they later claim that their cards have been stolen and request a refund. This is a dangerous one for many businesses.
A common fraud is also for attackers to test any possible credit card combination number and try to book a payment off it. The attacker tests whether they can withdraw money from the card by making a reservation on the card. Once they see that the card has balance, they make a payment. In order for consumers to stay away from being a victim of card testing fraud, monitor frequently the payments made from your cards via the online banking system. If ever in doubt, reach out to your bank and discuss your concern. There is mostly a 24 hour service that can support a user at any time of day.
Sometimes fraudsters target real marketplaces and create fake stores and storefronts and products. Consumers who do not pay attention to little details easily believe in this and shop. They pay but never get the goods or services. If you engage in a real marketplace service, you must follow strict security and verification measures.
You can also see this in the form of a triangular fraud. The fraudster sets up an online ecommerce store that sells high-demand products at low prices. When the customers place an order on their site, they use their credit card details to purchase products from a legitimate e-commerce site.
Finally, another type of online commerce fraud is phishing.
Masquerading as an online store, a web attacker dupes a web user into opening an email, instant message, or text message. The sender is attempting to trick the recipient into revealing confidential information by “confirming” it at the phisher’s website.
Some web users may struggle to recognise the signs that come with a phishing email. The most important challenge is to carefully inspect an email. Looking out for a number of things such as who the sender is and is their email real, what are they asking for, do they greet you appropriately or do you receive a generic greeting and finally what the hyperlinks and attachments seem to be leading to (hovering the mouse around them).
Here is an example of a phishing email from a company which offers digital services.
Inspect this email carefully. What are the first things that you see?
The attacker is requiring you to click on a link.
The sender’s email looks dangerous.
What does the VT before @globalpay.com stand for?
Ask the critical questions before you click!
There are different types of e-commerce fraud that is happening even more often since the start of the Covid-19 pandemic.
- Being aware of different types of fraud allows the learner to be more aware of what scammers and web attackers’ strategies look like
- Seeing an example of a phishing fraud email allows the learner to gain practical knowledge on how to recognize a phishing email
The tips support the learner to be safer in the digital media and e-commerce environment.
Include here a set of questions which adult educators can apply their learning from this case study to their classmates:
- What is credit card testing fraud?
- What is triangular fraud?
- What are the signals that an email can be part of a phishing fraud?
- What is important for a user to do on a frequent basis?
- Are there other examples of fraud that you can think of?
- How can one best protect themselves in the online commerce world and avoid being a victim of fraud?