Online fraud: how can I protect myself?

Fraudsters are becoming more sophisticated and harder to spot. Therefore, knowing how to spot and stop a scam is more critical than ever. For a fraudster, the methods used to trick victims often involve impersonation or deception, leading to significant financial losses.

MoneyHub spoke with our community and they shared their experiences with us on what to be aware of right now and how to protect yourself.

What’s the difference between fraud and a scam?

The key difference is that a fraud can occur with or without the victim’s participation. In contrast, a scam more often involves manipulating the victim into doing something, like buying fake goods or sending the money to a ‘safe account’.

Identity theft is another form of fraud where the victim’s personal information is stolen and used without their knowledge.

Typically, with a fraud, victims are completely unaware they have been defrauded until their card stops working or notice an unusual debit from their account.

A scam involves the victim being caught up in a fake call from their bank, an investment opportunity, or the purchase of goods from a fraudulent or fake seller. The victim is more involved in the scam, as the criminals will do their best to get the victim to process the transaction themselves.

Why has fraud risen so much in the past couple of years?

Fraudsters focus on life events happening around the world. Phishing attacks, where fraudsters send fake emails or messages to trick victims into revealing personal information, have also become more prevalent. There was a sharp increase in scams during the pandemic and the cost-of-living crisis.

Fraud and cyber crime have risen the most.

In 2023, 3,223 fraud and cyber fraud cases were registered in Estonia, an estimated 2,100 were committed via computers, and 25 percent involved scam calls or messages. Fraud cases have increasingly shifted to electronic channels, while traditional methods like paper document forgery have declined.

Furthermore, the PPA says it is worried about scammers convincing victims to hand over cash or use parcel machines, with an increase in cash scams in 2024 – as of the last month of last year, scammers had defrauded Estonian citizens and residents of €7.2 million in total.

What are the main types of scams people should be aware of?

Impersonation fraud

This is one of the most common types of scams. It occurs when fraudsters send emails and messages impersonating trusted authorities and well-known brands, exploiting people’s trust. Spoofing is a common technique used in impersonation fraud, where fraudsters make their emails and messages appear as if they are from trusted authorities.

Financial services brands are commonly impersonated because criminals can exploit people’s natural concerns for their money. Still, there’s also been fraud around the banks, EMTA, parcel delivery firms, social media companies and other familiar organisations. Typically, the emails link to a fake log-in page and ask you to enter your username and password. Criminals will then use this to steal information or try the same password to access other things like your bank account (this is why you should never recycle passwords!).

‘Safe account’ scams

A criminal contacts you pretending to be from law enforcement (police or national crime agency) or your bank and tells you they are conducting an investigation and need you to move the money to an account they control. Vishing, or voice phishing, is a technique used in these scams where fraudsters use phone calls to trick victims into transferring money. This is usually a ‘safe’ or ‘new’ account, and they would provide you with new account details, which are often held at a different bank.

One-time passcode scams

One-time passcodes confirm your identity or approve a genuine transaction you are trying to make. They are numerical codes that can only be used once. Fraudsters often call customers, pretending to be from banks like Swedbank and LHV, telling them there is a problem with their account and they need to share this code urgently. By sharing this code, you could be giving fraudsters access to your money or account.

Investment fraud

This is usually done via cloned websites, which are hard to detect and mirror images of their genuine counterparts. Ponzi schemes are a common type of investment fraud in which returns are paid to earlier investors using the capital from newer investors. Crypto assets have also featured heavily. These are not regulated investment products (even in legitimate circumstances) and are flooded with rogue traders and fake crypto exchanges.

Top tip: Always check that the firm or individual you are dealing with is authorised and regulated by the Estonian Finance Inspector before you do anything. The Finance Inspector has a list of companies it regulates here.

Romance scams

People strike up fraudulent relationships with people through dating websites, Facebook, LinkedIn, and even some online scrabble games. Catfishing is a technique used in romance scams, where fraudsters create fake identities to build relationships with victims. They build trust over weeks or even months, and then they start asking for money. If you’ve watched Tinder Swindler, then that’s a prime example of romance fraud!

Purchase scams

Advertised goods or services that don’t exist, and a fraudster asking for direct bank transfers via fast payments to secure items. Fake websites are commonly used in purchase scams to trick victims into purchasing goods or services that don’t exist. This can range from puppies to cars, holidays, concert or sports tickets and even advances for rental properties. Fraudsters use platforms like Facebook marketplace and WhatsApp to defraud their victims.

How can I spot scams and avoid them?

It’s important to understand that everything, and we mean everything, can be faked. Whether it is websites, text messages, phone numbers, online ads and social media profiles, criminals have the tools to make their copycats look professional. Malware, or malicious software, is often used by fraudsters to gain access to victims’ information and should be avoided by not clicking on suspicious links. Forming good security habits to keep your information safe is the best way to avoid trouble from the outset:

1. Think twice about any unexpected message or call, especially if it makes worrying claims and asks you to take urgent action.
2. Don’t be afraid to stop a conversation if you feel overwhelmed. Criminals know that if they say someone is stealing from your bank account, for example, it’ll cause panic, which is when people are more susceptible.
3. Don’t click links in emails or texts unless you’re sure they are genuine. Most genuine companies’ emails will never link to pages that ask for passwords or account details. It’s a good general rule to go to the site from the search engine if you need to log into an account.

What are some of the cleverest scams we’ve seen recently?

Bank impersonation

Fraudsters know they can instil panic and fear if they call you, pretending to be from your bank and saying there is an issue with your account. Account takeover is a typical result of bank impersonation scams, where fraudsters gain control of a victim’s bank account. 

Sadly, victims don’t make rational decisions or question what is being asked of them, especially if they think you might lose money. It’s in our nature to trust, so victims comply with requests without taking time to verify the caller is actually from the bank. 

Fraudsters can sound very convincing, so it can be difficult to spot.

Multi-stage scams

Criminals are exploiting the personal information they get hold of and can link scams together to defraud the same victim multiple times. Data breaches often provide the personal information used in multi-stage scams, making it easier for fraudsters to target victims. 

For example, parcel delivery text message scams are common scams that request payment of a few pounds to release a fictitious delivery like Omniva or Smartpost. The victim then receives a subsequent call claiming to be their bank or law enforcement and asking them to move their money to another bank to prevent fraud. 

During this call, the fraudsters will quote the victim’s personal and banking information obtained at the previous stage with the parcel delivery scam. The caller, seemingly knowing everything about you, can make the story appear genuine.

Online purchase Scams

These aren’t the smartest scams, but they are very easy to fall victim to. 

Shopping online is quick and convenient; sometimes, all you have to do is click one button to make a purchase. However, since online shopping has become second nature, it can be difficult to stop and check that the site, advert, or retailer is legit before buying.

What are some red flags to watch out for?

Watch out for the following red flags:

• Being rushed into doing something.
• Being pressured into sending money.
• Offers that are just too good to be true with short sale periods or ‘limited stock’.
• Being told that your account is at risk or you owe tax to EMTA.
• Being offered guaranteed high returns on an investment.
• Being told that your internet or bank account has been hacked or is at risk.
• You will be told to download software so the caller can assist you with a payment, refund, or account setup.
• Being asked to read out codes sent via text message.
• Being given a rationale to disregard scam warnings from your bank.
• Receiving an electronic communication from either a personal or business contact providing a change of account details and requesting payment.

Social media scams are a common way for fraudsters to reach potential victims, often through fake profiles and messages.

Other frauds that you should also be careful:

• You are asked to disclose your personal information, ID-card codes, debit or credit card numbers, computer passwords. Information about your identity and passwords may be used to access your data, assets and savings. Do not keep your passwords in your wallet, on a post-it note stuck to your computer, or on a bank card.
• You lose your document(s). Your documents and their data may be used to dispose of your assets. It is therefore necessary to notify the issuers of lost documents immediately and to revoke them.
• You are selling buying, renting or leasing immovable or movable property (a flat, a house, a car, etc.). Smaller and seemingly low-cost companies or individuals may serve as a cover for skilled people who use front men to sell your valuable assets to a third buyer who buys them ‘in good faith’ and leave you without your money or property. In addition, you may fall victim to fraud when handing over money, as in place of money, you may be handed a stack of cash with banknotes at the bottom and the top but worthless paper in between.
• You are asked to sign an authorisation document for acting on your behalf. Do not give another person too broad a power of attorney. The authorisation document should also not include the right to delegate the authorisation (in this case, a third person who you don’t know or haven’t met could start acting on your behalf). Be aware that all obligations that the other person assumes under your authorisation will become your responsibility.
• You are asked to pay in advance for the delivery or acquisition of the ordered/purchased goods. The fraudster will take your money and disappear without sending you any goods.
• You are lending money. A written contract that specifies the transfer of money is of the utmost importance in collecting the debt, even when you think you know the borrower well.
• You are offered a well-paid job abroad. Many such agencies serve as a cover for individuals who collect the commission and disappear, or smuggle prostitutes under the cover of babysitting or cleaning jobs. The jobs that are offered may also be illegal.

What should I do if I think I’ve been a victim of fraud? What are my rights and where can I go for help?

If you think or suspect you have been the victim of fraud, your absolute first point of contact should be your bank, as they are the only people who can stop any more activity and start recovering your money. Fraud prevention involves protecting yourself and your accounts, such as contacting your bank immediately if you suspect fraud. If you notice anything unusual about your account or activity, contact your bank immediately using the number on the back of your card.

Sadly, most of the people we have spoken to advise us that their banks and credit card providers are not very helpful and often expect them to pay for fraudulent transactions!

Following this, you should file a crime report with the police. Fraud is a serious crime punishable by Estonian law.

If you become a fraud victim or are accused, it is recommended to consult a lawyer to protect your rights.