Applied Sciences

Digital Fraud Protection Methods

There has been a significant increase in digital fraud cases in recent years. With the acceleration of digitalization, especially after the pandemic, individuals are becoming more frequently targeted online. Fake emails, impersonating banks, fake sweepstakes offered on social media, and attacks conducted via public Wi-Fi networks are endangering users' personal data. 
To raise awareness about digital security, we talked  with Assoc. Prof. Dr. Yasemin Bay, faculty member at the School of Applied Sciences at Cyprus International University, about digital fraud methods, ways to protect against them, and the most common mistakes users make. 
Bay outlined the digital threats we can easily encounter in daily life and the precautions we can take against these threats, and issued warnings about emails from unknown addresses, calls, and SMS messages from unknown numbers. Emphasizing the importance of strong passwords, Bay emphasized the need to be careful when using the internet in public areas and emphasized that data can be stolen while using charging stations. Bay also discussed fraudulent methods known as phishing, saying, "You should be suspicious of messages that come without any response. If something is one-sided, there's a problem."

1.    Has there been a recent increase in digital fraud cases? What are the most common ways people are being deceived? 
Yes, there has definitely been an increase in digital fraud cases. With the proliferation of digital environments, especially after the pandemic, a significant increase in digital fraud cases has been observed. People most often fall victim to scams through emails, text messages, social media messages, or fake shopping sites impersonating banks or government agencies, or hackers use these platforms to defraud people. Scammers create situations that force people to make hasty decisions, potentially overriding their judgment and leading to impulsive decisions. For example, they might say, "Your bank account has been hacked. Click this link now to enter your username and password." Or, conversely, they might defraud people with messages like, "Congratulations, you've won a great prize. Click this link and reply to this text message within a minute to claim your prize."

2.What should we pay attention to to distinguish a scammer's email or message from a legitimate one? 
The most important thing is the address. Incoming messages contain the sender's address. We must pay close attention to this, because the address extension can tell us whether the message is genuine. For example, an email claiming to be from a government agency should have the sender's address extension "gov.tr." Or an email from an educational institution should have the address extension "edu.tr." These extensions verify the message's authenticity. Because scammers cannot use addresses with these extensions, they send these messages to people from a fake address. Therefore, we should carefully examine the sender's address in incoming messages. No bank or government agency will ask for a password. If you have any suspicious information, you should contact your bank or institution yourself immediately instead of responding to the message.

3.Why shouldn't we trust callers who say, "We're calling from the bank"? How can we tell if a call is genuine from a bank? 
Yes, a bank can actually call us. However, when a bank calls, they never ask for our personal information or password. They won't ask us to tell them the code you received via SMS or to tell them your password. Banks will redirect you to voicemail in such cases, saying, "We're now forwarding you to voicemail. Enter the code here." However, we shouldn't share our password with anyone. 

In suspicious situations, you can hang up without sharing any information with the caller. If there's a representative at your bank who can handle your call, you can contact them and ask, "I'm calling from the bank. Is this correct?" Customer representatives often share their phone numbers with their customers. This allows us to maintain a more secure environment.
 

uku-dijital-dolandiricilik-korunma-web2

4. How reliable are the sweepstakes or free product promises we see on social media?

We all receive messages and notifications like these from time to time. Things like, "You've won the latest model of cell phone, pay the shipping fee," or "You've won the latest model of car, enter your password." If these messages are sent to us via text, it's important to verify that the message is from an official account, avoid sharing any personal information with the recipient, and never give or enter your card or social media passwords.

5. What are the most common password mistakes we make? What makes a strong password?

We often encounter "my password has been hacked" comments on social media. It can happen to anyone—friends, celebrities, or influencers. First and foremost, we need to use a strong password. It shouldn't be predictable. We should avoid easily guessable passwords like our birthdate, our parents' or child's name, or our birthdate. We should avoid simple passwords like "1-2-3-4." Many websites now force us to create strong passwords. For example, they require a minimum of 8 characters, symbols, and uppercase and lowercase letters. Even on sites that don't specify these, we can create stronger passwords by paying attention to these instructions.

6. Why can public Wi-Fi networks be risky? What should we be careful about when accessing the internet at a coffee shop? 
The internet we receive from our GSM operator or have installed at home is secure because the service provider that sells this service is also responsible for providing secure internet. However, the Wi-Fi connections we use when we go to a cafe, a restaurant, or in a public area are not secure. Attackers can easily access our phones or devices through these connections and steal our information. 

If we must use a Wi-Fi connection in a public area, we should never access our bank accounts or open accounts that require passwords. We should not make purchases or enter our credit card information while using that connection. We should only perform these transactions in locations with secure internet connections. 
We should also be very careful about the charging stations where we charge our phones. We don't know what's on the other end of the socket. We might connect our phone or device to another device while thinking we're charging it, and thus, we might unintentionally enable data transfer.

7.What should we consider before clicking on links we receive on our phones? How can we distinguish between real and fake links? 
Just like messages, links sent have an address extension. We should pay attention to this extension. If a link claims to be from a bank, we should ensure that the extension belongs to the bank, and if a link claims to be from a government agency, we should ensure that the address is legitimate. Sometimes, incoming links contain nonsensical addresses, and we should absolutely avoid such links.
 

uku-dijital-dolandiricilik-korunma-web3

8.What are the first steps we should take when we realize we've been scammed? 

If there's a banking-related scam, you should immediately call your bank and inform them. We should explain the situation by saying, "I visited this website and shared this information," so the bank can take immediate action. It's crucial to notify the bank before this process becomes protracted and dangerous. 

Data like identity and contact information can sometimes be stolen through e-government. Once this data is stolen, attackers can use it to access other information about our past. Therefore, if we suspect such a thing, we must report it immediately. We should change our password immediately. Similarly, if our social media accounts have been accessed, we should change our password immediately.

9.What should we do when an app or website asks for an ID photo or credit card information? 
This type of information can only be requested from official sources. Before sharing our information, we should ensure we are on an official website. Government websites and apps like Instagram may occasionally request this type of information. We must be very careful about sharing our information. I want to reiterate: we should pay close attention to the address in the address bar. We should not share this information without verifying it on an official website.

10. If we were to put it in a way that everyone can understand: Why can “things that look very nice” in the digital world be dangerous?
As we mentioned earlier, scammers can sometimes come up with very attractive offers. Like, "Congratulations, you've won a new phone, car, or computer." Or they might send links and say, "Congratulations, you've won a million dollars." However, in such cases, considering that you haven't contacted anyone or entered a sweepstakes, you should consider where and why you're being contacted. It's worth questioning this. 

Some sites, institutions, or organizations sometimes hold raffles or give away prizes. However, these are for advertising or to increase followers, and they ask you to like, share, and tag people in posts. In other words, you're expected to promote and thereby increase the visibility of that brand, institution, or organization. You should be skeptical of messages that come without any compensation. If something is one-sided, there's a problem.