What is cyber fraud?

Cyber fraud is a blanket term to describe crimes committed by

cyberattackers via the internet. These crimes are committed with the intent
to illegally acquire and leverage an individual's or business’s sensitive
information for monetary gain.

Cyber fraud examples

There are many different types of cyber fraud, but they all have one thing in
common: the use of technology to commit a crime. Here are just a few
examples of cyber fraud:

Phishing

Phishing scams generally center around malicious emails that, at first

glance, look like legitimate correspondence from trusted contacts. They
could be emails containing fake invoices, password renewal requests,
messages from HR or leadership, and more.

For example, a user may receive an email from HR prompting them to

update passwords by clicking a link. If the email is a phishing email, the link
will redirect the user to a site that looks legitimate but has actually been set
up by a cyber attacker. The user then adds their details, which the attacker
then uses to gain access to sensitive data and materials.
Malware

This is software that's designed to damage or disable computers. It can be

used to steal personal information, delete files, or even create backdoors
that allow cyber criminals to gain control of a victim's computer.

Ransomware

A type of malicious software cyber criminals use to encrypt a victim's files

and demand payment in order to decrypt them. This type of attack is
commonly carried out through malicious links or email attachments.

DDoS Attacks

All DDoS attacks have one common goal – to overwhelm a server or

network to disrupt the performance of a target site. They are commonly
carried out in the form of:

• Volumetric attacks: Consume all available bandwidth between the

intended target server and the internet to create a bottleneck. As their
namesake suggests, volumetric attacks are characterized by sending
a large amount of data using amplification, commonly with the help of
a botnet.
• Protocol attacks: Target weaknesses in the third and fourth layers of
a protocol stack by overwhelming server or network resources such
as firewalls.
• Application layer attacks: Attacks the layer in which web pages are
generated and delivered in response to HTTP queries.
Social engineering

In social engineering scams, criminals appeal to an individual's emotions in

order to manipulate them into divulging confidential information. Typically, a
criminal will begin these attacks by conducting research on their intended
target, gathering information on the individual through social media and
general search queries.

Once they have identified a target's wants or needs, they will reach out to
the individual via social media, email, or phone, offering a service. Once
contact is made, the cyberattacker will attempt to gain the individuals
confidence and prompt them to divulge sensitive information that can give
them access to personal accounts.

The dangers of cyber fraud

Cyber fraud is on the rise. From spear-phishing and ransomware to
CEO email fraud and business email compromise, the most dangerous
cyber fraud attacks all begin with an email. Email scams are successful
time and again because they target your weakest link: people. Despite all
your efforts and technology to stop scam emails, it only takes one user's
lack of vigilance to enable cyber fraud attack.
The impact of cyber fraud can be devastating. Fines and legal trouble are
the result when sensitive material like customer information and personally
identifiable information is stolen. A CEO spoof email can trick an
employee into wiring large sums of cash to a fraudulent account. And the
disruption to business from ransomware and other cyber fraud attacks may
lead to loss of business, customers and revenue.
Combating cyber fraud requires a multilayered approach that combines
technology, training and expertise. That's why companies around the world
turn to Mimecast for solutions to stop email-borne attacks.

How can you prevent cyber fraud?

You can help protect yourself against cyber fraud and prevent attacks with
a few simple steps:
1. Keep software and devices up to date to ensure your systems have the
most up-to-date security enhancements.
2. Make sure all your devices are equipped with antivirus and malware
protection software.
3. Use different and unique passwords for all your accounts. Don’t make
them the same, and avoid using predictable passwords such as birthdates
or names.
4. Enable two-factor authentication to your passwords to add an extra
layer of protection.
5. Back up your data on the cloud or external drive.

Stop cyber fraud with Mimecast

Mimecast offers a comprehensive service for email security, archiving and
continuity, delivering an all-in-one solution for defending against cyber
fraud.
It starts with technology. Mimecast uses sophisticated detection engines
and threat intelligence to identify known and emerging threats and
prevent them from reaching your email system. Mimecast's suite of security
services includes solutions to combat advanced threats like cyber fraud, as
well as anti-malware and anti-spam software for more routine threats.
Mimecast also offers technology for preventing data leaks and for sending
email messages and large file attachments securely.
To better prepare users to defend against cyber fraud, Mimecast offers
Dynamic User Awareness tools that train employees to think twice before
they click on a link or open an attachment, and to better recognize the
signs of cyber fraud and email threats.
And because it may be impossible to stop every threat every time,
Mimecast offers continuous data protection for email and files through a
cloud archive, enabling you to mitigate the impact of a successful attack
and to provide users access to their data during an outage.

Mimecast tools for combating cyber fraud

Mimecast provides several tools that target the common techniques of
cyber fraud attacks.

• Attachment Protect scans all email attachments for code that may
be malicious, preemptively sandboxing suspicious attachments or
transcribing them to a format that is safe for users to read.
• URL Protect prevents users from clicking on links in email that may
download malware or load malicious websites.
• Impersonation Protect scans all incoming email for signs of
impersonation fraud, and blocks, quarantines or tags suspicious
messages with an alert or warning.