Spotlight report untangles the web of deceit surrounding online fraud schemes in the EU.
Fraud schemes are perpetrated with the intention of defrauding victims of their assets using false and deceitful pretexts, or with the use of cyberattack techniques. This results in the voluntary or involuntary transfer of personal or business information, money or goods to criminals.
From ATM attacks and account takeovers to skimming and shimming, the wide availability of crime-as-a-service has made this criminal activity more accessible. Criminals show great versatility and adaptability in adjusting their modi operandi and modelling their narratives around socio-economic trends as well as current crises, taking advantage of emergency situations to create charity scams.
This report is an accompanying module to Europol’s IOCTA, which aims at providing and understanding of modern cybercrime to equip law enforcement with the knowledge to tackle it and keep people safe. It delves into the complexities of online fraud schemes and sheds light on how different schemes overlap and victimise targets multiple times.
Key findings:
- Relay attacks targeting payment card chips (shimming) are increasingly detected.
- Charity scams leveraging emergency situations have increased. This was visible during the COVID-19 pandemic, the Russian invasion of Ukraine and the earthquake in Türkiye and Syria.
- Logical attacks on ATMs still occur in the EU, with criminal networks testing ways to exploit new vulnerabilities at the ATMs they target.
- Fraudsters display sophisticated modi operandi, which are usually a combination of different types of fraud. Victims of fraud are often re-victimised within the same criminal scheme.
- Social engineering techniques that fraudsters use have been growing in complexity. Criminals adapt their techniques according to the profile of the victim and the typology of fraud.
Europol’s response
Europol’s mission is to support EU Member States and cooperation partners in preventing and combating all forms of serious international and organised crime, cybercrime and terrorism.
In 2013, Europol set up the European Cybercrime Centre (EC3) to provide dedicated support for cybercrime investigations in the EU to help protect European citizens, businesses and governments from online crime. EC3 offers operational, strategic, analytical and forensic support to Member States’ investigations.
EC3’s dedicated Analysis Project Terminal, focused on the threat of online fraud schemes, supports international investigations and operations into fraud targeting various victims and payment systems in the EU and beyond.
Source – Europol