Cyber Fraud Schemes: Modus Operandi, Tools and Techniques, and the Role of European Legislation as a Defense Strategy
Authors: Papathanasiou Anastasios, Liontos George, Liagkou Vasiliki, Glavas Euripides
Abstract:
The purpose of this paper is to describe the growing problem of various cyber fraud schemes that exist on the internet and are currently among the most prevalent. The main focus of this paper is to provide a detailed description of the modus operandi, tools, and techniques utilized in four basic typologies of cyber frauds: Business Email Compromise (BEC) attacks, investment fraud, romance scams, and online sales fraud. The paper aims to shed light on the methods employed by cybercriminals in perpetrating these types of fraud, as well as the strategies they use to deceive and victimize individuals and businesses on the internet. Furthermore, this study outlines defense strategies intended to tackle the issue head-on, with a particular emphasis on the crucial role played by European legislation. European legislation has proactively adapted to the evolving landscape of cyber fraud, striving to enhance cybersecurity awareness, bolster user education, and implement advanced technical controls to mitigate associated risks. The paper evaluates the advantages and innovations brought about by the European legislation while also acknowledging potential flaws that cybercriminals might exploit. As a result, recommendations for refining the legislation are offered in this study in order to better address this pressing issue.
Keywords: Business email compromise, cybercrime, European legislation, investment fraud, Network and Information Security, online sales fraud, romance scams.
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 240References:
[1] Europol, "Internet Organized Crime Assessment (IOCTA)", 2023, Retrieved August 2, 2023, from https://www.europol.europa.eu/cms/sites/default/files/documents/IOCTA%202023%20-%20EN.pdf
[2] Al-Musib, Norah, Al-Serhani, Faeiz, Humayun, Mamoona, Jhanjhi, Noor. "Business email compromise (BEC) attacks." Materials Today: Proceedings, vol. 81, 2021, pp. 647. doi: 10.1016/j.matpr.2021.03.647.
[3] Arumugam, Nalini, Mohamad, Faizah, Shanthi, Alice, Dharinee, Sai. "A Study on Online Shopping Scams." International Journal of Social Science Research, vol. 10, 2021, pp. 22. doi: 10.5296/ijssr.v10i1.19290.
[4] Nomleni, Kristin. "Analysis of The Romance Scam Phenomenon in Interpersonal Communication Love Scammers and Victims."Volume 12, 2023, pp. 202-221. doi: 10.35508/jikom.v12i2.9179.
[5] Nomleni, Kristin. (2023). Analysis of The Romance Scam Phenomenon in Interpersonal Communication Love Scammers and Victims. 12. 202-221. 10.35508/jikom.v12i2.9179.
[6] Eurojust. "Eurojust Guidelines on How to Prosecute Investment Fraud.", July 2021, Retrieved August 1, 2023, from https://www.eurojust.europa.eu/sites/default/files/assets/eurojust_guidelines_how_to_prosecute_fraud_07_2021.pdf
[7] Marguerite Deliema and others. "Profiling Victims of Investment Fraud: Mindsets and Risky Behaviors." Journal of Consumer Research, vol. 46, issue 5, February 2020, pp. 904–914.
[8] Fadhil, Hassan. "Social engineering attacks techniques." International Journal of Management Science and Engineering Management, 2023, vol. 3, pp.18-20.
[9] Brandão, Nuno. "The right of defence under Regulation (EU) 2018/1805 on the mutual recognition of freezing orders and confiscation orders." New Journal of European Criminal Law, vol. 13, 2022, pp. 203228442210843. doi: 10.1177/20322844221084334.
[10] Olber, Paweł. "The European Investigation Order as a mechanism for international cooperation in criminal cases to combat cybercrime." Przegląd Policyjny, vol. 137, 2019, pp. 174-187. doi: 10.5604/01.3001.0014.2406.
[11] Geraci, Rosa. "Beyond mutual recognition: the rules of joint investigation teams." Optime, vol. 13, 2022, pp. 29-40. doi: 10.55312/op.v13i2.378.
[12] James, Joshua I & Gladyshev, Pavel. (2016). A survey of mutual legal assistance involving digital evidence. Digital Investigation. 18. 10.1016/j.diin.2016.06.004.
[13] Cruz, Mario & Laguna, Jessica & Huillcen, Herwin & Vargas, Edgar & Valdivia, Flor. (2021). Implementation of an Information Security Management System Based on the ISO/IEC 27001: 2013 Standard for the Information Technology Division. 10.1007/978-3-030-63665-4_21.
[14] Sarma, Dhiman & Hossain, Sohrab & Alam, Wahidul. (2020). Bank Fraud Detection using Community Detection Algorithm. 10.1109/ICIRCA48905.2020.9182954.
[15] Aldawood, Hussain, Skinner, Geoff. "Educating and Raising Awareness on Cyber Security Social Engineering: A Literature Review." doi: 10.1109/TALE.2018.8615162.
[16] Srokosz, Michal, Bobyk, Andrzej, Ksiezopolski, Bogdan, Wydra, Michał. "Machine-Learning-Based Scoring System for Antifraud CISIRTs in Banking Environment." Electronics, vol. 12, 2023, pp. 251. doi: 10.3390/electronics12010251
[17] Carvalho, J.a.V.; Carvalho, S.; Rocha, A. European Strategy and Legislation for Cybersecurity: Implications for Portugal. Cluster 1060 Computing 2020, 23, 1845–1854. https://doi.org/10.1007/s10586-020-03052-y
[18] European Parliament, Cybersecurity in the EU: Overview of challenges and state of play, 2021, Retrieved August 3, 2023, from https://www.europarl.europa.eu/RegData/etudes/BRIE/20 107021/689333/EPRS_BRI(2021)689333_EN.pdf
[19] NIS 2: A new directive to strengthen cybersecurity measures in the EU, Retrieved August 14, 2023, from https://strike.sh/blog/NIS2-Directive-Cybersecurity
[20] Parliament, E. Directive (EU) 2022/2555 of the European Parliament and of the Council of 21 March 2022 laying down measures 1074for a high common level of cybersecurity across the Union. Official Journal of the European Union 2022, pp. 1–87