What is fraud?
Fraud is the intentional act of deception to gain a benefit, whether for an individual or an institution. It involves misleading or concealing the truth for personal or financial gain. Fraud can occur in various settings, including corporate offices, financial institutions, religious organizations, non-profits, and even sports leagues.
Why do people commit fraud?
Most fraud cases can be explained using the fraud triangle, a theory developed by Dr. Donald Cressey. According to this model, people commit fraud when three factors align: opportunity, financial pressure, and rationalization. Let’s break these elements down further:
Opportunity
People with access to systems, such as electronic or paper files, who can alter documents. There is a lack of checks and balances at work where one person can “do it all,” such as submitting and approving payment for invoices.
Financial pressure
Someone with financial pressure, such as medical or credit card debt, or pressure to live beyond their means. Someone who is battling an addiction or substance disorder and owes cash to various lenders.
Rationalization
People who rationalize the theft with thoughts such as, “This company owes me this because I work so hard,” or “I’m just borrowing it, not stealing,” or “They won’t miss the money. This company (or fund) has so much of it.”
Consequences of fraud
Fraud charges can be pursued through criminal or civil cases against fraudsters. When a criminal fraud case goes to trial, the perpetrator (fraudster) may be sentenced and sent to jail. Money may be recovered during a trial, and rights can be reestablished. Penalties from fraud cases can include forfeiting assets, restitution, hefty fines, prison time, and repercussions for the fraudster’s reputation.
Protect yourself online
Secure your traffic, boost your privacy, and block cyberthreats.
Common types of fraud
Here are some common types of fraud:
Financial fraud
Financial fraud is an umbrella term for scams that involve deceptive practices or criminal activity to steal assets. Financial fraud can include ATM scams, HELOC fraud, credit card fraud, IRS scams, wire fraud (including wire transfer fraud), insurance fraud, mortgage fraud, Ponzi schemes, ransomware, and embezzlement.
While some fraud schemes are quite straightforward, others can be difficult to detect. For example, salami fraud involves stealing small amounts, as little as fractions of a cent, from multiple transactions over time. Fraud techniques evolve constantly, leading to new threats like P2P fraud, enabled by peer-to-peer technology and, increasingly, blockchain.
Identity theft fraud
Identity theft is a serious and common offense. It happens when someone obtains your personal information, such as your name, credit card number, or Social Security number, and uses it without your knowledge or permission to commit fraud or other crimes. But it doesn’t just affect individuals — businesses can also fall victim. For example, in second-party fraud, a type of Identity theft fraud, the service provider’s employee uses their access to customer data to enrich themselves. Identity theft fraud mostly occurs online through phishing or cyberattacks, but it can also occur through social engineering and even mail.
Mail fraud
What is mail fraud, and how does it work? Mail fraud letters arrive in your mailbox and will ask you to send your personal information or money to receive a “gift” or other item. Mail fraud letters appear legitimate, but what they offer is fake. Examples of mail fraud can include letters for vacations, sweepstake winnings, prizes, and other rewards or valuable offers.
Business fraud
Business fraud commonly refers to fraudulent activities that occur within a company or organization. Businesses may use false or misleading information to commit fraudulent behavior. Examples of business fraud (also known as corporate fraud) include financial statement fraud, securities fraud, embezzlement, skimming, conflicts of interest, payroll fraud, diversions, bribery, tax fraud, and disbursement fraud.
On the other hand, businesses can also fall victim to business fraud. The CEO, as the most powerful person in the organization, is commonly targeted in cyberattacks. But, in CEO fraud, scammers will impersonate the CEO and other high-level executives to target the company's employees and customers.
Medical fraud
Medical fraud, also known as health care fraud, is fraud committed by patients, medical providers, or others. It aims to deceive the health care system and obtain illegal payments or benefits. Medical fraud includes identity theft or swapping, fake marketing, upcoding, unbundling, double billing, and phantom billing.
Consumer fraud
A business can experience fraud when scammers file deceptive claims, false disputes, or unauthorized chargebacks. Some cases of consumer fraud are quite straightforward and don’t involve hacking into systems or stealing credentials. For example, in friendly fraud, a customer makes a legitimate purchase but later disputes the charge with their bank. They may falsely claim that they’ve never received the product or that the transaction was unauthorized.
E-commerce fraud
In cases of e-commerce fraud, scammers exploit online marketplaces, auctions, and shopping platforms to trick buyers. For example, an auction fraud involves scammers posting fake listings for products they don’t own and certainly never intend to ship. This particular type of fraud then can utilize various techniques and tactics , such as bidding to inflate the price (shill bidding) and contacting the loser of the auction to give them another chance (second-chance scam).
A more advanced version of fraud compared to auction fraud is triangulation fraud. In this case, scammers set up fake online stores and offer goods at a discount. When a buyer places an order, the criminals use stolen payment information to purchase the item and send it to the buyer. This way, criminals end up with money, but the true cardholder is left to deal with fraudulent charges.
Because everyone now uses online transactions, cybercriminals have developed fraud into a business. Known as fraud as a service, it is a business model where scammers build and sell hacking tools, stolen payment information, and anything else needed to commit fraud. These resources allow virtually anyone to commit criminal activities, even if they don’t have the technical skills.
Want to keep learning?
Subscribe to our newsletter for cybersecurity news and online privacy tips.
Digital fraud red flags
Online fraud can be tricky to spot, but there are warning signs that can help you stay vigilant. Here are some key red flags to watch out for:
Unusual payment activity
When a cybercriminal steals credit card information, they’ll usually do one of two things: they'll either rush to redeem as many gift cards as they can or make a series of small payments with a variety of vendors. This tactic, called card testing, is a way to verify a card with small purchases before making a big one. If you ever get alerted about multiple transactions from unknown merchants, block your card immediately.
Suspicious login attempts
Online services use device identifiers to know which devices to trust. But that doesn’t stop cybercriminals from trying. In what’s known as credential harvesting attacks, they’ll steal or purchase user credentials to access their accounts. If a service detects a login attempt from an unrecognized device, you’ll usually receive a notification. If this happens, change your password immediately and enable multi-factor authentication (MFA).
Unexpected account changes
If a scammer ever gets into your account, they’ll likely want to change your account details first, such as your primary email, password, phone number, or payment method. It makes it harder for you to recover your account. Keep an eye out for notifications about sudden account changes you didn’t make. But stay vigilant — scammers also like to send fake alerts about account changes to steal your credentials.
Something that’s too good to be true
From the earliest days of the internet, fake jackpot alerts lulled users into forgetting they’ve never even played the lottery. These same tricks still work today. If an offer seems too good to be true, it probably is.
Your gut says so
While not scientifically measurable, intuition can be a valuable tool in spotting fraud. Sometimes, a website or email may appear normal, but something feels off. For example, the website looks fine, but you suddenly feel a sense of unease. You can’t pinpoint the difference, but it feels like it is. Your gut feeling is often based on subtle cues your brain has picked up — listen to it. If something doesn’t feel right, take a step back and double-check before proceeding.
How to protect yourself from fraud
Focusing on healthy cybersecurity habits is the first step in protecting yourself against fraud. It’s the best way to stop scammers from stealing your money or sensitive information.
Here are the best tips for maintaining cybersecurity and preventing fraud:
Beware of spam. Don’t open emails from unknown email addresses or senders. Contact the sender through other means if you’re unsure whether an email is legitimate.
Check the website's security. Ensure a website address is secure before inputting personal information such as passwords, Social Security numbers, account numbers, or dates of birth. You can install anti-phishing software to help you detect malicious URLs and avoid scams. Also, look for “https://” in the URL or verify SSL certificates.
Watch out for fake websites. Before entering your personal information online, ensure the site is legitimate and not a fake website built by scammers. Scammers commonly change a letter or number to resemble trusted website addresses closely.
Use cybersecurity tools. Tools such as Threat Protection Pro™ to help you block malware, phishing, trackers, and ads and protect your identity and money.
Keep your software updated. Update your software or operating system when software updates are available. New updates may include antivirus or firewall features.
Encrypt your traffic with a VPN. VPNs protect you from hackers by sending your internet traffic through an encrypted VPN tunnel, preventing them from reading your data.
Use password protection measures. Criminals often use account takeover to advance their fraud schemes. Use a password manager to create unique passwords for your accounts and enable additional security measures, such as MFA.
Anti-fraud systems. Many services already have built-in anti-fraud measures, such as behavior analytics. Enable additional security features like data encryption or identity verification whenever possible. If you suspect fraud or identity theft, consider filing an initial fraud alert.
Identity and access management. For companies, access management is a crucial process protecting from fraud. Most frameworks should include authentication, authorization, password, user provisioning — all key parts of enterprise fraud management.
What to do if you’ve become a victim of fraud
Victims of fraud should report it using the Federal Trade Commission’s (FTC) Report Fraud online tool. You can report a company, unwanted calls, or scams via their online form to the government. After submitting your report, it is sent out to over 2,800 law enforcers. The FTC then uses the data to investigate cases of fraud and bring cases against different scams, frauds, and bad business practices.
Online security starts with a click.
Stay safe with the world’s leading VPN
