computer code

Introduction to Web Fraud

[text size=”1.2em”]
As applications move into the cloud and the web becomes more social, there are more opportunities for ‘bad actors’ to try to defraud your company or customers.
[/text]

[text size=”1.1em”]
There are infinite categories of fraud but, largely, they can be put into three categories:

  1. For Direct Monetary Gain
  2. Online Marketing, SEO or trashing the brand-attacks.
  3. Hacktivism
    [/text]

[text size=”1.1em”]
1. For Monetary Gain
Often a mix of online fraud and theft, this is commonly the act of receiving a payout or having a good shipped for free. It might be as simple as telling an online marketplace the good was never received and claiming a refund, or it could be more complex such as creating a script that continuously attempts to guess users’ passwords so that bad actors can take over an account.

2. Marketing

Spam comment marketing is everywhere from pharmaceuticals to gold Rolex’s.

Why do they bother, who clicks those? It’s likely bad guy marketers that are looking for ‘backlinks’ to boost their ranking on search engines. They want to be number one for ‘Cheap Rolex’s’. It’s also likely that Cheap-Rolex-4-u.biz falls into a Monetary Gain fraud category.

Brand Attacks

A rising fraud involves trashing the competition or buying positive reviews for their own company.

Be kind to your users! False reviews may seem harmless, but users should be able to trust your reviews and ratings. If they don’t, they’ll go elsewhere. Then there are the hard working businesses; a couple of negative reviews can put a restaurant out of business.

The web is increasingly concerned with positive reviews, what was the last time you bought something on Amazon without checking them? Don’t fall victim to brand erosion.

3. Hacktivism

Hacktivism is slightly removed from fraud. It’s true that a bad actor will often test the water and push the boundaries of your system while disguising their real identity, however the motives may not be strictly financial and are often aimed at defacing an external website or gaining access to internal systems.[/text]