Send us a message
Concepts and Types of Fraud

Basic Concepts and the Security Triad

To effectively understand how to protect yourself in the digital world, it is essential to consider the Security Triad foundational concept in cybersecurity. This framework consists of three interconnected principles that work together to ensure comprehensive protection against threats.

Confidentiality
At the core of cybersecurity, confidentiality ensures that sensitive information remains private and accessible only to authorized individuals. For example, using strong passwords and encrypting communications helps protect your data.
Integrity
Integrity plays a critical role in maintaining the accuracy and reliability of data. Without it, unauthorized alterations can compromise trust and disrupt systems. Regularly updating software and avoiding suspicious links are key to preserving integrity.
Availability
Finally, availability ensures that information and systems are accessible whenever needed. This involves measures such as reliable backups and proactive defenses against attacks like ransomware.
These three principles work together to create a strong defense mechanism. Understanding and applying the Security Triad reduces exposure to risks and improves the ability to identify and respond to threats.

Understanding Online Fraud

The below sections provides essential information to help you understand the risks and common types of online fraud. Criminals use persuasion techniques known as social engineering to manipulate individuals and trick them into falling for scams.

One of the most common methods is phishing, where scammers impersonate legitimate entities to steal sensitive information. Below, we outline the most common types of fraud, how to identify them, and how to protect yourself.

Social Engineering

The Art of Deception

Fraudsters exploit human emotions to steal information and manipulate victims. Learn common tactics and how to stay protected.

Social engineering refers to a set of techniques used by fraudsters to deceive individuals and gain access to sensitive information or systems by exploiting trust and emotions. It is one of the most effective strategies because attackers manipulate people into trusting them. Phishing is one of the most common forms of social engineering and involves sending fraudulent messages (such as emails or text messages) that appear to be from a trustworthy source in order to obtain personal or financial information.

Social Engineering: How Fraudsters Manipulate Emotions to Deceive

Social engineering refers to a set of psychological and manipulative techniques used by fraudsters to deceive individuals and gain access to sensitive information or systems. Attackers exploit trust and emotions, making social engineering one of the most effective fraud strategies.

One of the most common forms of social engineering is phishing, where scammers send fraudulent messages (such as emails or texts) that appear to come from a trustworthy source to steal personal or financial information.

Similar to how engineers use technical skills to build something, social engineering criminals "build" deceptive situations designed to gain the trust of victims and exploit their emotions. These tactics often play on feelings like fear, urgency, empathy, curiosity, or coherence, making people more vulnerable to sharing sensitive data or taking harmful actions unknowingly.

Key Elements of Social Engineering and Common Examples

Fear

Fraudsters create a sense of urgency by suggesting something serious will happen if the victim does not act immediately.
Example: You receive a text that appears to be from your bank, warning that your account will be closed in 24 hours unless you click a link to verify your information. The link leads to a fake site designed to steal your credentials.

Urgency

Time pressure prevents victims from thinking clearly or investigating further.
Example: A "technical support" email claims your computer will be locked in 15 minutes unless you download a specific program. In reality, the program is malware that compromises your system.

Empathy

Fraudsters exploit compassion or solidarity to manipulate people.
Example: You receive a message from a friend’s social media account saying they are stranded in a foreign country and need money to get home. In reality, their account was hacked, and the message is a scam.

Curiosity

Generating intrigue can effectively lure victims into traps.
Example: An email claims a package you weren’t expecting is being held and asks you to click a link for more details. The link installs malicious software on your device.

Coherence and Persuasion

Fraudsters present themselves in a convincing manner, using specific details to appear legitimate.
Example: A "representative" from a well-known company calls to confirm a suspicious transaction on your account. They use personal data that seems legitimate to gain your trust but are actually trying to steal more confidential information.

Why These Techniques Are So Effective

  • Human Nature: They exploit basic emotions like fear of loss or the desire to help others, often overriding logic.
  • Appearance of Authenticity: Fraudsters use logos, names, and realistic details to make their messages look trustworthy.
  • Initial Trust: They often present themselves as professional, friendly, or polite, lowering the victim’s suspicions.

By understanding these tactics, you can recognize and protect yourself from social engineering scams before they cause harm. Stay vigilant, verify sources, and never rush into sharing personal information.

The term social engineering refers to the psychological and manipulative techniques used by fraudsters to persuade or deceive people into providing sensitive information or granting unauthorized access. Similar to how engineers use technical skills to build something, social engineering criminals "build" deceptive situations designed to gain the trust of victims and exploit their emotions. These tactics often take advantage of feelings like fear, curiosity, empathy, or urgency, making people vulnerable to sharing sensitive data or unknowingly taking harmful actions.

Online scams and fraud through various communication channels are becoming increasingly common, making it essential to stay informed and alert to avoid falling victim to them. Below, I explain some of the most common types of scams and provide specific examples of each.

Phishing

Description: Phishing involves sending fraudulent emails or electronic messages that appear to be from trusted institutions with the intent to steal personal information.

Example: An email claiming to be from your bank states there is an issue with your account and asks you to click a link to verify your information. The link redirects you to a fake website designed to steal your login credentials.

What to Do?

  • Verify the sender: Ensure the email originates from a legitimate source. For instance, banks will never request sensitive information via email.
  • Avoid clicking suspicious links: When in doubt, access the website directly through your browser instead of using links in emails.
  • Enable two-step authentication: This adds an additional layer of security to your account.

Smishing (SMS Phishing)

Description: Smishing involves using text messages (SMS) to deceive individuals and obtain personal or financial information.

Example: You receive a text message that claims to be from an online store, stating there is an issue with your order and asking you to click a link to resolve it. The link redirects you to a fraudulent page designed to steal your personal data.

What to Do?

  • Be cautious with unexpected messages: If you weren’t expecting a message from a store, it’s best to ignore or delete it.
  • Avoid clicking links in SMS: Instead, visit the website directly through your browser for any issues.
  • Verify with the company: Contact the store’s official customer service number to confirm the legitimacy of the message.

Vishing (Voice Phishing)

Description: Vishing involves fraudsters impersonating employees from trusted organizations, such as banks or service providers, to deceive victims into providing personal information.

Example: A scammer pretends to be a bank representative, claiming there has been suspicious activity on your account and asking you to confirm your card number and security code.

What to Do?

  • Avoid sharing sensitive information: Legitimate companies will never request personal or financial details over the phone.
  • Verify by calling the official number: Hang up and contact the company using the phone number listed on their official website.
  • Report the attempt: Notify the organization of the fraud attempt so they can investigate and take appropriate action.

Refund Calls

Description: Fraudsters contact individuals claiming they are entitled to a refund but require banking details or an upfront payment to process it.

Example: A scammer poses as a representative from a "refund agency," stating that you’re eligible for a refund but requesting your banking details or an initial transfer to complete the process.

What to Do?

  • Avoid sharing banking details: Legitimate organizations will not ask for sensitive banking information to issue refunds.
  • Be cautious of unsolicited calls: If you weren’t expecting a refund, it’s likely a scam.
  • Verify through official channels: Contact the company directly using their official number to confirm the legitimacy of the refund offer.

Card Charge Scams

Description: Scammers attempt to trick individuals into accepting fake charges on their credit cards, often pretending to be representatives of legitimate companies.

Example: You receive a message claiming there is an unauthorized charge on your card and are asked to provide personal details to "verify" the transaction. In reality, the scammer is stealing your information.

What to Do?

  • Never verify charges through calls or messages: If you suspect an issue, review your transactions directly via your bank’s app or website.
  • Contact your bank immediately: If you suspect your card is compromised, report the issue and request a replacement.
  • Enable transaction alerts: Set up real-time notifications from your bank to monitor charges and detect unauthorized activity promptly.

Identity Theft Scams

Description: Scammers impersonate trusted individuals, such as friends, family, or company representatives, to deceive victims into providing money or making payments.

Example: You receive a message from someone claiming to be a friend or relative, stating they are in an emergency and need you to send money immediately. However, the request is fraudulent.

What to Do?

  • Verify before sending money: Confirm the identity of the requester by contacting them through a different method, such as a phone call.
  • Report suspicious activity: Inform local authorities and the platform where you received the message to help prevent further scams.
  • Monitor and secure your accounts: Set up alerts for unusual activity on your social media and financial accounts to detect and respond to unauthorized access quickly.

Social Media Fraud

Description: Criminals exploit social media by creating fake promotions, sweepstakes, or ads to lure victims into providing personal information or making payments.

Example: A social media ad promises an incredible prize for entering a sweepstakes. Once you participate, you’re asked for personal information or a "registration fee," which is part of the scam.

What to Do?

  • Avoid sharing personal information: If the prize seems too good to be true, it probably isn´t real.
  • Verify the source: Ensure the sweepstakes or promotion is from a verified account or reputable organization.
  • Report suspicious activities: Notify the platform of fraudulent ads or accounts to protect others.

Technical Support Scam

Description: Scammers pose as tech support representatives, claiming your device has serious issues. They often request remote access or personal information to "fix" the problem, but their intent is to steal data or install malware.

Example: You receive a call or message claiming your computer is infected with a virus. The caller asks you to grant remote access or download specific software, leading to compromised data or malicious installations.

What to Do?

  • Deny remote access: Legitimate tech support will not request remote access unless you initiated the contact.
  • Verify authenticity: If you receive an unsolicited call, hang up and contact the company through their official customer support channels.
  • Use trusted security tools: Keep your antivirus software up to date and regularly scan your device for threats.

General Advice to Protect Yourself

  • If a stranger asks you to install remote access software or provide sensitive information, always verify their legitimacy before taking action.
  • Be cautious of unsolicited offers or alarming claims, especially those requiring immediate action or payment.

What is Remote Access Software Used For?

In legitimate situations, remote access software is used to:

  • Diagnose and resolve technical issues on computers or devices.
  • Assist with setting up equipment, networks, and applications.
  • Provide training or personalized support without requiring physical presence.

However, scammers exploit this tool by requesting remote access under false pretenses, such as fixing "security issues" or removing non-existent viruses. Once they gain access, they may:

  • Install malicious software to steal personal or financial data.
  • Manipulate the device to perform unauthorized transfers or access accounts without consent.

Important Recommendation: Protect Yourself from Unsolicited Remote Access

If you receive a call or message from someone claiming to be from a bank, online store, service provider, or any institution, and they ask you to install remote access software on your device, proceed with caution.

Practical Example

You receive a call from someone claiming to be "technical support from your bank" and informing you that suspicious activity has been detected on your account. They say you need to install a program to fix the issue.

In this case and all others:

  • Do not install the program.

  • Call your bank’s official number directly.

  • Report the incident and verify if there was a legitimate request or issue with your account.

Always remain calm and remember: protecting your devices and personal data is in your hands.

Important Note

This advice is not meant to hinder the legitimate work of technical support professionals who use remote software. On the contrary, the goal is to help people distinguish between legitimate services and those with malicious intent.

Our purpose is to ensure that users always communicate directly with legitimate institutions to receive professional service. In doing so, we not only protect users but also safeguard the reputation of honest companies, preventing fraudsters from using impersonation techniques, such as phishing, to deceive people.

Tips for better understanding!

Tips to Protect Yourself from Fraud and Information Theft

The deep and robust roots of a mighty tree reflect the solid foundation of knowledge in cybersecurity. These roots keep us grounded and protect us from scams and fraud.

Do Not Open Unsolicited Emails with Attachments

Avoid Suspicious Emails

  • Do not open unexpected emails from unknown senders that contain attachments. These files may contain viruses or malware designed to steal information.

Always Verify

If the email seems to come from a trustworthy institution, follow the instructions below:

  • Download VirusTotal on your laptop or PC.
  • To scan a document or image:
    • Right-click the file.
    • Choose VT4Browsers (VirusTotal).
    • Select Scan current page.
  • To scan a link:
    • Right-click the link.
    • Choose VT4Browsers.
    • Select Scan selected link.
Avoid Clicking on Links in Suspicious Notifications

Do Not Follow Links Directly

If you receive a notification with a link (e.g., from your bank or a social media platform), avoid clicking on it.

Access Through the Official Website

Open a browser, search for the official page of the institution, and log in there to verify any alerts or messages. This protects you from phishing links.

Dumpster Diving: Do Not Discard Important Documents in the Trash

Use a Shredder

Documents with personal or financial information should be shredded before being thrown away.

Avoid Dumpster Diving

Criminals may search through trash for valuable documents such as account statements or receipts. By shredding these documents, you reduce the risk of your data being stolen.

Use the Virtual Keyboard to Enter Passwords on Your Laptop

Avoid Keylogging

A virtual keyboard can help protect you from keylogging, a technique where malicious software records every key you press, including passwords.

How to Use It

Most operating systems have a virtual keyboard that can be activated from the accessibility or settings menu.

How to Avoid Someone Seeing Your Keyboard on Your Phone

Use Alphanumeric Passwords

Combinations of letters and numbers are harder for someone to detect if they are watching.

Activate Biometric Authentication

Use fingerprint or facial recognition to access sensitive apps and avoid entering passwords manually in public places.

Cover the Screen While Typing

In crowded environments, cover your screen with one hand while entering sensitive information.

How to Identify Scams

Verify the Identity

Always confirm that the person contacting you is who they claim to be. Do not trust links or calls until you verify their authenticity with the company through official channels.

Avoid Providing Sensitive Personally Identifiable Information (SPII)

Do not share sensitive personally identifiable information (SPII), such as ID numbers, birth dates, or bank details, unless you are absolutely certain of the legitimacy of the person or entity requesting it.

Investigate the Message

Look for warning signs such as spelling errors, an urgent tone, or unusual email addresses. Legitimate companies will never request passwords or banking information via email or message.

Contact the Company Directly

If you are unsure, call the company directly using the official number found on their website or other trusted sources. Avoid using phone numbers provided in suspicious emails or messages.

Report Suspicious Activity

Notify the company involved and, if necessary, report the incident to local authorities or consumer protection organizations.

Security Without Fear:

The Goal of Learning How to Protect Yourself

At Cyber Angel Security, we understand that discussing online risks can feel overwhelming at first. However, our goal is not to create fear but to empower you with the tools necessary to navigate the digital world with confidence and peace of mind.

Learning about cybersecurity is like learning how to cross the street safely; it doesn’t mean you should be afraid to go outside, but it ensures you are prepared to avoid dangers and make informed decisions.

Remember, education is key to empowerment, not limitation. With each small step, you become more prepared to enjoy the benefits technology offers, free from unnecessary worries. We are here to support you on this journey, helping you stay safer while pursuing what you love.

Concept of Network Segmentation

People with some experience using the Internet to work from home or manage a small online business

Network segmentation is the practice of dividing a network into smaller, isolated segments to enhance security, performance, and management. Each segment acts as an independent subnet, limiting data traffic between them and reducing the chances of an attack or issue affecting the entire network.

Types of Fraud That Can Be Prevented Through Segmentation

Phishing and Malware Fraud

If a device in one segment (such as an employee's device) gets infected, segmentation prevents the malware from spreading to the rest of the network.

Ransomware Attacks

Isolating critical segments like file servers or financial data makes it harder for ransomware to directly access sensitive information.

Unauthorized Access

Segmentation restricts access to specific resources, ensuring only authorized users or devices can reach them.

Social Engineering Attacks

While segmentation doesn’t directly prevent these attacks, it can minimize their impact by limiting what an attacker can access after compromising a device.

Data Exfiltration

Segmentation monitors and controls traffic, making it harder for sensitive data to be extracted undetected.

Example of Segmentation for a Person Working from Home or a Small Business

  • Isolating personal devices from work devices.
  • Protecting confidential data by limiting access from unauthorized devices.
  • Preventing attacks in one segment from affecting other devices.
  • Separating critical operations (e.g., sales, invoicing) from public access zones (like guest Wi-Fi).
  • Limiting the reach of attacks by restricting which devices can communicate with each other.

 

  • Step 1: Identify Needs

    • List connected devices (laptops, phones, servers, security cameras, etc.).
    • Identify which devices need access to critical resources and which do not.

    Step 2: Configure an Advanced Router

    • Use a router that allows you to create separate networks (e.g., VLANs or guest networks).
    • Example: Set up one network for work devices and another for personal devices.

    Step 3: Create Segmented Zones

    1. Work Zone:

    • Devices handling confidential data (e.g., work PC, printer).

    2. Personal Devices Zone:

    • Phones, tablets, and other personal-use devices.

    3. Guest Zone:

    • Wi-Fi for visitors, ensuring they cannot access work devices.

    Step 4: Configure Router Access Policies

    • Use the router’s firewall to allow or block connections between zones.
    • For instance, ensure the work zone cannot communicate with the guest zone.

    Step 5: Use Strong Passwords and Authentication

    • Protect each network with different passwords.
    • Enable two-factor authentication (2FA) on all work devices.

    Step 6: Monitor the Network

    • Activate alerts on the router to detect unauthorized access attempts.
    • Use tools like network monitoring apps to check traffic.

Situation:
Rose Mary works from home as a graphic designer. She also uses the same network for her personal devices and her children’s devices.

Implementation of Segmentation:
1. Work Zone:

  • Rose’s laptop and printer.
  • Always connected to a private network with internet access and her cloud services.

2. Personal Zone:

  • Phones and tablets belonging to Rose and her family.
  • Separated on an independent network so that, if a personal device is infected, her work remains unaffected.

3. Guest Zone:

  • A Wi-Fi network for visitors.
  • No access to Rose’s devices or internal traffic.

Some Other Benefits:

  • Personal devices cannot interfere with work.
  • Children and visitors cannot access sensitive work data.
  • If an attacker tries to access through guest Wi-Fi, they cannot reach work networks.

Situation:

Peter owns a café with a small office where he manages accounts, inventory, and invoicing. He also offers free Wi-Fi to customers.

Implementation of Segmentation:

1. Business Zone:

  • Office computer and point-of-sale terminals.
  • Connected to a secure, private network.

2. Customer Zone:

  • Public Wi-Fi configured on a separate network.
  • Limited to internet access only, with no communication to business devices.

3. Security Cameras Zone:

  • Cameras connected to a segmented network to prevent them from becoming an entry point for hackers.

Benefits:

  • Customers cannot access billing or inventory data.
  • If malware is introduced on public Wi-Fi, the office remains secure.
  • Security cameras are isolated, preventing attackers from using them to compromise other systems.

Professional and Ethical Considerations

It is essential, as a professional in the digital world, to understand the importance of protecting sensitive information. Personally Identifiable Information (PII) and Sensitive Personal Information (SPII) are key elements in building trust, both for yourself and for those who rely on your services.

Implementing strong data security practices demonstrates your commitment to safeguarding the security triad: confidentiality, integrity, and availability of information. By doing so, you not only showcase your professionalism but also contribute to creating a safer digital environment. This approach allows you to earn the trust and respect of your clients, employers, and colleagues, establishing yourself as an exemplary professional and a role model.

1. Router Capabilities

The router you choose should have advanced features to implement efficient segmentation. Look for the following:

  • VLANs (Virtual Local Area Networks): Allow traffic to be divided into different logical subnets.
  • Integrated Firewall: To set access rules between segments.
  • Guest Wi-Fi: Ideal for creating an isolated network for visitors.
  • Traffic Control: To prioritize critical devices or applications.
2. Security
  • Frequent firmware updates: Ensure the router receives support from the manufacturer to fix vulnerabilities.
  • Support for WPA3: The most secure encryption protocol for Wi-Fi networks.
  • 2FA authentication: To secure access to the router’s configuration panel.
3. Ease of Configuration
  • Intuitive graphical interfaces.
  • Clear documentation and accessible technical support.
4. Performance

Ensure the router has enough capacity to handle traffic from multiple segments without affecting overall performance.

 

5. Recommended Router Types

For Home Users or Small Offices:

  • TP-Link Archer AX6000: Supports VLANs, guest networks, and advanced management.
  • ASUS RT-AX88U: Compatible with Wi-Fi 6, parental controls, and basic segmentation.
  • Ubiquiti UniFi Dream Router: Ideal for advanced setups, with VLAN support and network analytics.

For Small Businesses with Moderate Requirements:

  • Cisco RV340: Excellent for VLANs, firewall policies, and security.
  • MikroTik hAP ac³: Flexible and customizable for advanced configurations.
  • Netgear Nighthawk AX12: High performance with support for isolated networks and traffic prioritization.

For Businesses with High Demands or Complex Setups:

  • Ubiquiti UniFi Security Gateway: Centralizes the management of segmented networks.
  • Fortinet FortiGate 40F: Offers advanced segmentation and enterprise-level security.

Logistical Suggestions to Simplify and Optimize Segmentation

Specific Steps to Configure Segmentation with a Router

1

Enable VLANs

Configure each segment as a separate VLAN. For example:

  • VLAN 10: Work devices.
  • VLAN 20: Personal devices.
  • VLAN 30: Guest Wi-Fi.

2

Assign IP Addresses to Each VLAN

Assign different IP ranges to avoid conflicts and improve traffic control. For example:

  • VLAN 10: 192.168.1.0/24
  • VLAN 20: 192.168.2.0/24
  • VLAN 30: 192.168.3.0/24

3

Set Firewall Policies

Create rules to allow or block traffic between VLANs as necessary. For example:

  • Allow internet access for VLAN 30 but block access to internal devices.

4

Configure Wi-Fi

Create separate SSIDs for each segment with unique passwords. Use descriptive names like “Office_Work” or “Guest_WiFi.”

5

Prioritize Critical Traffic

Use Quality of Service (QoS) to ensure critical applications (video calls, billing systems) are prioritized over less critical traffic.

6

Monitoring and Maintenance

Use the router’s integrated tools or external software to monitor traffic and detect anomalies. For example, use the UniFi Controller for Ubiquiti routers.

 

Final Recommendation

For optimal implementation, consider investing in a high-quality router that allows for future expansions and advanced configurations. If your network grows or requires enhanced security, you can also add a managed switch compatible with VLANs to extend the router’s capabilities.

Remember: Legitimate institutions will never request sensitive financial or personal information via phone, email, or text message. If you receive a suspicious request, verify directly with the institution before taking any action.
Quick Links
Company
SiteLock
Copyright © 2025 CyberAngle Security. All rights reserved.