This last decade we’ve witnessed the internet revolution grow almost exponentially. It seamlessly seeped into every aspect of our lives. I think we could unanimously agree that the Internet has simplified things on many fronts, be it shopping, banking, investing, entertainment, and many more. And we seem to have kept up with this change quite remarkably. But so did the criminals. Harassing, fooling and cheating someone in real life is a concept from the past. Today, it is the internet where most crimes, now called cybercrimes, take place. This is further corroborated by the following statistics.

According to Australian government’s scam statistics, the number of reports logged for online frauds in 2019 is 75,645, and it is only six months down the year. Out of the 75,645 reports, a large share was against phishing. Besides phishing, the other threats that were listed in the top 10 list included investment fraud, false billing, identity theft, online shopping scams, lottery scams, hacking, identity theft, etc. Here, in this article, we aim to discuss these crooked ways of fraud and warn you well in advance about the ugly truth that the web sometimes hides. Shall we begin?



Phishing, pronounced and meant in the same way as the word ‘fishing’ in the English language, is a way to fish sensitive information from people online. Phishing sites use illegitimate maneuvers like mimicking a website in its look and feel to fool users and skip detection. A phishing website poses as a legitimate institution or entity to fool people into revealing their sensitive information, like credit card details, bank details, personal details, etc.

This information is, in turn, sold on the black market for a hefty price. Moreover, research has it that most phishing attempts are conducted over emails. So, if you have also received a credible-looking email calling you to take action urgently, there is a good possibility that this email would redirect you to a malicious phishing website.


Investment Fraud

The popularity of the internet can be attributed to its ubiquitous nature and also being the budget-friendly medium. To top it all off, the convenience the web provides is what makes it more desirable. No doubt, investors were attracted to look for investments online. As soon as investors moved to the internet, fraudsters were quick to follow. They left no stone unturned to get the investors hooked. From tall and false promises about potential returns to added benefits for bringing in more clients, they tried all.

These fraudsters either run away with the money or keep adding new conditions for the returns.

investment fraud



Another prevalent form of online fraud is the malware attack. The word malware is short for malicious software, which are basically files/programs that are potentially harmful to a computer or a site. These attacks are quite brutal ones and, in most cases, they could lead to serious loss of business and reputation for the webmasters.

Malware could be injected either by exploiting a vulnerability on a website or by bypassing its security by shrewd methods. Some of the common ways a hacker injects malware are with SQLi, JavaScript injection, malicious code injection, etc.


Credit Card Hacks

As a security company, Astra has seen way too many cases of credit card hacks. One way hackers execute this is by replacing the original form by a phishing form, which collects the customer’s credit card info and sells it on the black market. Other times, the payment method is manipulated. As a result of this, the payment by the customer does not reach the seller, but due to the manipulation in between, it gets credited to the hacker. For e-commerce, this can be a real cause for a headache. Normally this kind of hack does not come to light quickly, as the seller remains clueless unless someone reports a forgery to him.

credit card fraud-1


False Billing

False billing is a form of fraud where bad actors come up with fake reasons to charge you money. These reasons may seem valid as they are highly targeted to customers with relevant needs, choices, etc. An example would be license renewal requests being sent to people with vehicles. They can even ask for personal information and financial documents of the victim, which can then be used for identity theft.


Identity Theft

People do not shy away from sharing their personal information online. All of this information can be used maliciously, from small details and personal details like birthdays, anniversaries, and address to bigger identifiable details such as a driving license, voter’s card, citizen identity number, etc.


Lottery Scam

I’m not alone when I say that receive emails frequently telling me how I have won a lottery of millions. Just when I start to relish in the luck, the scammers tell me to deposit some money. So, I come to my senses and remember that I have not even bought a lottery ticket. If you also receive emails like these, then beware: this is a scam. No genuine lottery draws asks for prior payments from the winner. The payment is made after all charges and fees have been deducted. This is only a scammers way to extort money from you.

jackpot lottery fraud


How to Protect Yourself Online

The online space can turn out to be a cruel place if you are not vigilant enough. That being said, here are some of the best practices to utilize for a safer online experience staying protected from scams and their illicit ways.


1) Be more of a private person online.

Divulging every little detail about you and your life might not be an optimum choice, because bad actors can take that information and use it to their advantage. So, keep your social media account privacy settings on the stricter side. Anyway, it's better to be a mystery than an open book.


2) Change passwords often.

The online world is full of lurking bad bots and crawlers. These bad bots try to get past your website/account’s security. This process, in cybersecurity terms, is known as brute force. A unique password with upper case letters, lower case letters, numbers, symbols, etc. make for a strong password. But, you should still make sure to change passwords regularly in the case that they have been infiltrated.


3) Update software/websites regularly.

Many people overlook this simple task, but just updating your website to the latest versions can reduce the risks of it getting compromised. Moreover, updates are nothing but mended and patched versions of the discovered vulnerabilities. Hence, using an outdated version of a website/plugin/theme/software with a publicly known vulnerability could leave your website in grave danger of being exploited. Always be prompt with updates.


4) Be wary of unsolicited emails/messages.

The internet is teeming with messages and emails from unknown & unverified senders. Take the information provided in these unsolicited emails with a grain of salt. They seldom are true and legitimate.


5) Get a security solution.

If you are a website owner, solidifying your website’s security with a premium security solution is recommended. A rock-solid firewall, like Astra’s web application firewall, leverages continuous and comprehensive protection to your website and takes you one step closer to security. Astra firewall shields your website from SQLi, bad bots, XSS, CSRF, OWASP Top 10 & 100+ other coming threats. It monitors your website 24*7, and has a pretty easy to manage dashboard.


Clearly, the internet is intertwined in our day-to-day lives. To be honest, we cannot do without it, so shutting it off completely is not an option. Instead, we need to be more clever than the scammers. Be aware of their tactics and strive to have a more secure cyberspace.