Most of us are familiar with the old “Nigerian Prince” scam, a classic example of online fraud that many dismiss as an outdated relic of the internet's early days.
But fraud is far from outdated. In fact, 34% of people worldwide experienced a cyber scam in the past year, and about one in four of them lost money. Here in Cyprus, fraudulent payment transactions jumped by 34% in volume and 26% in value in just the second half of 2024, leading to €3 million in losses.
Fraud is not just a story you hear about, it’s real, it’s growing, and it can happen to anyone!
So, what is fraud? It is a deliberate act of deception intended for personal gain or to cause a loss to another party typically involving false claims, misleading information, or concealment of important facts to induce someone to act to their detriment. At its core, fraud almost always includes intent, deception and loss. Understanding these elements helps us recognize and guard against it.
Let’s have a look at the most common types of fraud backed by real cases to see how these work in practice.
In recent years, both the frequency and scale of fraud have been rising sharply. Fraudsters have moved their focus online, taking advantage of social media platforms and new technologies. Tools like AI, automation, and deepfakes now allow them to create highly convincing impersonations, often in multiple languages. At the same time, the growing use of cryptocurrency and other irreversible payment methods has made scams even more dangerous, since these transfers are fast, difficult to trace, and nearly impossible to reverse.
According to the Internet Crime Complaint Center (IC3), a partnership between the FBI and the National White Collar Crime Center in the United States, there were 860,000 fraud complaints in 2024 alone, leading to an astonishing $16.6 billion in reported losses. While the number of complaints rose by just over 10% since 2020, the total financial losses skyrocketed by 319%, showing that scams are becoming far more costly and damaging than ever before.
In 2024, 40% of all reported losses came from investment fraud, scams that trick people to invest into false opportunities such as fake retirement plans, Ponzi or pyramid schemes, or “guaranteed” high‑return investments. These schemes often promise to multiply your money quickly with little or no risk, which makes them especially tempting. Cryptocurrency fraud has grown alongside the crypto market itself. As the price of Bitcoin and other digital assets rises and becomes harder for many to access, fear of missing out (FOMO) drives people to chase the “next big coin.” Fraudsters exploit this excitement, luring victims with promises of quick profits and dreams of going “to the moon,” only to leave them with empty wallets.
It might seem logical to assume that younger people, with their constant use of technology, would be the main targets of crypto and other tech‑based frauds. But the data tells a different story. According to IC3, nearly one‑third of all fraud complaints with an age range attached, and about 40% of the total financial losses, came from victims over the age of 60. The same pattern holds true for cryptocurrency scams, where people aged 60+ also accounted for 40% of reported losses. While older adults seem to be more vulnerable, fraudsters don’t discriminate, they go after anyone they can. That means younger generations shouldn’t take this lightly either. In the end, everyone needs to stay alert and protect themselves.
So, what can you do to protect yourself from fraud? Unfortunately, there’s no single solution, but there are practical steps that can greatly reduce your risk. Here are ten golden rules to keep in mind:
Stop and Verify - Never rush to send money or share info. If you get an urgent request, pause and confirm it by calling the company or person directly using a number you already know.
Use Strong Authentication - Turn on two‑factor authentication (2FA/MFA) for every account that supports it. Use an authenticator app or hardware key instead of SMS whenever possible.
Protect Your Passwords - Use a password manager to create long, unique passwords for each account. Avoid reusing the same password. If one site is hacked, fraudsters will try it everywhere.
Monitor Your Accounts - Set up alerts for logins, transactions, or unusual activity on your bank and card accounts. If you see something suspicious, freeze or cancel your card immediately.
Avoid Risky Payments - Never pay strangers with gift cards, wire transfers, or cryptocurrency. These methods are favourites for scammers because they’re hard to trace and nearly impossible to reverse.
Keep your Devices Updated - Install updates for your phone, computer, and apps. Security patches close the loopholes that fraudsters often exploit.
Be Careful on Public Wi‑Fi - Avoid logging into sensitive accounts on free or unsecured Wi‑Fi. If you must, use a VPN to protect your connection.
Shred and Protect Personal Info - Don’t leave sensitive documents lying around. Shred old bills, bank statements, or anything with personal details to prevent identity theft.
Stay Alert to Scams - Watch for red flags: spelling mistakes, odd email addresses, strange links, or offers that sound unrealistic. If in doubt, don’t click.
Educate Yourself and Others - Talk to family and friends, especially older relatives, about common scams. Fraudsters target everyone, so awareness is key.
The above practices also apply to organisations and SMEs. Here are some additional measures that can further strengthen your company’s security resilience:
Segregation of Duties & Dual Approvals - Require dual authorisation for payments and eliminate single-person wire approvals.
Fraud Detection & Response - Deploy or outsource anti-fraud tools for transaction monitoring and anomaly detection and maintain a robust incident response plan.
Email Security & Staff Awareness - Implement SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail), and DMARC (Domain-based Message Authentication, Reporting & Conformance) to verify that emails are sent from authorised servers, ensure messages aren’t altered in transit, and block or flag unauthenticated emails.
Staff Awareness - Reinforce defences through regular anti-phishing training and simulated phishing tests.
To sum up, awareness is your best defence. Stay vigilant, and remember, if something seems too good to be true, it probably is!
* Petros Orphanides, CFA Society Cyprus
