Europol publishes IOCTA spotlight report on online fraud schemes

Online Fraud Schemes - a web of deceitEuropol’s spotlight report on online fraud untangles the web of deceit surrounding online fraud schemes in the EU.  This report is the second in a series of Spotlight Reports released by Europol as part of the Internet Organised Crime Assessment (IOCTA) 2023.  Each takes a closer look at emerging trends in a specific area of cybercrime. Other modules within the IOCTA 2023 look at cyber-attacks and child sexual exploitation.

This new report highlights that online fraud schemes represent a major crime threat in the EU and beyond as online fraudsters generate multiple billions in illicit profits every year to the detriment of individuals, companies and public institutions.

Fraud schemes are perpetrated with the intention of defrauding victims of their assets using false and deceitful pretexts, or with the use of cyberattack techniques.  This results in the voluntary or involuntary transfer of personal or business information, money or goods to criminals.

From ATM attacks and account takeovers to skimming and shimming, the wide availability of crime-as-a-service has made this criminal activity more accessible.  Criminals show great versatility and adaptability in adjusting their modi operandi and modelling their narratives around socio-economic trends as well as current crises, taking advantage of emergency situations to create charity scams.

This report is an accompanying module to Europol’s IOCTA, which aims at providing and understanding of modern cybercrime to equip law enforcement with the knowledge to tackle it and keep people safe. It delves into the complexities of online fraud schemes and sheds light on how different schemes overlap and victimise targets multiple times.

Key findings:

  • Relay attacks targeting payment card chips (shimming) are increasingly detected.
  • Charity scams leveraging emergency situations have increased. This was visible during the COVID-19 pandemic, the Russian invasion of Ukraine and the earthquake in Türkiye and Syria.
  • Logical attacks on ATMs still occur in the EU, with criminal networks testing ways to exploit new vulnerabilities at the ATMs they target.
  • Fraudsters display sophisticated modi operandi, which are usually a combination of different types of fraud. Victims of fraud are often re-victimised within the same criminal scheme.
  • Social engineering techniques that fraudsters use have been growing in complexity. Criminals adapt their techniques according to the profile of the victim and the typology of fraud.

Europol’s response

Europol’s mission is to support EU Member States and cooperation partners in preventing and combating all forms of serious international and organised crime, cybercrime and terrorism.

In 2013, Europol set up the European Cybercrime Centre (EC3) to provide dedicated support for cybercrime investigations in the EU to help protect European citizens, businesses and governments from online crime. EC3 offers operational, strategic, analytical and forensic support to Member States’ investigations.  EC3’s dedicated Analysis Project Terminal, focused on the threat of online fraud schemes, supports international investigations and operations into fraud targeting various victims and payment systems in the EU and beyond.

EAST response 

EAST focusses on tackling cybercrime and terminal fraud through two of its Expert Groups – the EAST Expert Group on Payment and Transaction Fraud (EPTF) and the EAST Expert Group on All Terminal Fraud (EGAF).  EAST EGAF has worked closely with Europol to counter the evolving threat of Relay Attacks, and to publish guidelines aimed at mitigating the risk of logical attacks on ATMs.

Share this post

Website Sponsors

Euro Kartensysteme
link logo