3
EUROPOL SPOTLIGHT – ONLINE FRAUD SCHEMES: A WEB OF DECEIT
Key terms
ACCOUNT CHECKER: a soware tool that veries
the validity of login credenals – such as
usernames and passwords – for a parcular
service or plaorm. In online fraud schemes
(OFSs), an account checker is a bot that takes
lists of leaked or stolen credenals (e.g.
usernames and passwords) and tests them
against websites to access accounts.
BOT: automated soware that is programmed to
perform repeve tasks.
CARDING: fraudulent use of stolen credit card
data. Somemes called credit card stung or
card vericaon, it involves a series of mulple
aacks usually performed by bots (soware
used to perform automated operaons) to
idenfy which card numbers or details can be
used to make purchases. Thanks to the bots,
criminals are able to make parallel automated
operaons to aempt purchase authorisaon.
CRACKING TOOL: soware deployed to break
through security measures on systems
and applicaons.
DEEPFAKE: technology that uses arcial
intelligence (AI) soware to make synthec
duplicates of real people’s voices, images
and videos. In OFSs, deepfake is an
impersonaon technique.
MALWARE: soware that is designed to inltrate
computer systems or mobile devices without
the owner’s consent to gain control over the
device, steal valuable informaon or corrupt
data. The word is a portmanteau of ‘malicious’
and ‘soware’.
MAN-IN-THE-MIDDLE (MITM) ATTACK: the aacker
places himself between two communicang
pares and relays messages for them, while the
pares believe they are communicang with
each other directly and securely.
ONE-TIME PASSWORD (OTP): a password that is
valid for only one login session or transacon
on a computer system or other digital device.
The OTP is usually sent by banking instuons
to customers to authorise a money transfer.
Also known as a one-me PIN, one-me
authorisaon code or dynamic password.
PHISHING: a form of social engineering,
characterised by unsolicited communicaons
which appear to come from a reputable source
(oen impersonang a bank instuon, delivery
company or judicial authority). Generally, these
communicaons solicit payments or contain
malicious links that land on fraudulent websites
(either a domain created by the criminals or
a compromised legimate website). They
may also contain aachments that will install
malware if opened.
SMISHING: a form of phishing using text
messages or common messaging apps.
SOCIAL ENGINEERING: the main technique used
in OFSs. Social engineering means the use
of decepon to manipulate individuals into
divulging condenal or personal informaon
that may be used for fraudulent purposes.
It can take many forms, but always relies
on psychological manipulaon and
emoonal aacks.
THIRD-PARTY SHOPPING SOFTWARE: any
soware developed outside of the vendor’s
website or the vendor’s main website provider.
VISHING: a form of phishing using voice calls
and voicemails.