A man who was seeking romance
Met a scammer by curious chance
She took all his cash
In a digital flash
Now he’s wary of online finance
– online wisdom
The internet has changed how people live their lives and carry out business. This has not gone unnoticed by nefarious actors and levels of internet-linked financial crime have soared across the globe. Dealing with online financial crime often requires international cooperation between entire countries but there are still positive steps that individuals can take to protect themselves.
In many cases of online crime, the weak link is revealed to have been user error instead of a technological flaw. In fact, the chance that a sophisticated attacker gains access to a private individual's systems using technical measures is surprisingly low. Unreported exploits, technical flaws in systems that there currently exists no remedy for, are very valuable and are most effective when saved for targeted attacks against high value targets like large enterprises and governments.
Instead, the main threat that the general public face is social engineering and password attacks.
The most common way that a member of the public’s systems are maliciously accessed today is through reuse of a known password. Password lists collected in previous cyberattacks of large websites and other companies are available online and can be cross referenced to find common login and password details for future attacks. Website operators can apply a variety of techniques to reduce the damage if their password database is stolen but these are outside of the user’s control. The best thing a user can do is maintain password discipline – ensuring that a password breach on one site is not then used to unlock every other service with that same password.
Passwords are a paradox. A strong password tends not to be memorable and a memorable password is often quite weak. A good compromise is to use passphrases which are memorable as they consist of regular words but are still difficult to guess due to the overall number of characters involved. Of course, if a breach means the attacker has a copy of the password itself then the strength of the password is irrelevant. That means that a sensible internet user will have many passwords, both varied and strong, to remember. This can be an impossible task and the tool to solve this is a password manager.
A password manager is an organisational piece of software which holds encrypted log in details so that the user only has to remember one set of log in credentials with the rest automatically provided when needed. Both free and commercial options exist but all provide the same service – secure password storage.
It is impossible for a regular user to guarantee that the administrators of every service they use on the modern internet will never suffer a data breach but by ensuring that the exposed password cannot open any other service they are able to significantly reduce the resulting damage. To reduce the risk that a password has been quietly compromised it is good practice to regularly change your passwords.
While unreported exploits, often called zero-days due to the lack of warning before they are deployed, are valuable and carefully stockpiled for high value attacks, once the exploit is public it will often be widely adopted in automated attacks against the internet as a whole. For these, keeping systems updated and supported is key.
All modern computers and smartphones have automated update systems and can even be configured to apply these automatically. A private individual should generally apply all suggested security updates from their operating system vendor unless otherwise instructed. These security updates incorporate software changes which defuse these newly revealed vulnerabilities. If a system is not kept updated malicious actors can potentially exploit the vulnerabilities to gain full access to the device. At this point no amount of password discipline will protect your data.
In addition to keeping your system updated, it is important to maintain the security of devices and networks
High risk online behaviour can increase your exposure to these automated exploits and identify you as a potential target for scams. Unfortunately a lot of online behaviour is now classed as high risk. Online sales and dating websites are both common avenues for scammers to find targets and, sadly, the best defence is to be sceptical and use your regular judgement. There is no magic bullet solution for con artists.
Scammers may use extremely involved tactics over a long period of time. The pig butchering scam is a long-term con which combines many styles of attack into a personalised attempt to extract money from the target. This often progress from a romance scam, gaining the target’s confidence, into a cryptocurrency scam, relying on the target’s greed or desperation to extract money.
The best way to defend against scams is to spot it early. Suspicious email is a common source of scams. Phishing scams rely on tricking users into voluntarily giving over their credentials by pretending to be a legitimate service. Once that information is stolen it can be used to craft personalised messages to progress the crime or
A phishing email inherently needs to appear convincing but there are often red flags. Research shows that scammers will intentionally insert warning signs into messages as a way of filtering out more discerning users. If a message is poorly spelled, incorrectly formatted or makes factual mistakes you need to trust your gut and consider whether or not the email is truly from the claimed sender. When in doubt, do not click any links in the email and, if necessary, contact the purported sender directly by sending them a new message.
Online shopping and banking are more and more essential as physical services are removed in favour of digital alternatives. There is always potential for problems when dealing with financial services but taking the precaution of sticking to reputable and well-known websites which use transport level security to encrypt your traffic improves your chances substantially.
The growing amount of online crime and the increasingly serious consequences of those crimes means that everyone now must take their digital safety more seriously than ever. Digital safety is an ongoing process which requires continual maintenance and awareness to be effective with lapses potentially being harshly punished. However, with care and planning and judgement it is very possible to take advantage of the convenience and speed of online services without becoming a victim of crime
© 2025 Stephen Rice