Common online scams
It can be difficult to determine what is a fraud, and what is "just" misselling. In this chapter, we'll go through different forms of common online scams.
The strict legal definition of a fraud requires that four criteria, or requisites, are met:
-
A deception that causes the deceived person to do an act or omission that
-
to the detriment of the deceived and
-
profit for the deceiver. In addition, the
-
the deceiver had an intention to deceive.
There are a very large number of scam variants on the internet. In some, you are the one who unwittingly hands the fraudster money or information, in others, technical weaknesses in programs that allow you to be affected even though you are doing everything right. But if you are properly well-read, the risk is significantly reduced.
If you want to help reduce fraud, spread this guide to your friends and acquaintances, tip off the newspapers if you encounter fraud attempts – and always report it to the police if you are affected. Although many frauds occur from abroad and can rarely be investigated, at least the statistics are important.
3.1 Data fishermen
It is usually much easier to get you to provide the information a fraudster needs to be able to steal from you, than, for example, hacking your computer or breaking in.
Deceiving you in this way is done through so-called "social engineering". It's simply a matter of knowing which buttons to push to get you to voluntarily disclose information.
Data phishing can take place in a variety of ways – for example, through emails, text messages or phone calls. The basic thing is that the fraudster pretends to be someone you would be willing to give the desired information to.
3.1.1. Phishing
Phishing is a collective term for the various attempts at phishing that take place over the internet.
The most common phishing attempt is via an email, which pretends to be from a company you are a customer of. You will be prompted to visit a website to update your information. The site, in turn, is a cleverly executed copy of the real company's website. The fraudster sends their email to all the email addresses they come across. In the random selection, a few emails always end up right.
Phishing attempts can, for example, pretend to be from banks or payment services that claim that your account is being compromised and ask you to verify login details or streaming services that warn you that the service will be terminated if you do not update your card details, or from the Swedish Tax Agency that wants your information to refund taxes. Another option is to entice people with high compensation if you respond to a customer satisfaction survey.
It's also common for scammers to fish for login details for your email account, or your social media accounts. These can then be used in other scams that affect your friends and acquaintances.
If you suspect that an email is a phishing attempt, never click on links in it, never open it to download images, and never open attachments. If you do so, you risk confirming to the fraudster that your email address is active and thus worth selling or exposing to more fraud attempts. Opening attachments or visiting the scammer's website runs the risk of malicious code being installed on your computer (see section 3.7.2 on Trojans).
If you are unsure whether the email is a fraud attempt, you should never use the information in it to contact the company it claims to be from. These may be fake. Instead, type the web address from memory, or look up the phone number in the online directory.
Important! Don't be fooled by email.
-
Never send account numbers and credit card information by e-mail, or after being instructed to do so in an e-mail.
-
Make sure that the email address you're replying to actually goes to the person you think.
-
Never click on links without first hovering over it, so that you see the address the link really goes to. If the link description and the link do not seem to match, do not click.
-
Don't open attachments that you don't expect to receive, no matter how urgent it may seem.
Always ask someone else for advice if something seems suspicious.
Case: Hijacked account scammed friends
Helene had her Facebook account hijacked and two of her friends lost money to the fraudster who pretended to be Helene herself.
"I was watching TV in the evening when a close friend called and wondered what was really going on with the online banking codes, since we hadn't been able to sort them out via chat," says Helene.
"I said what, I'm talking to you on the phone and not a chat!" But she didn't understand what I meant, because I had chatted with her on Facebook!
How the fraudster got hold of Helene's Facebook is unclear, but it probably started with a hijacked email account. When Helene tried to log in to Facebook, her password was changed, and when she requested a new one, she discovered that she couldn't access her Hotmail account. It wasn't until three o'clock in the morning that she managed to regain control of the account.
The fraudster had managed to contact a dozen of her Facebook friends and ask for help logging in to the bank because she needed to pay bills. Most of them had sensed trouble and refused to hand over codes from their bank tokens, or asked control questions that the fraudster had not been able to answer. But the friend who suffered the worst lost SEK 17,000 from his account.
"She had thought, 'God, of course I had to help,'" says Helene. The scammer had persuaded the friend to send codes several times "because it hadn't worked". In this way, the fraudster both entered the bank and was able to sign the transfer.
"After she realized that she had been tricked, she felt really bad and didn't want to talk about it," says Helene.
The bank did not compensate Helene's friend for the lost money because she had given out the codes voluntarily. Another friend lost SEK 5,800, but the bank managed to stop the transfer.
Did you know that the codes from the bank security device are personal and cannot be used for someone else's account?
"Yes, I did. I get those codes to log in to my account," says Helene.
Helene's police report was dropped without any perpetrator being found.
3.1.2. Spear phishing
Spear phishing, unlike regular phishing attempts, is targeted at specific victims. It can be entrepreneurs, well-to-do people – or just random people.
If the scammer has found out background information about you as the target, the chances of the phishing scam will be successful. Finding out personal details about you and your circle of acquaintances doesn't have to be difficult. It may be enough to go to your Facebook profile. With the right information, the scammer can impersonate someone you know or do business with.
One of the biggest cyber thefts was uncovered in 2015, where hackers gained billions of dollars by manipulating ATMs. The scam started with fake emails to bank employees. E-mails that appeared to come from a colleague, but instead contained a Trojan that eavesdropped on the computer and found out how the bank's systems work.
Important!
No, absolutely nothing, company you are a customer of ever asks you to receive your details via email.
3.1.3. Smishing and vishing
Phishing using text messages is sometimes referred to as smishing. The setup is the same, but can be more successful because we don't expect fraudsters to have our mobile numbers.
For example, the buying and selling site Blocket has been hit by fraudsters who scanned ads where the advertiser's mobile number was visible, and then sent a text message with a link to a page where the advertiser was asked to provide their card details in order to get back an alleged double charge.
Phishing for information via voice calls on the phone is called vishing. Again, it's all about getting you to hand over valuable data. By far the most common variant is so-called Microsoft fraud.
3.1.4 Microsoft fraud
Microsoft fraud is an attempt over the phone to get you to give up credit card details, allow the caller to take control of your computer, and/or install malware.
The scam has been targeting Swedes since at least July 2011, but has occurred in English-speaking countries long before. The way it works is that an English-speaking person, remarkably often with an Indian accent, calls seemingly random numbers.
The person who answers is told that it is Microsoft or Windows support that is calling, and that they have noticed that the caller's computer has been affected by a virus. The caller is stubborn and patient, and asks to control the computer remotely to indicate the virus infection.
Once the victim is convinced that something is wrong, the scammer says that the problem can be fixed for a small fee. When the victim has given out their card details, a larger sum is deducted instead, typically a few thousand kronor.
In theory, the fraudster can also use the remote control to install malware, although this seems to have been uncommon in the past. However, in April 2015, the police's National Fraud Centre reported that fraudsters are now stealing significantly larger sums of money.
Either through the card details provided by the victim, or by making bank transfers from the victim's online bank.
Around 20 people were affected by the new scheme every week, according to information from the banks, and individuals have lost as much as SEK 100,000. The police suspect that it is a case of new fraudsters who have modified the old method.
3.1.5. Facebook fraud
So-called Facebook fraud is a combination of several methods. It starts with the fraudster accessing someone else's login details to Facebook, through phishing, password guessing or other means.
Once logged in, the fraudster identifies the user's closest friends, and finds out their social security number. By studying chat logs, the fraudster can express themselves in the same way as the hijacked user. Then, chat messages are sent to the friends, asking for help. The friend/scammer claims to have lost his or her bank token, and wonders if the victim can use his own to help his friend log in.
The fact that bank tokens are personal and can only be used to log in to your own account is something many people do not know. Giving out the codes generated by the bank token gives the fraudster full access to the victim's bank account, which is then emptied through transfers to other accounts.
The victims can thus lose large sums of money from all their accounts, in the worst case several hundred thousand dollars, which the bank will not reimburse because they violated the terms and conditions by giving out their login information.
The method is very common, and unlike most other fraud attempts, it is done in Swedish and is carried out by Swedes. The scammers may hide behind anonymous networks and use goalkeepers who receive the money. However, several have been convicted in court.
3.1.6. False distress call
A so-called false distress call is a variant of spear phishing, where the fraudster has obtained login information to someone's e-mail account, or gained access to the e-mail account's address book.
From the hijacked email account, an imaginary distress call is then sent out to all contacts. Usually, it is claimed that the person has been robbed or had an accident abroad, and now needs to borrow money to be able to get home or pay a hospital bill. The money is to be transferred using a payment service such as Western Union.
The e-mails are usually written in machine-translated Swedish, and can therefore contain some oddities that make them easier to see through.
Several well-known people, including former Foreign Minister Carl Bildt, have been affected.
Important! Expose the Facebook scammer.
-
Never give out information from your bank card reader
– it is personal. -
Contact your friend in another way, such as by phone, if you think their profile has been hijacked. Asking control questions in the chat is not always enough.
-
Avoid your own friends being scammed by having secure passwords that you don't use in multiple places and watch out for phishing attempts.
-
If you or someone else is affected, act quickly to alert all friends and regain control of the user account.
3.2. Nigeria letter
What we today call Nigeria letters is a fraud of trust with roots as far back as the 1700s. The method is to send letters (faxes, e-mails) to more or less randomly selected people, tell them about some kind of hidden "treasure" and ask the recipient for help to get hold of the treasure in return for a share.
The first evidence of the method can be found in Eugène François Vidocq's memoirs, translated into Swedish in 1829. Vidocq, who earlier in his life was a notorious criminal, founded the French secret service Sûreté in 1812 and is considered the father of criminology.
The memoirs describe "what in the language of thieves is called the Jerusalem letter", which was sent to rich people. In an example of a letter, the sender tells how he had been a chamberlain to a marquis, and how they were forced to throw a bag of gold and jewels into a pond while fleeing from soldiers. The servant is now imprisoned, and asks for help to fish out the bag and send him some of the money.
Those who take the bait are told that there is a map in a pledged suitcase, and can the recipient please send money so that it can be redeemed? The victims then paid up to 1,500 francs, a considerable sum at the time.
Marie-François Goron, director of the Surete from 1887 to 1894, recounts in her memoirs (in Swedish 1899) "this classic deception [...] which thousands of newspapers have exposed, yet which always succeeds."
Goron describes how the deception has adapted to circumstances from the very beginning, from the Empress's hidden jewels to the famous banker who hid millions from his creditors before fleeing the country. The letters were usually sent from Spain, and even though he could show heaps of similar letters, there was always someone who chose to believe that the "treasure" was real.
Then, as now, the scammer tries to milk the victim for as much money as possible. There are always fees and complications on the way to the tax. Sometimes, victims even travel to meet the scammer, risking being blackmailed or even murdered.
The modern Nigerian letters became common in the 1980s, and were often about wealthy Nigerians in trouble. With the advent of the internet and e-mail, the phenomenon exploded, and today mass e-mailing of various types of Nigerian letters is a major industry in Nigeria, among other places. However, the method is used by scammers all over the world.
It is unclear what percentage of those who receive a Nigeria letter who allow themselves to be deceived. According to Vidoq, it was about one in five recipients, and Goron a hundred years later talks about 3-4 percent. For the completely random e-mails, the proportion is certainly much smaller.
There are theories that they are deliberately poorly designed, so that only the most gullible will take the bait and the fraudster will thus avoid wasting time on those who do not pay.
However, it is wrong to call the victims of the Nigerian letters unintelligent. In Sweden, among others, CEOs of successful companies and a former minister have allowed themselves to be cheated out of large sums of money. The fraudsters know exactly which buttons to push in our human psyche.
As a rule, the victim is good at convincing themselves to continue sending money once they have started, in the same way that someone who invests in stocks that are depreciating in value has a psychological barrier to selling and taking the loss.
Often a third party is needed to point out the absurdity of the fraudster's promises, and even then some cannot accept that the "treasure" never existed.
Goron wrote in 1899 that deception always succeeds, "because it is based on the desire of men to gain much by risking little, even if they are to associate themselves with thieves and receive a large share of ill-gotten money." The fact that it may be stolen money is therefore of little importance to the person who takes the bait.
The Nigeria letters come in a number of different varieties, with something valuable to you as the common lure.
3.2.1. The Hidden Treasure
A classic Nigeria letter relates to current events such as war and accidents and entices with a buried or locked up fortune that can only be released with the help of the recipient. For example, it could be diamonds, gold, or money in a bank account.
One variant – which is even sent as regular letters to this day – claims to come from a law firm in, for example, Spain, where a person with the same surname as the recipient has died. The lawyer is now trying to find someone who is, or is willing to claim to be, the deceased's relative.
3.2.2. Dating fraud
Other variants target other types of treasures, such as love. Here, it often starts with a fake profile on a dating site and languorous emails that make the victim fall for the fictitious person. When it comes time to meet, complications inevitably occur that make the victim need to send money. Love may need money for a plane ticket, pay a hospital bill, or need a loan to be able to start a business in Sweden.
Often, the scammers claim to be successful men from rich countries, such as a senior U.S. military officer. Those who are deceived by the promises of closeness and love are strikingly often well-to-do women with high-status jobs. Just like regular Nigerian letters, many people invest so much emotionally in the relationship that they refuse to believe that the person they fell in love with is a fraud.
In Dalarna alone, the police report about ten cases in the past two years, where victims have been defrauded of anything from SEK 10,000 to 1.9 million. The number of unrecorded cases is probably very high, as many people are far too ashamed to report. At the same time, the emotional damage to those affected can be very great.
In addition to regular dating sites, contact can take place on social media such as Facebook, or via email. A woman who was contacted played along, and could notice that the scammer expressed himself differently in some messages – probably because different people were playing the role. Just like regular Nigeria letters, romance scams are an almost industrial occupation for scammers in some African countries.
In Sweden, fraudsters who deceive the victim financially with the help of love are called "sun-and-spring", after the signature "Sun and Spring" in the fraudster Karl Vesterberg's advertisement in a newspaper in 1916. There are many examples of domestic scammers engaging in this type of fraud, both where they actually initiate a physical relationship with the victim and where they only socialize remotely. Women also commit romance scams against men.
Hint! Don't be blown away by online love.
-
Be extremely suspicious if money is brought up, especially if it is to be transferred via payment services where the money cannot be traced.
-
Perform an image search on the images sent by the other party, see section 5.2.
-
Search in a search engine for the texts that the other party writes.
-
Ask someone you trust for advice if you feel you have difficulty being objective.
3.2.3 Pet Fraud
Advertisements for attractive pets can also be a Nigeria letter scam. Here, the animals – often pedigree cats or dogs – are found abroad and can be transported to Sweden for a fee that must be paid in advance. Once on the journey, various complications arise.
One example is the two women who saw an advertisement for two cats of the British Shorthair breed, which for SEK 3,000 could be delivered by plane from London. The animals were then allegedly stuck at various airports, and only when the victims paid $21,000 in various freight, quarantine and vaccination fees without receiving the cats did they realize they had been scammed.
If you buy pets, especially dogs, on an online ad, there are a few things you should watch out for. For more information, see section 2.11.
Hint! Check up on the pet.
-
Do an image search to see if the picture of the pet is stolen.
-
Ask to see pictures of the pet from different angles.
-
Never pay through payment services where the recipient cannot be traced.
3.2.4 Lottery fraud
It's hard to win a lottery that you haven't participated in. Even so, the variant with the fake lottery win works well. The purpose, just like in the other Nigeria letter variants, is to lure you into sending money to the scammers for something you will never receive.
It all often starts with an email or text message from someone claiming to be a free online lottery. Alternatively, a large internet company, which raffles off money to advertise the internet. In one case in 2012, the message was even said to come from the Swedish Gambling Authority, announcing that the recipient had won on their email address!
The person responding to the contact attempt must provide contact information, attach an ID copy or similar. As a rule, it takes until the next step before the fraudster informs you that you have to pay a fee or tax in advance in order to receive the winnings. If you pay the first amount, you will soon receive demands for more fees.
In cases where text messages have been used for the first contact, it has happened that the recipient has been asked to reply with a keyword to a number, which is probably a premium rate number. Sometimes, the scammer even makes phone contact with the victims, in the same way that investment scammers do, to convince them that the prize is genuine.
In Sweden, the claim of a fake lottery win is used by, for example, the Postcode Lottery to get hold of elderly people's bank cards and codes. The fraudster first calls and then makes home visits.
3.3 Fraud against sellers
Anyone who posts things for sale on a buying and selling site can lose both goods and money. Here are the most common scams targeting sellers.
3.3.1 Non-payment
The simplest variant is that you as a seller send or hand over the item before you have received payment – and then never receive it. Never trust the seller's information that the money has been paid – a receipt or a screenshot can be falsified – but confirm for yourself that the money really landed in your account. A regular bank transfer – even if it's made in front of you – can be stopped by the buyer afterwards. A money order may turn out to be fake when you try to cash it. In section 2.7 you can read in more detail about what can happen to the seller of a vehicle.
3.3.2 The Bogus Intermediary
You are persuaded to hand over goods to someone who promises to sell them for you for commission. Even if you sign a contract, it doesn't help if the other party is a scammer who sells your stuff and keeps the purchase price for himself. The method is most often used when it comes to vehicles, but another example is the rogue auctioneer who disappeared with the money. If you advertise an apartment exchange, you may be contacted by a fake broker who offers help, but tricks those who come to the exchange viewings to prepay for black market contracts (which in turn are illegal).
3.3.3. The foreign purchaser
You will be contacted by email or text message by someone who – usually in English – will confirm that what you are selling is exactly what they were looking for. The buyer is in a foreign country but is willing to pay for shipping. The buyer sends a fake receipt from, for example, the payment service PayPal or Western Union stating that the money for the item plus shipping has been sent. You are then asked to transfer the money for the shipping to an alleged shipping company – which is fake. The method has been used on a wide variety of objects, such as a sofa, a bed, a local costume, firewood and a camera. Those who have allowed themselves to be deceived are often asked to pay even more money, for example for "insurance costs".
3.3.4 False check
Here, the fraudster takes advantage of the fact that it takes a couple of days or weeks for the acquiring bank to discover that a check is fake or has no funds. The scam may follow the same path as in the case of the "foreign buyer", or the buyer may apologize for the fact that the check happened to be for a higher amount than agreed and ask you to send back the excess amount. When the bank discovers that the check is unfunded, they demand a refund of the full amount they paid to you, including the money you had sent to the fraudster.
3.3.5 Triangle fraud
By exploiting an innocent buyer, the fraudster can use the triangle scam to pay for an attractive item that someone else is selling. It starts with the seller (1) being contacted by the fraudster
(2) and providing their bank account number or Swish number to which the purchase price is to be paid. Step two is for the fraudster to post their own ad with any item at the same price. In step three, one or more buyers
(3) will take the bait and be asked to pay to the first seller's account.
In the final step, the fraudster (2) makes an agreement with the seller (1) – who has now received the agreed amount into his account – to meet at a neutral place and hand over the goods.
If several buyers have paid, it is said that "it happened by mistake" and the seller is asked to include the excess amount.
When the deceived buyer (3) does not receive the product they have paid for and reports it to the police, the money is traced to the seller's (1) account, which is completely uncomprehending.
The method has also been used with the help of ID theft, when the seller (1) has been paid by sms loans taken out in the name of an innocent party.
The triangle scam works because it is not possible to check who a bank account number really belongs to. In cases where the payment service Swish has been used, the number has belonged to an unlisted prepaid card.
3.3.6 Identity theft
A copy of a driver's license or other form of identification can be used for fraudulent purposes. For example, it affected a person who sold a used computer online and was contacted by a buyer who wanted to know who they were doing business with before the purchase price was paid in advance. After emailing a copy of his ID card, the seller received loans taken out in his name.
3.3.7 Phishing
When you have paid for the ad on the buying and selling site, you will receive an email or text message claiming that you need to verify your card details, or that too much money has been deducted that you should get back. However, the website you are supposed to fill in the details on is fake, and the card details end up in the hands of scammers.
3.4 Fraud against buyers
The police usually say that we do things on the internet we would never do in real life. And that's probably true, because even though we're happy to send money to someone we've never met, we'd never hand over money to a masked person in a dark alley who promised to get back to us soon.
There are secure payment methods, where an intermediary keeps the money until the buyer receives the goods and is satisfied with them (see section 2.13 for more information). However, because they involve a little more hassle, and extra fees, most people still pay by transfer to a bank account or a Swish number. Even though we don't know who the recipient really is. In the vast majority of cases, it works out well.
3.4.1 Advance payment fraud
Probably the most common form of fraud in Sweden today is advance fraud: Tricking a buyer into paying for a product before the buyer has it in their hand.
For a fraudster, it is almost frighteningly easy: Post an online advertisement or auction of an attractive item at a good price, ask for payment to a bank account and promise that you will ship the item when you receive the money. Repeat five, ten, or 20 times to everyone who gets in touch with the ad before replacing it with a new one.
Most scammers post ads on things that many people are interested in, such as the latest mobile phone at a good price, computers, travel gift cards, apartments, dogs, designer bags – the list goes on. On more niche sites, or on the auction site Tradera, with its clear categories, even more unusual items can find many buyers.
For those who need money quickly – for gambling debts, addiction or just to live the flea – the advance scam is as easy as taking out a sms loan. In addition, there is seemingly less risk that the fraudster will have to pay back the money. Many deceived people do not report to the police, and due to the large number of reports, there is a great risk that the report will remain with the police for a long time, or simply be dismissed. A scammer can go on for a long time before getting caught, and the penalties are low.
There are variations, such as sending a brick in a package instead of the item. As a seller, committing the crimes under the identity of an innocent person. Using a "keeper" for the bank account, which is often the case when organised crime engages in advance fraud. A really advanced method is to create credibility on Tradera, which has a reputation system for buyers and sellers, by conducting some real deals and then blowing as many as possible before the complaints have time to come in.
From a purely police point of view, it is not particularly difficult to solve most advance frauds. The money usually goes to a bank account, which is remarkably often owned by the fraudster himself. Sometimes the fraudster is completely open about their identity towards the victims, but often a fictitious name and an unregistered mobile number, or an equally anonymous email address, are used. The reason why most fraudsters don't get caught is that the police have to be able to prove intent and have a hard time keeping up with all the reports.
3.4.1.1. False intermediary
Beware when a seller suggests that you use a secure intermediary to protect the payment. There are cases, particularly in the case of international fraud, that the intermediary is simply the fraudster himself. Instead, suggest an intermediary of your choice.
3.4.2 Purchase fraud
Instead of placing their own advertisement and defrauding buyers of money, a fraudster can contact people who have placed purchase advertisements. The fraudster persuades them that they have what they are looking for, and promises to send the item as soon as the payment has been deposited into a bank account.
The risk of being cheated out of an odd item is greater here than in the case of advance fraud, as the fraudster does not have to take into account any kind of market interest. There are examples of fraudsters who have been blocked by, for example, Blocket from posting ads themselves, but have continued their path by switching to purchase fraud.
3.4.3 Fake tickets and gift cards
Buying second-hand event tickets from private individuals is associated with great risks. Fraudsters can counterfeit tickets, or copy and sell a genuine ticket to multiple customers, which means that only the first person to enter through the gate will be admitted. It is also common for a buyer to prepay for tickets that they never receive.
The same variant also occurs with gift cards, for example for travel. Here, too, there may be a genuine gift card at the bottom, the validity of which you can check, but the one you receive may be fake or used up.
3.4.5 Housing fraud
In scams involving apartments or holiday homes, the fraudster demands a deposit or advance rent, but when it's time to move in, the fake landlord goes underground. In many cases, the scam is only discovered when you and other scammers are standing in the doorway.
The scam most often occurs in places with a constant or temporary housing shortage, such as large cities or cities with universities or colleges. For scammers with cottages, summer is the natural boom time. Holiday accommodation abroad is also available.
The housing fraudster advertises on both larger and smaller, more niche, advertising sites. Sometimes the information about the home is completely fabricated, with photos more or less randomly stolen on the internet. Sometimes all or part of the advertisement is stolen from someone who wants to sell or rent out their home, but with the contact details changed to the fraudster's.
To make it extra likely that you will take the bait, the fraudster sometimes arranges a viewing of an actual apartment – their own, or someone they themselves sublet or have borrowed.
There is also fraud in the sale of apartments. The risk of being cheated out of large sums of money is, of course, great when it comes to illegal rental contracts. In one case, the fraudster called a person who had placed an exchange advertisement claiming to be a broker and offered brokerage assistance.
The fraudster was then responsible for the viewings, and signed false contracts with several people, while the tenant who wanted to change was told that no one was interested.
Important! Rent a home safely.
-
Never let yourself be stressed by a good offer that is only valid here and now.
-
No serious landlord asks for money in advance before meeting their intended tenant and signing a contract. For advertisers on Blocket, it is even forbidden.
-
If you are going to rent a student apartment or summer cottage, it is safest to use an established agency.
-
Demand identification from the landlord when you meet – but keep in mind that fake ID cards are cheap and well-made.
-
Be extra vigilant if the landlord claims that they are abroad and cannot meet you.
-
Never send proof of your identity – such as a photographed ID card. If you do, you run the risk of your own identity being used in fraud.
-
Check that the apartment's address exists, and that the landlord is registered there. For a holiday home, you can do the same check of the owner and address.
-
Check that it really is the landlord's apartment, and that they have permission from the property owner or housing association to rent it out. Do not rely on the contact information provided by the landlord, but find out for yourself.
-
Check that the rent is reasonable and always sign a proper contract.
3.5 Investment fraud
Thanks to the principle of public access to official records, good knowledge of English and the fact that many people own shares, Swedes are grateful victims of so-called investment fraudsters.
It starts with you being contacted by phone and promised high returns through investments abroad, such as unlisted shares. The claims on the phone are backed up by names that resemble those of established firms, websites that look serious, or glossy brochures. The salespeople are usually very well-read, persistent and opinionated.
If you agree to invest, you can even see the price development of your fictitious shares on similarly fictitious marketplaces, or have ongoing information about the development sent to you. Only when you want to sell and take home the profit does it become a problem, and the money goes up in smoke.
Those who have been deceived once may even be subjected to new attempts, including through contacts with "new" companies that offer to be able to buy the shares – for a fee to be paid in advance.
Greenhall media's warning list includes the names of firms and fake authorities that FI and other countries' supervisory authorities warn about. The warnings are issued when companies try to operate in a market without having the necessary permits or without being registered with the regulator. The list, which contains hundreds of names, is far from complete and new names are being added continuously, FI points out.
Investment fraud from Swedish companies or private individuals also occurs. Sometimes they have been structured as pyramid schemes where those who were first in received both money and the promised return. Sometimes the person behind it has speculated away the money, or used it for their own luxury consumption.
How to avoid being scammed into an investment!
-
Beware of promises of unreasonably high returns. If something seems too good to be true, it almost certainly is.
-
"Guaranteed returns" and "safe investment" are promises that are worth very little.
-
In a world full of well-informed investors and talented venture capitalists, why would you be approached with a fantastic offer?
-
What's in it for the seller?
-
Don't rely on sources and links that the seller gives out as evidence, but do your own research.
-
Check that the counterparty has the necessary authorisations and is not on FI's warning list.
-
Don't be ashamed to ask someone knowledgeable, such as the Financial Supervisory Authority's consumer unit, about the investment offer you have received.
-
Read the checklist on fi.se under "The warning list – How to avoid being scammed".
3.6 Identity theft
Taking advantage of other people's identities is one of the most common fraud crimes in Sweden. A fraudster can use the "borrowed" personal data to, for example, order goods, sign up for subscriptions, apply for loans or carry out fraud against others.
The principle of public access to official records makes it easy for fraudsters to map potential victims with social security numbers and everything. If you are a victim of ID theft, you must dispute all invoices you receive in order to avoid being liable for payment.
You can never prevent you from being ID hijacked, however, there are steps you can take to detect the crime more quickly. Put a lock on your mailbox so that fraudsters can't steal bills or copies of credit reports from it. Sign up to receive the request copies by email instead.
There are also payment services that monitor changes in the population register to see if fraudsters redirect your mail, but beware of rogue monitoring services.
Checklist! If you receive goods ordered in your name.
-
Request fraud prevention from all nationwide credit reference agencies. Block your social security number for purchases from Svensk Distanshandel's members.
-
Contact the companies you are receiving requirements from and explain.
-
Report it to the police.
-
Be skeptical of those who sell identity protection services.
3.7 Malware
Malware is software that can simply make your computer do things it shouldn't. The three most common types are computer viruses, trojans, and worms. Common to all types of malware is that it either exploits security holes in the programs, or tricks you into letting them in yourself, so that they can take control of your computer.
Often, you won't notice anything special if you have malware on your computer. It is possible that the computer will run a little slower than usual, if the fraudster is also using it to spam or ruin things for others. There's also code that serves you fraudulent ads, which you may notice if you receive a "survey" that appears to come from the company whose website you just left.
3.7.1 Viruses
Computer viruses work just like viruses in nature. They "infect" program files by becoming part of them, and then "infect" further. Many of the early viruses were created just for fun to see if it worked, and did no harm. However, programming a virus is very complicated, and nowadays there are often other purposes, such as intercepting or deleting the information on your computer's hard drive.
3.7.2. Trojans
Just as the Trojan horse tricked the city of Troy's defenders into letting their enemies in, the Trojans of the computer world enter your computer, hidden in another program or file.
Unlike a virus, a Trojan can exist on its own, and is easier to program. Fraudsters use Trojans to, for example, eavesdrop on what you type on the keyboard, such as usernames and passwords, and pass the data on to their creator imperceptibly.
They can also be used to redirect your browser so that you log in to the fraudster's copy of your internet bank, thereby giving them the opportunity to log in for real and empty your bank accounts.
In 2015, many Swedes received an email purporting to contain an invoice for a large amount from a well-known consumer electronics store. However, the attached pdf file was infected with a Trojan that specialized in banking details.
Trojans can completely take over and remotely control your computer. Fraudsters who connect hijacked computers in a so-called botnet (bot as in robot) use this to send spam , or carry out denial-of-service attacks for extortion purposes.
One such attack is to send so many calls to the website that no one else can get through, which of course is very bad for companies that run their business on the internet.
A really nasty variant is Trojans that surreptitiously encrypt all the files on your hard drive. If you do not pay the ransom demanded, your files are lost forever. A milder version was the message many Swedes received a couple of years ago. The window that suddenly locked the computer claimed to come from the Police and the Government Offices.
The message claimed that they had been browsing inappropriate sites and had to pay a fine or face imprisonment. The same variant has now appeared on mobiles.
3.7.3 Worms
A worm is just like a Trojan a standalone program, but just like a virus, it spreads to new computers to infect. A worm that infects a computer can do about the same damage as a Trojan, but some worms do nothing more than spread further. Which can be bad enough, when mail servers and networks are overloaded.