The common types of cyber fraud and how to detect them

Cyber fraud can be very damaging for businesses, so it's important you understand the different types of cyber fraud and how to detect them.

Criminals commit cyber fraud with the intention of stealing or corrupting personal or financial information stored online. All businesses face risks from cyber fraud, no matter their size.

According to government research, 46 per cent of businesses suffered a cyber security breach or attack in 2019. It was higher among medium-sized businesses, at 68 per cent, while 75 per cent of large businesses were a victim.

In addition, a separate study by insurance company Hiscox said small businesses are the target of an estimated 65,000 attempted cyber attacks every day.

Businesses that are hit by a cyber breach face extra costs. This can include fixing computer systems, recovering data and paying for security experts.

The government research found the average cost of cyber security breaches for businesses was £3,230. For medium and large firms, it was £5,220.

Increased costs are not the only impact. Businesses can also suffer lost sales, reputational damage and disruption to operations.

Business owners need to understand the different types of cyber crime and the best practices for detecting them. Employees also need to be aware, so that the risks to the business are managed.

Types of cyber fraud and detection methods


Phishing is one of the most common types of cyber fraud. Cyber criminals, also known as hackers, use fake emails or text messages that trick users into sharing personal information such as bank details.

Phishing attacks are often part of an impersonation scam. Criminals pretend to be real businesses or people to tempt the user into sending money.

Common phishing messages include:

  • Pretending to be a bank or government institution asking for personal details to be urgently verified
  • Pretending to be a manager and asking employees to make payments into a fraudulent bank account
  • Intercepting a business' email conversations with a supplier and asking for payments to be made into a different bank account
  • Messages saying you've won a competition and need to provide bank details to access the prize

Cyber criminals often add urgency to phishing messages to encourage you to act. They might say that payments need to be made that day if you want to keep access to your account.

If you click on a link in a phishing message, it will usually take you to a fake website. Viruses can then be downloaded onto your computer or mobile phone. A virus is malicious computer code that can corrupt systems, destroy data or steal passwords.

Once your computer is infected, criminals can steal money from your business. They could also access other information such as customer email addresses and phone numbers.

Businesses can take the following steps to detect and stop phishing scams:

  • Check the sender details in the message as it could be a spoof email pretending to be from a genuine person. Look for spelling alterations in the name, email address or website domain name
  • The message might look like it's from someone you know but it could be because a hacker has accessed their account
  • Check for grammar and spelling errors, which can indicate it’s not from a legitimate organisation
  • If the message includes a link, hover over it, but don't click, so that you can see the preview of the site it’s sending you to
  • A legitimate company will never ask for your National Insurance number or PIN by email or text message
  • If it looks too good to be true, it probably is. Hackers will try to hook you in with irresistible offers
  • Check your business bank accounts often so that you spot any unusual activity. If you've lost money or details have changed, you might have suffered a phishing attack

Think about implementing procedures to improve the security of your payment processes. For example, employees could be told to confirm new supplier details in person or on the telephone to reduce the chances of being misled.

John Williams warns that today's social engineering threats are often designed to steal passwords

“Phishing attacks are very common and there's also social engineering. The old school method was where somebody turned up to your office and said they were here to check the alarms so you’d grant access. The new one is someone calling up saying they’re from XYZ company and asking you to confirm a password.”

John Williams, MD of Northstar


Malware is malicious software that can destroy, damage or exploit computers or computer systems. There are various types of malware including:


A virus is malicious software that attaches itself to a computer attachment or file. It stays dormant until the attachment or file is opened or used. It can then spread throughout your computer system causing damage and data loss.

Viruses can be spread by scam email and text message attachments and internet and app downloads.

Signs that your computer has been infected by a virus include:

  • It runs slow or programs take a long time to open
  • It regularly freezes or programs crash
  • You get unexpected pop-up windows that encourage you to visit unusual websites
  • Unknown programs start when you switch on your computer
  • Emails that you haven't created are sent from your account

Businesses should warm employees not to open suspicious attachments or install new software on company devices. They should be encouraged to check with team members if there’s any suspicion.


A worm is malicious software that replicates itself and spreads from computer to computer. Unlike viruses, worms do not need to be attached to a computer program to do damage. They work silently and infect the device without the user's knowledge.

Worms can delete or change files, take up hard drive space and allow hackers to seize control of a computer and steal data.

Worms can spread through vulnerable software as well as via links in scam emails and text messages.

To detect if a worm has infected your computer, these steps are recommended:

  • Check your hard drive space. As worms replicate, they take up free space on your computer
  • If your computer is running slow or programs keep crashing, it could be due to a worm
  • Check if any files are missing which a worm may have removed

It’s important that businesses have up to date virus protection software. Don’t put off making updates to software such as Windows. These updates often stop newly discovered viruses or vulnerabilities.


Cyber criminals use ransomware to lock a device or steal information. They then demand a ransom to restore access or return the information. Payment is usually demanded as a crypto currency such as Bitcoin.

Ransomware can spread in various ways. Methods include clicking on malicious links in an email or using an infected USB flash drive.

A famous example of ransomware is the 2017 WannaCry attack. It targeted computers running the Microsoft Windows operating system. Users were told to pay Bitcoin to get access to their computer systems, effectively shutting down operations for many.

There are various types of ransomware. They include:

  • Crytoware: A user is blocked from accessing their data and files. A ransom is then demanded to restore access
  • Scareware: Fake software appears to be genuine anti-virus software. The hackers claim they have found problems and ask for a payment to fix them
  • Doxware: Criminals steal sensitive personal data, such as photographs, and threaten to publish it online if a ransom is not paid

Even if you pay the ransom, the criminal may still not return your information or restore access to your data. The National Cyber Security Centre says: "Law enforcement do not encourage, endorse, nor condone the payment of ransom demands."

Signs of ransomware include:

  • You receive suspicious emails that show signs of criminal activity (see the phishing section above for more information)
  • New file extensions are added to the end of your file names
  • Your computer is locked with a message demanding a ransom

Again, up to date virus software and staff awareness are the key options to reduce the chance your business is impacted by ransomware.

You can also detect ransomware by setting up a “honeypot” that acts as a decoy file folder to fool a criminal into thinking it's a legitimate target. If they attack, you can then track them and make your systems more secure.

If you’re thinking of going down that route, it’s worth talking to a specialist adviser.

Stephen Jones recommends simple steps like setting up your email system to highlight messages from outside your company

“Services such as Office365 and Mimecast offer great email protection solutions to help prevent phishing and ransomware attacks. Some small businesses might not be able to afford the licence fee so something as simple as configuring your emails to highlight emails that originate outside your organisation will go a long way – simple but effective.”

Stephen Jones, CTO of Business Data Group


Spyware is malicious software that infiltrates your device and monitors your activity. Criminals can then steal your login, password and credit card information.

Spyware can be spread by clicking on links in scam emails, downloading fake software and clicking on pop-up windows. Spyware can also be packaged with real programs.

Signs that your computer has been infected by spyware include:

  • It runs slow or programs keep crashing
  • It keeps running out of hard drive space
  • You get pop-up windows encouraging you to visit unusual websites
  • Anti-virus software is not working

Trojan horse viruses

A trojan horse is code or software that looks legitimate but can take control of your computer.

A “backdoor trojan” allows fraudsters to access your device. They can then steal, change or delete data as well as upload more malware.

A trojan horse can also contain other types of malware including ransomware and spyware.

Trojans are often sent in emails promoting software that businesses might be interested in such as training courses. If you click on a link, it can download harmful software.

Signs that your computer has been infected by a trojan include:

  • It runs unusually slow or programs keep crashing
  • It keeps running out of hard drive space
  • You get pop-up windows encouraging you to visit spam websites

Distributed denial of service attacks

A distributed denial of service attack (DDOS) is when hackers attempt to make a website or computer unavailable by flooding it with internet traffic.

Attacks are conducted using botnets, a network of computers infected with malware. The botnet sends a large amount of connection requests, which stops people being able to access the targeted website or online service.

Cyber criminals carry out DDOS attacks for various reasons. They include extortion, political motivations, corporate sabotage and to show off their technical skills.

Signs that you have suffered a DDOS attack include:

  • Your systems are running unusually slow
  • You can't open files
  • You can't access particular websites or any website
  • Severely reduced internet speed