Enable two-factor authentication where possible. Update browsers to the latest version and install security patches on time. Disable automatic addition of invitations in Google Calendar. Do not click on links or download attachments from emails when you do not know the sender or if you do not expect to receive such emails.

Do not trust fantastic "discounts", "promotions" and "giveaways". When taking part in giveaways, especially organized by well-known companies, check whether the giveaway is mentioned in official sources. Large-scale promotions are always mentioned on a company's official website and social media pages.

Pay extra attention to requests to pay "commission". In legitimate giveaways, winners are usually not asked to pay for shipping, commission, currency conversion, etc.

Inspect the domain name of the resource you are using. If it differs from the original domain or looks suspicious, do not buy or order anything. In most cases, a scam website differs from the original domain by only one or two characters. It is good practice to check the date when the website was registered, which can be done using services such as whois.net, pr-cy.ru and cy-pr.com. Scam and phishing resources do not live long.

Big discounts on devices are a sign that the bait ad on the classified was created by scammers. When using marketplaces, communicate with users only in the service chats and do not switch to third-party messengers.

Do not order goods in advance: pay when you receive the goods and make sure that they are in good condition.

If you get a call from a "bank", "the police", "social security", or "a telecom operator", politely end the conversation and hang up. Do not disclose any personal data or bank card details. Call the official number yourself or visit the company's office.

Contact your mobile phone operator and write a formal letter prohibiting them from duplicating your SIM card without you being physically present. As a result, fraudsters will not be able to clone your SIM card and use it for committing crimes.

If you have had money stolen from you, immediately report it to the bank, block the card, change passwords through online banking, file a statement with the police, and contact the bank's security team.

Will the money be returned? It depends on the type of scam. If you shared passwords, logins or codes, or if you transferred money to the scammers, then unfortunately the situation will be considered as your fault — although in some cases banks help their clients on a case-by-case basis.

If you or your company have fallen victim to scammers, immediately contact the police, report the incident to the relevant technical support team, and provide them with any correspondence with the fraudsters. You can also report fraud to CERT-GIB by calling the hotline at +65 3159-3798 or by sending an email to response@cert-gib.com.

To combat the advanced scam and phishing schemes described above, classic monitoring and blocking approach is no longer enough. One cannot eliminate scams by blocking separate violations. It is essential to identify and block the entire infrastructure used by cybercriminal groups. Group-IB's Digital Risk Protection system helps protect digital assets, brands, and personal and corporate reputation leveraging threat intelligence. In just one year, by preventing potential damages, the system helped save as much as $443 million for companies in the Asia Pacific region, Europe, and the Middle East.

Group-IB's patented DRP technologies in threat intelligence, which are based on the deep understanding of cybercriminals' logic and behavioral patterns that Group-IB experts accumulated in numerous investigations of high-tech crimes globally, automated graph analysis, and monitoring of threat actor infrastructures in real time help immediately detect fraudsters' entire networks and block them, as opposed to handling individual links to phishing and scam resources. All the information gathered about the threat actor and their infrastructure can be compiled into actionable reports for the further transfer to lawyers or law enforcement with the ultimate goal of bringing the scam actor to justice. As such, 85% of violations related to any type of fraud are eliminated as part of a pre-trial process, which saves the protected organization's resources.

Based on more than 10 years of Group-IB's experience in analyzing online fraud, Group-IB Digital Risk Protection leverages neural networks and adaptive scoring to automate sophisticated processes that involve detecting and categorizing fraud targeted at a specific company or industry, anywhere in the world. How does the solution work? Request a demo to learn more about DRP here.