6 Types of Online Banking Fraud: Guidelines for Investigators

Work Tips

As technology evolves, cyber criminals keep coming up with new creative ways to get around the system and defraud people out of their hard-earned money.

Although banks rarely share the details of an incident that’s connected to online banking fraud unless it’s a global breach, data suggests that banking-related crimes are on the increase.

According to Security Magazine:

  • All types of banking fraud grew by 159% between Q4 2020 and Q1 2021
  • In 42% of cases the fraudster takes control over the victim’s bank account
  • Online banking accounted for 93% of all fraud attempts in 2021
  • Android users are twice as likely to experience fraud compared to iOS users

But how do these fraudsters manage to drain so many bank accounts, given that most modern banks and financial institutions tend to take their security quite seriously?

In practice, digital forensic investigators are observing the following prevailing types of online banking fraud:

1. Identity Theft

Identity Theft

Among all types of online banking fraud, attempting to access or completely taking over the victim’s bank account by stealing their identity is arguably one of the hardest to stop.

Sometimes, all it takes for a hacker to achieve this is obtaining a scan of their personally-identifiable document such a passport or an ID card, and they can easily impersonate the victim online.

This way, they can:

  • Open a bank account in their name
  • Initialize unauthorized transactions
  • Sell their credentials on the dark web
  • etc.

This is why it’s especially important to advise people to safeguard their documents and never let them out of sight.

Storing a scan of a personally-identifiable document on a PC or smart device is a major cyber security liability that is to be avoided at all costs.

In addition, computer forensics and cyber security experts recommend using 2-factor authentication to prevent such unauthorized access attempts.

2FA Password

2FA is a crucial additional layer of security that can prevent a cyber disaster

2. Malicious Software

Malware Warning

Malware comes in many shapes and forms, arguably the most dangerous of which is keyloggers. Once the unsuspecting individual gets infected with it (usually through malicious websites, attachments, or other means), hackers can pull off all sorts of nasty shenanigans on the target’s computer. This includes:

  • Installing a silent backdoor access
  • Spy on what keys are being pressed
  • Monitor network traffic
  • Steal or delete files
  • Crash running applications
  • etc.

By combining a malware attack with other means of executing online banking fraud such as phishing, the hackers are able to mess with the content that is displayed on the victim’s device.

For example, they may hijack the browser session and divert the traffic away from the intended URL (such as the legitimate online bank) to a falsified website designed to look like the original that secretly steals any user credentials that are entered into it.

3. Employee Initiated Online Banking Fraud


As tempting as it is to convince yourself that an entire organization is on the same boat and everyone is on each other’s team, in reality, this may not always be the case.

During an investigation, you may discover that a bank’s internal staff illegally tried to funnel funds out of the bank and into their own pockets.

To double-check the system logs for any signs of fraudulent internal activity, law enforcement personnel will often need to use professional digital forensics database software like DBF provided by SalvationDATA.

This way, it quickly becomes clear who was the one in charge at the time of the incident and whether a suspicious user had been poking around the database.


Cutting-edge database forensics software such as DBF by SalvationDATA illustrates the hierarchical relationship between different events, thereby helping you reach the right conclusion faster.

4. Fraudulent Email (phishing)


Phishing is the act of duping the victim into clicking a fraudulent link that is often executed through email. Usually, the criminal puts on a mask of false identity and masquerades as someone who’s  in a position of power, whether it be their boss, administrator, or another important figure. Their request is usually accompanied by a sense of urgency.

As you can see from these phishing examples, they may ask the victim to update their account details under the false pretense that something is wrong with their account. The fraudulent link then leads the unsuspecting user to a fake login page that’s designed solely for the purpose of harvesting their login credentials that are sent straight to the hacker. Oftentimes, the login page looks exactly the same as the real thing, save for the few details that give it away (such as the incorrect URL).

Credit Card

Fraudulent login or payment forms can often look exactly like the real thing.

Phishing comes in numerous variants

Keep in mind that there are various variations to phishing that don’t necessarily involve e-mail (although e-mail tends to be the most common of the bunch). For instance, a similar kind of attack can be executed through private messaging or SMS, collectively referred to as smishing.

Another variant is vishing – this involves the criminal calling the victim and using social engineering techniques as a means of persuasion with the intention of finding out their username, password, and other personal details.

5. E-transfer Interception Fraud


When looking for ways to transfer money, people tend to show a preference for convenience. In general, e-transfer is a secure way of transferring funds, however, it may not be if the victim’s computer is somehow compromised or infected with malware.

The reason being is that if the hacker has a backdoor to spy on its network traffic, they may be able to use that information to take over the victim’s account and initialize an unauthorized transaction. Another way for a hacker to accomplish the same is by guessing or stealing the answer to the victim’s security question.

6. SIM Cloning

SIM card

Oftentimes, sending an SMS message to someone’s phone can be used as a 2FA measure. However, it’s probably the least secure out of the bunch because SMS messages can be intercepted and the SIM cards can be cloned by a hacker.

Since SIM cloning requires accessing the victim’s Mobile Subscriber Identity and encryption key, it is not the easiest feat to perform. However, if successful, the hacker will be able to use the victim’s number to:

  • Make calls
  • Listen to calls
  • Send and receive SMS messages
  • Track their GEO location

In case the victim suddenly lands in a situation where they can no longer use their phone number for unexplained reasons, it could be a sign that SIM cloning has taken place.

Outgoing calls to strange or unrecognized numbers can be another sign to watch out for.

Investigators Can Trace Online Banking Fraud by Studying What Cyber Criminals are Likely to Do


During an online banking fraud investigation, you’ll need to use all of the tools at your disposal to get to the bottom of what really happened.

As you can imagine, following cyber criminals in their footsteps and tracking them down will require extensive knowledge of the different types of online banking fraud we’ve covered above as well as advanced cyber security concepts.

The tricks of the trade

For starters, hackers and cyber criminals often spoof their IP to avoid detection and avoid the consequences of having their real-life identities revealed.

Since outright cracking a password by using brute forcing can be quite challenging, they often resort to more stealthy means such as infecting the victim’s computer with malware or using social engineering techniques in conjunction with phishing to trick them into handing over the password voluntarily.

Social Engineering

Getting past the defenses

Note that obtaining the password is often not enough. In case the victim also has a second layer of protection in place such as 2-factor authentication, the hacker also needs to bypass that before having the ability to seize control of their online bank account.

If this is the case, they will need to get a hold of one of the following (whichever applies):

  • The victim’s email account
  • The victim’s smartphone or SIM
  • The victim’s biometric scans

As you can imagine, this is extremely difficult, even more so than cracking the password.

In practice, the most efficient method of bypassing the secondary layer of protection is for the hacker to either steal or copy the target’s SIM card or somehow convince the telecommunications company to re-issue it and send it to the hacker’s address.

If this methodology was indeed used, it might be worth it to follow the trail and investigate who called the telecommunications company.

Start with where the clues are the most likely to be hidden

In truth, a law enforcement agency may have absolutely no clue to start with.

To make matters worse, the appointed investigators may sometimes lack the technical knowledge necessary to progress with the investigation.

Therefore, a good way to proceed is to place yourself in the hacker’s shoes and ask yourself where they’ve most likely left a trace.

The IP

IP address

So what to do when you have no clue how to proceed? Start with where the clues are the most likely to be hidden.

If you know that the hacker connected to the victim’s online bank account, you can get a court order for the administrators to reveal the hacker’s IP address (you may need to analyze the server logs yourself).

Then, you can use IP lookup services to pinpoint the geographical location of the IP. Bear in mind that any decent hacker knows how to spoof their IP by using a VPN or other IP masking solutions, so this might also lead you to a dead end.

The phone number

Phone dialing

The next thing to try is attempting to trace the hacker’s phone number if you know the hacker used some kind of social engineering techniques to obtain the victim’s SIM card.

Get a court order and the telecommunications company will be obliged by law to hand over the details regarding who called them and what they requested, along with direct recordings of the conversation.

Then, it’s only a matter of connecting the dots and seeing if you can connect the caller’s number to their real-world identity. Once again, if the hacker used a payphone, this may be another dead end. But it’s worth a shot.

The ATM CCTV footage

ATM Cash Withdraw

If all else fails, know that you can sometimes catch criminals when they try to withdraw stolen money through an ATM.

To do so, you can monitor the suspect’s bank account and its corresponding withdrawal history. Then, once you’ve noticed that someone has used an ATM machine to withdraw the money in cash, track down where exactly the ATM is located and get access to CCTV footage (most of them have cameras built-in).

Once again, the suspect may try to wear sunglasses, a hood, or even a mask to conceal their face, but if not, you can use facial recognition technology to uncover their true identity and apprehend them.


As cyber criminals are becoming increasingly sophisticated in their ways, new types of online banking fraud are emerging.

This type of cybercrime can be especially tricky to untangle and trace.

But the good news is, that fraudsters are easier to catch if they grow arrogant and start making mistakes along the way.

Now that you know their most commonly utilized tricks, you should have a solid idea of where to begin searching for clues.