Digital Financial Crime

Examples of such acts are widespread and evolving:

• Trickery to prompt fund transfers or payments: This includes social engineering tactics designed to manipulate victims into voluntarily sending money or authorizing payments to criminals.
• Theft of personal or banking information to access accounts: Malicious actors steal sensitive data like passwords and account numbers to gain unauthorized entry to financial systems.
• ATM or online banking manipulation to withdraw funds: Criminals exploit technical flaws or compromised credentials to illegally siphon funds from automated teller machines or digital banking platforms.
• Unauthorized digital access or tampering with financial systems: Gaining illegal entry into an institution’s network or altering its operational data constitutes a severe form of digital financial crime.

Depending on the nature of the digital financial crime, the penalties vary significantly under New York law. Digital fraud-related offenses may be charged under general larceny, computer crime, identity theft, or scheme to defraud statutes, reflecting the seriousness of the crime. The severity of the punishment is often linked to the total financial loss incurred by the victims.

Phishing scams involve deceptive messages or calls impersonating legitimate entities, such as banks or governmental organizations, to steal information. Victims are lured into providing personal or financial information through fear or urgency. Variants of this digital financial crime include:

• Voice phishing ("vishing") where criminals use phone calls to manipulate victims.
• Messaging app fraud such as fake banking support requests.
• Clone websites that look authentic but are designed solely to capture login credentials.
• Romance scams which use emotional vulnerability to trick victims into sending funds.

Smishing is a type of digital financial crime that uses text messages with malicious links to install malware on victims’ phones. These links often mimic shipping notices, urgent alerts, or security warnings to trick the user. Once clicked, the malware collects credentials or triggers unauthorized microtransactions without the user's knowledge, resulting in financial loss.

Common smishing tactics involve:

• Fake COVID-19 response messages.
• Bank or delivery notifications with spoofed URLs.
• App update prompts that lead to spyware installation.

Taking the following steps swiftly can significantly aid in the recovery process after a digital financial crime:

• Contact your bank immediately: Request an immediate freeze of the affected account or block the suspicious transaction to prevent further financial damage.
• Call the NYPD or visit your local precinct: File a comprehensive police report documenting the entire incident, including dates, times, and any communication records.
• Request an “incident confirmation report”: This official document from the police is essential for the process of submitting claims for potential reimbursement.
• Submit the report to financial institutions: Both the sending and the receiving banks, if applicable, typically need a copy of the police report along with your official ID for processing reimbursement claims.

Some financial institutions allow emergency verbal claims over the phone, but formal, written submissions are nearly always required for official reimbursement procedures concerning a digital financial crime.

To safeguard against this common form of digital financial crime, users must remain skeptical of unsolicited digital communication. Simple, consistent habits can drastically reduce the risk of compromise.

• Never click on links from unknown email or SMS senders.
• Double-check web addresses before inputting credentials; look for subtle misspellings or non-secure connections.
• Use multi-factor authentication (MFA) on all financial and critical accounts where possible to add an extra layer of security.
• Regularly update passwords and use unique, strong ones for all financial accounts and sensitive services.

Pharming and memory hijacking are more technical forms of digital financial crime that require robust security awareness and protective measures. Pharming alters a user’s connection to redirect them to fake banking sites, while hijacking captures user data in real-time.

• Do not save sensitive information, such as login details or credit card numbers, directly on devices or easily accessible cloud services.
• Avoid conducting any financial transactions when connected to public or unsecured Wi-Fi networks, which are easily compromised.
• Join your bank’s fraud alert notification service so you receive immediate texts or emails regarding any suspicious activity on your account.
• Routinely scan your devices for malware and frequently clear browser caches and cookies to eliminate potential tracking software.