Many times we use the words “scam” and “fraud” interchangeably. Fraud is an umbrella term, legally referring to various types of chargeable criminal offenses. Scams, on the other hand, are a particular segment of fraud.
One way to think about the difference between these two is from a legal perspective. Fraud is serious criminal business, while scams are considered more minor offenses in comparison. Many types of fraud are classified as felonies, versus scams which are typically charged as misdemeanors.
Another way to look at it is from a banks’ perspective. Financial institutions differentiate the two as such: scams are theft of funds with your permission or knowledge, while fraud is financial theft without your permission or knowledge.
To make things even more confusing, oftentimes, a threat actor may start out with a simple scam, that then progresses to fraud. For example, an email phishing scam may allow a threat actor to access enough personally identifiable information (PII) to file a false tax return on the victims behalf, which is tax fraud. According to the New Zealand CERT, “a scam becomes fraud when a scammer gets someone’s personal or financial details and uses them for their own gain, or receives money from their target under false pretences.”
Invoice Fraud – Compromised business email account is used to send falsified invoices for services and goods that were never rendered.
Insurance Fraud – Receiving medical care using someone else’s insurance card.
General Financial Fraud – Unauthorized use of credit card for purchases.
Account Takeover (ATO) – Criminal accesses victim’s financial bank accounts to steal or move money illegally.
Identity Theft – Unauthorized use of someone’s identity to open credit cards or get a mortgage.
“Safe Account” Fraud – Victim is lured into moving money into a ‘safe account’ after fraudster convinces victim there has been ‘suspicious activity’ on the account. Fraudster asks for financial details and then performs the transfer – which is why it is fraud and not a simple scam.
Tax Fraud – Impersonating someone to get a tax refund you’re not entitled to.
Phishing Scams – Emails and texts to get people to click on a link to enter PII. (Read our analysis of a year’s worth of phishing emails here.)
Investment Scams – Fake investment schemes (‘boiler room’) and non-existing charities.
Counterfeit Scams – For example, you order an expensive Rolex watch online, but instead received a cheap knockoff.
Prize/Lottery Scams – A phishing email may claim “you’ve won all this money… but you need to pay fees and taxes up front,” and then the prize or promised reward is never delivered.
419 or “Generic” Scams – One of the most common 419 scams is sometime referred to as the “Nigerian Prince Scam”.
Invoice Scams – These are typically pitched with a high sense of urgency demanding payment for goods or services never provided.
Social Media Scams – Romance Scams fall under this category. These scams involve using social deception designed for financial gain, but because the victim willingly hands over the money, it’s not tagged as fraud.
Occupation Scams – Money mule schemes advertised as legitimate job opportunities.
Inflation Scams – False government programs advertised as legitimate ‘financial relief’ for energy costs or pandemic relied, for example.
Debt Elimination Scams – Promise to consolidate or remove debt in exchange for upfront fee that is stolen and no services provided.
When trying to decide if something should be categorized as a scam or fraud, differentiating the criminal’s intentions and the means of financial or illicit gain is a good starting point. A question to ask is, is this threat actor a fraudster or a scammer – or both? Also, what was the level of the victim’s involvement in the crime? Remember that not all fraudsters are scammers, and not all scammers are social engineers.