“Everything happened so fast!”: Online fraud victims share their stories

• Cybersecurity
• Human sciences
• User experience

Share on Twitter : “Everything happened so fast!”: Online fraud victims share their stories (New window) Share on Linkedin : “Everything happened so fast!”: Online fraud victims share their stories (New window)

What digital risks are we talking about?

When we talk about digital risks, words like cyberattacks, scams, hacking or fraud come to mind for the French people surveyed. But behind these terms are worrying realities. Personal data theft, identity theft and commercial fraud are among the main concerns, and these vary according to each generation. Young adults are particularly concerned about cyberbullying and its psychological impacts, while older generations feel more exposed to financial scams, especially by phone or email.

There also remains a gap between the risks perceived by the general public and those identified by cybersecurity institutions and experts. This discrepancy shows the importance of clear and accessible communication to align users’ concerns with proposed cybersecurity solutions (read our previous article Understanding the general public’s perception of online risks — Hello Future Orange).

In this article, digital risks are defined as any form of fraud committed online, resulting from intentional or involuntary digital actions by users, and resulting in moral and/or financial harm to victims.

While financial losses are the most visible consequences, the psychological and emotional repercussions are equally deep, leaving lasting scars.

Growing concerns about digital risks

Digital risks are an ever-increasing part of French people’s daily lives. In fact, according to the GASA (Global Anti-Scam Alliance) [1] organisation, 79% of French people faced scam attempts at least once a month in 2024, to the point where they often say: “Nowadays, we just have to live with it”. They have noticed an increase in digital risks in recent years and are concerned that things will only get worse in the future. This concern is justified, but it must be put into perspective. The data in the latest report from the OSMP (Observatory for the Security of Payment Means) [2] shows that fraud on certain payment methods is stable or even reducing, in particular thanks to tools such as the strong authentication introduced by the PSD2.

This does not take into account how attacks are evolving. Cybercriminals now use psychological manipulation techniques, commonly called social engineering. Let’s take the example of spoofing: A hacker pretends to be a bank advisor by falsifying the phone number displayed on your screen. The result: The victim, convinced they are dealing with their bank, shares confidential information, becoming an involuntary contributor to their own fraud.

Imagine you receive a call from a number that seems to be your bank’s. The person you’re speaking to, well informed and reassuring, asks you to cancel a suspicious transaction by sharing a code received by SMS. Believing you are doing the right thing, you follow their instructions, but, in reality, you just approved a fraudulent transaction. The fraudster clears your accounts with ease.

Why study fraud perception and digital risks?

In a digital world where every online interaction exposes citizens to invisible threats, understanding digital risks, perception and user experiences has become a necessity. In this context, Orange Research’s work focuses on analysing the social and psychological dynamics that influence how these dangers are perceived, with a clear objective: to guide the design of cyber-protection solutions that are truly adapted to users’ needs.

Quantitative data, such as statistics on digital uses or types of cyberattacks, provides an overview of the extent of digital threats. But that is not enough. Qualitative studies go a step further by exploring individual accounts and personal stories to complete the analysis. These testimonies make it possible to grasp the emotions felt (fear, stress, loss of confidence), the reactions to threats (such as clumsiness) and the damage done offline (financial or psychological), which is often traumatic and with significant consequences.

This feedback means multidisciplinary teams (cybersecurity experts, architects, psychologists, UX designers etc.) can better understand users’ specific needs and incorporate them into the design of cyber-protection tools. This holistic, human-centred approach not only improves the effectiveness of proposed solutions that are becoming all the more relevant, but also strengthens user confidence, as they feel understood and supported in the face of cyberthreats.

Diversity of data collection methods

Since 2022, our human sciences research on cyber protection has drawn on various methods to better understand the general public’s behaviour regarding the digital risks they are exposed to. These methods combine individual interviews, large-scale surveys and innovative experiments; in total, more than 80 people were met, including victims and non-victims, enabling a rich and nuanced analysis.

Qualitative testimonials: listening to understand

The first phase of our research focused on the voices of victims. Thanks to our internal online discussion tool, about 30 fraud victims shared their experiences, mentioning damage ranging from a few dozen to several thousand euro. These poignant stories identified risky behaviours and high expectations for digital protection education.

A participant aged around 40 explained how, when buying his car in England, a fraudster intervened in the email exchanges and replaced the seller’s bank details with their own. When he arrived to pick up his car, the garage owner had not received the €14,000 transfer. This is when they realised the extent of the fraud.

Quantitative surveys: understanding the overall trend

To complete these testimonies, a first quantitative survey of 1000 French victims of fraud—titled “Les Français et la fraude bancaire” (French people and bank fraud)—was carried out in 2022, in partnership with the research institute OpinionWay [3]. A new survey, “Les Français face aux risques numériques” (French people and digital risks) [4], was conducted in 2024, further strengthening our understanding of digital dangers and how they’re evolving. These results were enriched by data from the INSEE ICT survey (2021) [5], providing an overview of digital practices and associated risks.

Collective workshops: exploring generational differences

To go deeper into our analyses, collective workshops bringing together between eight and ten participants, as well as semi-structured interviews, were organised in several French cities in 2024. The aim was to explore the hypothesis that exposure to digital risks varies according to the age group of those exposed.

Mobile experimentation: observing behaviours in real time

In June 2024, we launched an experimental mobile app, developed in-house and tested for 6 months by 100 users. The main purpose of this tool was to analyse phishing messages received in real time and to distribute suitable educational content. The results are promising: Users have been more alert to suspicious messages and have improved their understanding of good online security practices.

The psychological journey of victims

Between 2022 and 2024, the proportion of French people claiming to be victims of online fraud rose from 8% to 13%, revealing a real growth in this phenomenon. While financial losses are the most visible consequences, the psychological and emotional repercussions are equally deep, leaving lasting scars.

There is no “typical profile” of fraud victims. However, many testimonies reveal personal situations that have been conducive to fraud and diminished victims’ vigilance: temporary financial difficulties, psychological vulnerability, a fragile emotional state, temporary stress, external pressure or a combination of adverse circumstances (see the Swiss cheese model). In another context or a different mindset, many people could probably have avoided being duped.

In these cases, victims often realise too late that they have contributed to their own vulnerable state. They may have entered their bank details on an unreliable site, clicked on a suspicious link or responded to a survey by disclosing personal information. Before even grasping the extent of the damage, they become aware of their carelessness, as they try to fix their mistakes — often in vain. This feeling of guilt is then accompanied by frustration at themselves, anger towards the perpetrator of the fraud and sometimes an unmentionable shame.

In other cases of cyberattacks (theft of bank data on pirated shopping sites, applying for personal loans for them etc.), victims are tricked without any signs of having been negligent. Fraud takes place outside their visible digital activities, taking it longer for them to realise and often making it brutal. Sometimes months pass before the financial and moral consequences are fully known. These victims go through a complex psychological process: from shock to anger, to a sense of oppression and fear.

No matter the circumstances of the offence, psychological scars remain. For many, this experience leads to a quest for recognition and justice, often associated with a request for financial compensation. However, according to an OSMP report, only 30% of bank fraud victims file a complaint with the authorities.

Protection strategies: Learn how to protect yourself

Faced with these traumatic experiences, which no one is immune to, many victims develop strategies to protect themselves and avoid another instance of fraud. They monitor their bank accounts more carefully, use virtual cards to prevent their details from being compromised, systematically check the URLs of websites they visit to detect fake sites, or create email addresses just for online purchases or registrations. However, despite these efforts, recurrences are frequent: 39% of victims of fraudulent withdrawals and 30% of victims of scams report experiencing fraud again in the months following the initial incident.

Victims strive to learn lessons and adapt their uses in the face of various threats. They develop strategies to be careful and reflect and pay greater attention to details (the padlock being present in URLs, verifying email addresses, being cautious about overly attractive offers etc.).

It is worth noting another pain point raised by the interviewees: that of a lack of reference points among the many online resources available when it comes to reporting a suspicion of fraud (Cybermalveillance, SignalConso, Internet-Signalement, Info-Escroqueries, 33700 etc.) or learning about the best way to protect yourself.

The first lines of defence: vigilance and digital tools

More and more victims are equipping themselves with digital protection services, such as antivirus, to protect their devices from malware; VPNs to secure their Internet connections; or password managers to make access to their online accounts more protected. Nevertheless, these solutions, however useful they may be, are not always enough to counter fraudsters’ growing creativity. Attacks are becoming increasingly sophisticated, exploiting not only technical vulnerabilities, but also human vulnerabilities through psychological manipulation techniques such as phishing or spoofing.

Despite their efforts, a significant part of the French population feel isolated when it comes to cyberthreats. According to our data, 41% of French people cannot seek a relative’s help in the event of a problem related to digital security. This feeling of isolation underlines an urgent need for:

• raising awareness so that everyone becomes aware of digital risks and the existing solutions,
• training to learn how to recognise signs of fraud and adopt safe behaviours,
• simple and intuitive solutions, adapted to all levels of digital knowledge.

Challenges for Orange: making safety and serenity go together

As a trusted carrier, Orange’s mission goes beyond merely providing cybersecurity services. It is committed to protecting its customers, keeping them informed and giving them the means to regain control over cyberthreats.

Digital risks are now part of everyone’s daily life. The research described here revealed major contemporary challenges for the cyber protection of the general public. Through a holistic approach, which combines qualitative and quantitative analyses, technical studies and humanities, it is possible to better understand the complexity of victims’ experiences and develop truly effective cybersecurity solutions.