In my previous blog (click
here) I detailed how the Fraud threat landscape for cards has changed significantly, with a reduction in card fraud in some of the major markets as consumers are spending less; and spending online rather than at bricks and mortar retail sites.
But that doesn't mean the fraud levels are easing – as while payment fraud is down – there is a lot of focus on scam emails and SMS; particularly those that are using social engineering to obtain information or access to facilitate fraud in terms of push
payments, account takeover etc. What we are seeing is a shift in tactics by organised crime, presumably as the opportunities on payment fraud have been drastically reduced. So, what is happening – and what is the mitigation to counter this threat?
Firstly, we are seeing that the volume of scam emails has increased significantly during this period. I only need look at my social media to see local examples where my neighbours post examples of emails and SMS that they have received, regarding accounts
with institutions that they are not customers of or have a relationship with. But even though these are identified by technically savvy persons as fraudulent attempts – some are so good at first glance that there is a question of "is this actually a genuine
email". Likewise, local Law Enforcement and the Financial Institutions themselves are proactively using social media to guide consumers in what to look for. But Fraudsters are looking for the weak link, and as such targets that are not fully aware of the risks
of an unsolicited email or SMS may be taken in by it. Within 2 weeks of the UK entering a National Lockdown, the National Fraud Intelligence Bureau had been notified of over 500 confirmed scams related to the pandemic (e.g. donation requests that were not
for legitimate causes) and more than 2,000 phishing attempts. According to The Guardian newspaper, those confirmed scams alone amounted to total losses of over £1.6m.
Interpol also announced that the volume of financial fraud linked to COVID-19 had increased, linked to demand for Personal Protective Equipment (PPE) such as masks, particularly through fake stores, fake "cures" or telephone scams that are a variation of
medical injury scams where family members are said to be unwell and requiring funds to pay for treatment. Again, over a period of less than 1 month of the pandemic starting to affect Europe, Interpol had blocked 18 bank accounts and froze $730,000 of suspected
fraudulent transactions. Other email topics are around supposed fines for traffic offences, transaction failures for services such as mobile phones, television licences etc.
That leads to the second area around telephone fraud – I myself have noticed the increase of scam calls to my mobile and landline numbers – usually from an international number or that that have been identified by my Mobile Phone Network as potential fraud.
Now again, I'm able to determine whether these calls are genuine, but the aim here is to hit the jackpot where the caller connects with someone who is taken in by the scenario; to the point where they will divulge payment details and/or personal information.
The vulnerable who may not have access to the information that allows them to recognise these scams are the target, and a scattergun approach to targeting individuals will ultimately pay dividends. And as a technique that has been used for decades, it's not
going to change anytime soon.
So how do we mitigate against these types of fraud threats. The first solution, and one I've spoken about many times before; is education. There is a lot of activity by Financial Institutions, law enforcement, charities and support groups to ensure consumers
recognise scams, and especially since we have had restrictions in place that have prevented the traditional transaction-based scams.
Secondly, it's monitoring account activity for abnormal actions that either don't fit the normal behaviour profile of the consumer or breach the criteria of a rule defined in a fraud monitoring solution. This is especially true for payments that are out
of the norm e.g. paying overseas accounts or known fraudulent accounts.
In my next blog, we will talk about push payment fraud, overpayment fraud and Money Mules.