By Jay Floyd, Senior Principal Financial Crime Consultant, ACI Worldwide
I have been working as a financial crime consultant advising financial institutions on how to combat fraud for over 20 years. The last few weeks have been the busiest of my life. The current Covid-19 pandemic is unprecedented in its global reach and implications for consumers and businesses worldwide. It also provides lots of fertile ground for fraudsters. Many of our banking clients are reporting that they have seen a dramatic increase in fraud related Covid-19 scams. Many of these scams play on the fear of millions of consumers and are disproportionately targeting the vulnerable and elderly.
What are the key trends we are seeing right now and what can consumers do to protect themselves and financial institutions to protect their customers?
Phishing attempts focusing on the fear factor and targeting the vulnerable and elderly
Coronavirus-themed phishing attacks have increased dramatically over the last few weeks. These usually involve an email or text attempting to trick people into opening malicious attachments which could lead to criminals stealing banking details, email logins and passwords. The messages often appear legitimate, often purporting to contain information or requests in relation to the pandemic. Be aware! Don’t click on links in emails or texts from senders you don’t know!
Requests for donations to fake charities and support groups focusing on Covid-19
Fraudsters are also trying to exploit the generosity of those wanting to help the NHS or people struggling during the crisis. They are sending emails either purporting to be from fake charities and support groups requesting payments. There are also reports that fraudsters have been brazenly knocking on peoples’ doors asking for donations. If you want to help the NHS or others during these testing times, only give money to people you know or charities you have supported in the past.
Fake merchants selling testing kits, masks, medical supplies
There have also been reported cases of fake merchants pretending to be selling Covid-19 testing kits, masks and medical supplies and several individuals and organizations have fallen prey to this tactic. Only buy from reputable websites and verify whether the merchant you are buying from is genuine.
Fake fines for leaving home during lockdown or not complying with specific government rules
Other scams purporting to be official messages from the government include texts telling people they have been fined £250 for leaving their home more than once during lockdown.
Savings accounts, Pensions and Investment Scams
Fraudsters are also exploiting the downturn in interest rates and are contacting unsuspecting consumers, offering ‘better products’, often tricking their victims into transferring money to a fraudster.
Increase in Mule Accounts
As individuals struggle to make a living, the temptation to succumb to fraudulent advertised ‘money transfer agent’ roles, has increased massively. Most mule account holders and operators are aware that what they are doing is not right, but because they do not see where the money comes from and profit from taking part in this scam, they turn a blind eye to the potential harm this is doing to communities.
Increase in Employee Fraud
We are in unprecedented times, with financial stability almost becoming a thing of the past for so many. Pressure to be complicit in financial wrongdoing increases during times of uncertainty and fear, and employees of financial institutions are no exception to this rule. The current crisis coupled with the fact of new remote working practices has created both the financial need and the opportunity that could see good employees turn bad.
APP fraud will be on the rise
Unfortunately, many of the scams described above will lead to more APP (Authorized Push Payment) fraud. Once a victim has been tricked into transferring money to a fraudster, it will often be impossible to get the money back because the transaction is instant, and cybercriminals will move on to the next target without being caught.
Another contributing factor to APP fraud is that many companies now have their employees working from home, so the ‘normal’ contact mechanism may no longer be active (e.g. the usual telephone number to reach preferred vendor representatives). Fraudsters may take advantage of this disruption by sending out fake invoices that appear to be from trusted and regularly used vendors, with the only difference on the invoice being the account number, often missed by the invoice recipient. The separation of the workforce into isolated home working environments may result in relaxed due-diligence procedures, especially if there is increased difficulty in reaching the vendor representative, and invoice recipients may therefore be paying out funds to fraudsters.
Businesses must therefore evolve and adapt their fraud strategies to combat the rising threat of Covid-19 scams. Utilizing specific APP detection technology combined with layers of behavioral biometrics capabilities can help detect APP fraud much quicker. A multi-layered approach that uses adaptive and predictive analytics and expertly defined rules in response to the new trends we are seeing as a result of the pandemic is crucial.
Behavioural biometrics technology can identify a wide range of cyberthreats in real-time, by analysing hundreds of behavioural parameters of online banking users, for example the way users interact with online applications and devices. It will also use subtle tests known as ‘invisible challenges’ during online banking sessions. To effectively detect and prevent APP scams, the latest behavioural biometrics analysis extracts powerful insights that suggest a genuine customer is under pressure to complete a payment which the fraudster is directing them to do on the telephone.
Armed with behavioural analytics to detect fraud, businesses should also use positive profiling – a combination of consortium intelligence and big data analytics. Positive profiling allows businesses to separate legitimate customers from the fraudsters. It means building comprehensive customer profiles based on detailed behavioural data from multiple businesses and externally confirmed fraud intelligence, so organizations can screen the customer rather than just the transaction.
Adapting such a multi-layered approach to fraud prevention will enable businesses to tailor the customer experience, improve conversion rates, maximize revenue and, most importantly, block fraud during these challenging times.