2022 Fraud Predictions

2022 will be an important year for financial institutions with increased regulatory control, more competition from challenger banks and higher levels of activity taking place online.

Arguably the weakest link in any security ecosystem is the human — both the employee and the customer. And despite valiant efforts to outfox bad actors with security technology, people are still falling for scams and often not keeping up with good security standards and practices. Hence, several experts believed that trend of cybercrime targeting humans will continue and increase — and financial firms will need to up their game, especially as more sophisticated hackers move upstream. Fraudsters will increasingly target high net worth customers, especially the elderly, through "common social engineering tactics and impersonating their personal banker" to access their accounts and collect sensitive personal and financial information.

Regulations

  • Regulatory Developments: Governments will take a more active role in the fight against fraud and will push FI's to take on more liability for scammed account holders. There has been a seismic shift in scams here in the US and 1 in 5 consumers is targeted by phone scammers alone. In 2021, scam calls increased again by over 100%. T-Mobile tracks scam calls on their network and are logging an astounding 2.5 billion scam calls a month. With so much impact on consumers, you can bet the Government is going to continue to push banks to do more to reimburse victims of scams. The Consumer Financial Protection Bureau got the ball rolling last year, but you can expect the trend to gain more steam this year. FI's will need to formulate a comprehensive strategy to stay in compliance in 2022.
  • Supply Chain Attacks: The ongoing disruption in supply chains is an opportunity that attackers will try to take greater advantage of in 2022. SolarWinds, Codecov, and Kaseya are still fresh in our memory. We expect an increase in similar attacks that can be used to harvest sensitive data or infect systems with malware. Supply chain attacks will pass malware as the number three root cause of data breaches. This will fuel the need for greater government regulations.

Consumers

  • Cybersecurity Awareness Will Increase: Having an idea about what could go wrong in terms of cybersecurity and being curious about what can be done to avoid problems are the first steps of prevention. In 2022 we'll see a massive increase in cybersecurity awareness among both home users and professionals, as more and more people will finally understand that a cybersecurity incident can happen at any time, to anyone and that it really is everyone's responsibility to prevent it.
  • Becoming A Scammer Is Increasing In Popularity: Scam-as-a-service models are making it easier for people buy off-the-shelf tools that enable them to project attacks into the wild without any prior knowledge of coding. The Fraud as a Service Industry is growing exponentially as expert fraudsters and scammers turn their attention to selling their methods, services, and fraud-perpetrating-tech to others. Fraudster automation will rapidly accelerate, turning newbies into experts instantly. They may even begin to incorporate Ai to make them smarter, more targeted, and more human-like. These automated bots could include account opening bots, loan application bots, credential stuffing bots, and new hyper-realistic social engineering text and chatbots.
  • Imposter Scams: Imposter scams, currently the second most common type of scam, will triple. Criminals will attempt to exploit consumers through many channels, including email, SMS messaging, messaging services, and through direct calls to consumers.
  • Revictimization: Fraud rates will continue to increase, and a new "chain of victimization" will emerge. Social media account takeover, in particular, will leverage the followers and individual networks to create new chains of victims. Consumer behavior will play a stronger role than in previous years.
  • Fraudsters Will Continue Dialing Into Mobile: Over 80% of the world's population now own smartphones, and mobile apps have become an integral part of people's everyday routines. Anyone can hail a ride, get food delivered, and make transactions using a mobile app. In a bid to secure a larger slice of the mobile app pie, companies are pushing out more services on a single platform. But there's a trade-off: the more services an app provides, the wider the attack surface, and the harder it is to secure. With malicious tools such as emulators and app cloners now easily available, we expect mobile app fraud attacks to rise in prominence beyond 2022.
  • Phishing: With numerous spelling errors, faulty language, and unbelievable claims, it was fairly easy to identify a phishing email three to five years ago. However, over the years, phishing emails and URLs have become more refined and believable, which helps scammers execute hyper-targeted attacks. In the coming year, scammers will continue to spend time improving their phishing tactics by making them more personalized and specific.
  • Scarcity Will Push Selling Scams Higher: Supply chains shortages are expected to continue for most of 2022 and that means scarcity and inflation will persist well into the year. Fraudsters and scammers thrive in this environment. They can peddle their non-existent goods in online marketplaces for extraordinary prices to desperate buyers looking for things they want and can't get.
  • Money Mules: The use of money mules will grow in popularity, with the younger population increasingly targeted.
  • First-party fraud: We can expect to see explosive growth in first-party fraud due to BNPL and the use of pre-qualification "soft inquiry" credit report pulls.

Pandemic

  • More Vaccine-Related Scams: There will be an increase in phishing emails offering things like vaccine passports or other vaccine related documents, prompting people to click on a link and input their personal and financial details. This is one of the many scams that will consistently hit the headlines in 2022.
  • Covid-19 Malicious Apps: The internet is full of coronavirus scams. Some fraudsters will try to get passwords to email accounts and other sites; others will try to get ransomware onto the user's mobile or PC. The most dangerous scams, though, leverage the coronavirus pandemic to scare users into installing the malicious applications. Once installed on a device, these apps are built to download and install malware to monitor the device and steal banking credentials and personal information. Apps features can include: contact-tracing, tracking, coronavirus scanning, live monitoring, information, etc.
  • Money Mules: Account Takeover (ATO) fraud typically requires cashing out the victim's account through a local money mule. Mule recruitment was at an all-time high in 2008-2009 when people were victimized or willfully participated in work-from-home scams. With so many Americans unemployed right now, mule recruitment should be even easier - and will fuel the dark economy.
  • Identity Fraud: The ripple effects of pandemic-related fraud will continue into 2024, and other forms of benefit fraud will emerge; unemployment identity fraud will be a permanent addition to the fraud landscape.

Identity

  • Bots Are Ushering In A New Era Of Fraud Automation: Bots create a new level of social engineering tools designed to make fraud easier for those hundreds and thousands of new fraudsters that are entering the scene. In June of 2021, OTP Bot services began to appear which completely automated the pilfering of One-Time Password (OTP) passcodes from victims with zero human-to-human interaction.
  • Digital Identity Will Transform: Data breaches and new social engineering techniques have made it possible for bad actors to obtain all the information they need to fake their digital identities. In 2022, new technologies will be authenticated with biometrics. This includes facial recognition, iris detection, voice and fingerprint matching. Digital Identity will come to your phone this year too. Apple is adding the ability to add digital driver's licenses to the Apple Wallet. Arizona, Connecticut, Georgia, Iowa, Kentucky, Maryland, Oklahoma, and Utah have already signed on and TSA will accept those digital identities at the security lines.
  • Deep Fake Technology: Deepfake technology continues to advance rapidly and will create havoc for the uninformed. This technology will also be used to attack call centers and for business email compromise scams.
  • Know Your User (KYU) Takes The Lead Over KYC: From neobanks to Buy-Now-Pay-Later services, fintech products are all the rage amongst businesses and consumers. One thing they all have in common is Know Your Customer (KYC) checks. KYC is the process of validating a customer's identity and an essential component in the fight against identity fraud, financial crime, and money laundering. There's no doubt that KYC has been the main focus of financial platforms, but expect Know Your User (KYU) protocols to take the lead going forward. Coming in at a time where organizations are shifting towards a Zero Trust model, KYU requires a more comprehensive approach to identify digital users, new and recurring alike. While KYC usually requires proof of identity, residence, and national identity verification checks to onboard customers, KYU draws information from additional data sources such as the device, behavioral biometrics, account activity, and thousands of other parameters to provide multidimensional insights into personas behind the screen. This equips organizations with the ability to decipher user intentions and motivations across and throughout the entire user-lifecycle, which is a crucial capability to have when keeping up with fast-growing financial crime.
  • Account Takeover (ATO) Fraud Will Continue To Conquer: 2021 was a record breaking year for data leaks, with the total number of events exceeding that of 2020 by 17%. More ammo for fraudsters means we can expect the number of ATO attempts to surge in coming months. The tactics used to take over accounts have also evolved rapidly. Fake photos, videos, and audio are becoming increasingly believable as deepfake technology advances, leading to more effective social engineering scams. Fraudsters are also using artificial intelligence and machine learning to engineer attacks. For example, bots powered with machine learning aren't just used to automate clicks and auto-fill credentials, but to mimic real user login behavior and successfully perform thousands of login attempts in seconds.
  • Identity Fraud: The shift from identity theft to identity fraud will accelerate. Identity fraud will change consumer behaviors such as forcing consumers to withdraw from certain interactions, transactions and communication channels. For example, the continued improvement in phishing attacks will force some consumers to rethink online purchases and change communication habits for fear of falling prey to a perfectly spoofed email, website or text. Synthetic identity fraud, especially for children, will increase ahead of the full roll-out of new anti-fraud tools. (eCBSV)
  • Synthetic Identity: In 2022 Synthetic Identity will only get better with fraudsters leveraging a variety of techniques include:
    • Using CPN profiles aged for at least 24 to 36 months to appear more legitimate.
    • Use of real high value tradelines such as mortgages and high limit personal loans to bolster credit history.
    • Using third party public records tools (the same search tools banks and investigators use) to identify true non-issued social security numbers which will make detection more difficult.
    • Leveraging more realistic Drivers License, SSN Cards and other supporting documentation.
    • Using computer generated synthetic faces for documentation and selfies.
    • Fraudsters will shift their focus to using synthetic identities tied to shell companies and aged corporations to go after much higher value business credit lines. Most credit repair companies are already pushing consumers in this direction now.

Businesses

  • Automation: Automation will continue to play a central role in attacks such as credential stuffing, password spraying, and brute-forcing. Fraudsters need fewer investments to scale attacks when they use bots and automation. Further, bot technology has advanced to the point today that bots can mimic humans fairly accurately, which causes bot detection to be even more difficult for businesses. Availability of commoditized botnets-as-a-service and the required support will make automation an even more potent tool for legitimate businesses to defend against in the coming year.
  • Account Takeover: Account takeover (ATO) attacks have grown leaps and bounds over the last few years – thanks to an explosion in the number of digital accounts – as more and more people turned to digital channels for daily life activities. This increase in digital accounts combined with incessant incidents of data breaches will continue to provide attackers with the required raw materials to launch account takeover attacks. High returns and ease of execution will continue to drive the rise of account takeover attacks well into 2022.
  • Targeted Attacks: Businesses will experience a diversification of attacks and a rise in attacks designed to target specific industries. Attackers have studied the prevalent fraud defenses across several industries. They will use this knowledge to maneuver their resources and extract maximum returns from these attacks.
  • Ransomware Attacks: Ransomware developers will make their code more evasive so that they can establish a foothold in a system, encrypt more data without being noticed, and possibly scale operations to other networks. Ransomware will be a preferred tool for targeted attacks, especially against the payment service providers (PSP). This trend will affect all partners in the payment ecosystem globally. Ransomware may catch up or surpass phishing-related breaches.
  • Cyberactivism: An online version of real-world protests, cyberactivism is on the rise. Protesters engage in disrupting the websites of target businesses. Fraudsters can game web-authentication measures to take advantage of such protests and exploit loopholes in business networks. They can use these protests as a means to drop malware or ransomware to steal sensitive information or to extort money.
  • Account Security: In the wake of rising fraud and online abuse, digital businesses will focus their attention on the account security of the customers. Comprehensive account security will be on top of the priority list of fraud teams and they will look beyond the traditional castle-and-moat method to verify user identities. A tiered approach to web authentication of users will become popular.
  • Cross-border Fraud: With consumers holed up in their homes, cross-border e-commerce transactions rose to sky-high levels, reaching $5 trillion globally in 2021. However, this also led to a spike in cross-border fraud. More than 60% of US and UK businesses experienced cross-border fraud on their platforms in 2021. A clear indicator of this was the explosion of e-commerce fraud, with global card-not-present (CNP) fraud tripling to $32.39 billion.
  • Fraud API Attacks: The use of APIs for fraud checks is surging as lenders and banks push their digital transformation projects forward. But sophisticated attacks against those same services could become a devastating reality for some in 2022. The average number of API endpoints within an organization grew from 28 in June 2020 to 89 in 2021. API traffic now accounts for 80% of all internet traffic.

Cryptocurrency

  • Crypto Attacks: The popularity of digital payments including cryptocurrency platforms has increased cyber threats to fintech companies a notch higher. Fraudsters increasingly will improvise on phishing and social engineering to target cryptocurrency platforms. The use of malware for crypto-jacking and infecting the system to enable mining of cryptocurrency will evolve into a bigger threat.
  • Fraud Payments: Cybercriminals will shift towards alternative, digital payment forms as the payment method of choice. Payment apps and services will surpass debit and gift cards in 2022. Cryptocurrency will surpass bank transfers and may exceed wire transfers.

© eFraud Prevention, LLC. Additional sources for this article include: Cyber News, Security Boulevard, UK Finance Limited, Informa Tech, FICO, Shield, and ISB Intelligence.

Resources

Search for fraud safety tips:



established 2004

eco friendly

ada compliant

Associations

Copyrights © All Rights Reserved by eFraud Prevention, LLC