2021 Fraud Predictions - During and post pandemic


  • Imposter Scams: Imposter scams involve criminals contacting consumers and attempting to obtain personal and banking information by impersonating agencies that are associated with COVID-19 or the U.S. government. These include, but are not limited to, the World Health Organization, Centers for Disease Control, Internal Revenue Service, and other agencies. Most recently, scammers have been targeting consumer unemployment benefits and small business loans, as well as posing as contact tracers and utility companies to trick people into providing personal information and funds. Criminals will attempt to exploit consumers through many channels, including email, SMS messaging, messaging services like WhatsApp, and even through direct calls to consumers. Scammers posing as contact tracers may ask for money, a consumer's social security number, financial information, or immigration status.

    The risk associated with these types of scams is the exposure of data that could be used by cyber criminals to move money or obtain sensitive personal data such as Social Security numbers and bank account information. It is important for financial institutions to help raise awareness of these types of scams, both internally with your employees and externally with your account holders. Risk management teams should also increase monitoring of transactions to COVID-19-related agencies. Your institution may be able to help identify concerns and take action before account holders are even aware that they've been duped.
  • Covid-19 Malicious Apps: The internet is full of coronavirus scams. Some fraudsters will try to get passwords to email accounts and other sites; others will try to get ransomware onto the user's mobile or PC. The most dangerous scams, though, leverage the coronavirus pandemic to scare users into installing the malicious applications. Once installed on a device, these apps are built to download and install malware to monitor the device and steal banking credentials and personal information. Apps features can include: contact-tracing, tracking, coronavirus scanning, live monitoring, information, etc.
  • The Return of the Money Mule: Account Takeover (ATO) fraud typically requires cashing out the victim's account through a local money mule. Mule recruitment was at an all-time high in 2008-2009 when people were victimized or willfully participated in work-from-home scams. With so many Americans unemployed right now, mule recruitment should be even easier - and will fuel the dark economy.
  • Fraudulent Credit Card Accounts: With many people experiencing a drop in income, those who can get new credit lines are expected to do so - but the only way open for them is through their credit card website. This means an overall increase in online credit card applications. Fraudsters are likely to try to leverage the trend since increased activity and credit defaults will make it harder to identity fraudulent account openings and take longer to investigate suspect cases.
  • Reduced Customer Loyalty: The current pandemic has created hording or demands that have emptied store shelves as well as most online marketplaces. Many people are turning to non-vetted third-party applications or online marketplaces to find these essentials. These lesser known sites can have poor security or may be fraudulent.
  • Security for the "Phygital" shopping experience: Blending the elements of both a physical (curbside pickup, displaying your photo ID) and digital (selecting inventory and submitting payment, multifactor authentication) shopping experience together The combined online and in-store shopping habits are here to stay for the long term.
  • More Social Engineering for Authorized Push Payments (APP): These scams are extremely effective and defeat all controls such as authentication, device, and location analysis. Criminals just need to persuade people into authorizing a payment to them. These include criminals impersonating a member of bank staff or a police officer and claiming there has been fraudulent activity on an account and that money needs to be transferred to a different account; impersonating a supplier or contractor, sending a fake invoice to a business, online auctions and classifieds scams, and investment scams.
  • Contactless Shopping: As social distancing measures remain intact across the country, contactless shopping has encouraged consumers to use mobile apps for food and groceries that they otherwise may not have. With nearly three out of four Americans considering their online shopping transactions secure, there's a real sense of complacency, and a lack of digital security awareness. This uptick in activity signifies a change in users' digital behaviors, which serve as a major indicator to fraudsters that an open opportunity for hacking may be on the horizon. Given consumers most likely have a high number of online shopping accounts (with the same password, in most cases) that store their critical personal data, this information can easily become available for cybercriminals. These fraudsters now have the ability to implement elaborate scams to access consumers' accounts, bypassing standard security measures.
  • Remote Working: Adapting existing controls to the remote working environment, the use of data and analytics in monitoring risks, and the proper balance between human and technological oversight will become more important as the 'new normal' takes hold. Compliance with regulatory controls should remain high priority for businesses, otherwise they create opportunity for criminals and risk regulatory investigations, leading to fiscal and reputational damages in the future. For many businesses, existing training on preventing wire fraud and other criminal attacks will need to be reinforced.
  • Charity Scams: One of the most disheartening online trends has been the effort to steal funds from individuals who are sympathetic to a cause and who willingly give money to what they think is an organization that is aligned with their beliefs. In charity scams, criminals have begun to impersonate nonprofits affiliated with the pandemic or civil rights organization. To mitigate this type of risk, internal and external awareness is, once again, a major defense for this kind of scam. Armed with information, consumers can make more informed decisions about their charitable giving. For your organization's risk teams, increased monitoring of outgoing funds to pandemic-related charities may help identify this type of activity.
  • Product Scams: Possibly the most difficult of scams to identify and measure are those related to product purchases. These scams are difficult to pinpoint because the scam involves selling consumer products with questionable or no efficacy. This can include products that appear to be for COVID-19 vaccines, treatments, cures, or home testing kits. Even if the capabilities of the product are not backed by measurable and repeatable results, the buyer themselves may perceive the benefits of the product. Given the variables involved with these product claims and the subjective nature involved with how the product works for each buyer, raising awareness with consumers is once again the most powerful defense.
  • Investment Scams: COVID-19 investment scams are luring consumers into investing by claiming that their stocks will sharply increase as a direct result of the effect their products will have on the pandemic. Individuals who invest in these scams have a substantial risk of being involved in a "pump and dump" investment scheme. These scams can be effectively perpetrated through online messaging channels and direct call channels, and once again, awareness is the best defense. Informing account holders about these types of schemes may keep them from purchasing these risky investments.

2020 Fraud Predictions


  • Deep fake technology for identity fraud: This technology will be used to attack call centers and for business email compromise scams.
  • ID Mules: Identity mules are real people who wish to boost their credit score, new-to-credit users like students and immigrants who wish to build a good FICO score, etc. They'll knowingly or unknowingly give their identity to cyber criminals to open fake accounts. The result may be similar to current synthetic ID schemes but based on a completely legit starting point.
  • FinTech companies will be the next big target: The fintech sector, which has largely escaped the abuse of fraudsters, will begin to see a sharp increase in online fraud.
  • Chatbot and voice assistance payment fraud will rise: As soon as these 24/7 convenience technologies begin to functionality that can move money from a user's account - they'll be targeted by criminals and will need to be protected against account takeover.
  • P2P fraud increases: P2P attacks will escalate as social engineering imposters will be at the receiving end of P2P money transfers. This will result in real users suffering from higher friction as fraud levels surge.
  • Business Email Compromise will include more Direct Deposit Fraud: A fraudster will trick an HR or Payroll employee to update direct deposit information in order to re-route an employee's paycheck.
  • The US will join the UK to protect authorized push payment victims: Victims in authorized push payment scams will get their money back, even if the victim was somehow at fault.
  • Wire fraud grows and becomes harder to detect: FBI data shows a 700% growth in this area over the last five years.
  • Account takeover will increase: Account takeover is essentially doubling each year as criminals become more technically savvy and automated. For example, mobile account takeover through SIM swap fraud doubled from 360,000 cases to more than 680,000 cases in a year. With billions of records being leaked each year online, cybercriminals are using sophisticated bots to automate account takeover attempts.
  • Fraud makes its way into pop culture and social networks: Popular culture and social media are making fraudulent methods more common and easier to access, leading to more fraud attacks against banks, lenders and finance companies.
  • Synthetic identity will continue to rise: Synthetic identity theft is the fastest-growing financial crime in the US.
  • Fake check scams: Fake check scams are up 65 percent since 2015 and this trend will continue to rise. Most fake check scams involve a job offer, an income opportunity of some kind or involve selling items online.
  • Imposter scams rake in the most money: Phishing/Vishing/Smishing/Pharming are the methods used for the most profitable scams. This includes: BEC/EAC, Confidence Fraud/Romance and Spoofing.
  • Targeted ransomware attacks on the rise: In 2020, we will witness an increase of targeted ransomware attacks. Criminals will use the dark web to gather intelligence on employees and organizations with poor cyber hygiene.
  • IoT devices under attack: The huge number of IoT devices, along with the 5G networks roll out, will dramatically increase the number of attacks against smart devices.
  • AI-based attacks: Criminal hackers will use A.I. to adapt in real-time to the defense responses of the organizations they are attacking.
  • Compromised credentials and data breaches: Credential stuffing will become a popular money-making method for cybercriminals.
  • Cybercrime-as-a-service: Among the numerous services offered in the cybercrime underground, ransomware-as-a-service platforms, DDoS-for-hire platforms and spamming services will facilitate the emergence of new criminal organizations and speeds up the operations of existing ones.
  • Phishing kit developers will offer more refined products: Phishing kit developers will offer more refined products, further lowering the skill required to launch a phishing campaign. Attackers are improving the quality of their phishing campaigns by minimizing or hiding common signs of a phish.
  • Ransomware attacks: Ransomware developers will make their code more evasive so that they can establish a foothold in a system, encrypt more data without being noticed, and possibly scale operations to other networks.

© eFraud Prevention, LLC. Additional sources for this article include: Total Retail, Loss Prevention Magazine, UK Finance Limited, Informa Tech, and Computer Weekly.

Resources

Search for fraud safety tips:



established 2004

eco friendly

ada compliant

Associations

Copyrights © All Rights Reserved by eFraud Prevention, LLC