Managing increasingly complex scams landscape as tactics continue to evolve
The views and opinions expressed in this article are those of the thought leader as an individual, and are not attributed to CeFPro or any particular organization.
Serpil Hall, Director, Operational Risk, D4T4 Solutions PLC
Can you outline some examples where you have seen scam tactics evolving?
There are loads of different of scams and new ones appear depending on demands and interests of what occupies the general public at that point of time. Scams can be catagorised in two sections; seasonal scams; they appear and disappear for a while, but they come back again -when the time is right- and sophisticated scams which occupy at all times.
Example of seasonal scam types
- Holiday scams: coronavirus holiday scams, including fake caravan and motorhome listings, fake refunds for cancellations and cheap travel deals scams.
- Free school meals: Scam emails about free school meals, the email asks parents to click a link and give their bank details to ensure their children keep receiving free school meals.
- Covid-19 cash sums: fraudsters send messages mentioning a cash sum that will be awarded, or a fine that will be charged. They also include a (fake) link to check accounts on websites such as ‘gov.uk’ or ‘gov.usa’ and so on.
- Requests for donations: a link to a donation page is sent out by email. Victims are asked to click on the link which goes to a fake charity donation page, asking for contributions towards funding a cure for Covid-19. Those links and email aim to capture bank details.
- Online shopping scams: these are popular due to Black Friday/Cyber Monday, Christmas, Thanksgiving and so on. Fraudsters send emails and/or texts which links for (fake) great/one-off deals.
- Fake “test and trace” calls: fraudsters, contacting people by phone or messages asking for money to cover the cost of Covid-19 testing kits.
Example of at-all-times scam types
- Video conferencing downloads: fudsters send emails containing links to fake pages for video conferencing tools, asking you to install software. The links take the victims to a log-in page set up by scammers, with the intention of capturing your personal details and asking you to download malicious software. This can lead to many fraud cases for example but not limited to an account takeover and ID theft
- Romance Scams: victims are persuaded to make a payment to a person they have met, -online- through social media or dating websites, and with whom they believe they are in a relationship
- Impersonation scams. Fraudsters contact their victims pretending to be from either the police or the victim’s bank and convince the victim to make a payment to an account they control under “safe account” proposal.
- Investment scams: fraudsters convince victims to move their money to a fabricated fund or pay for a fake investment.
- Invoice and mandate scams (also known as malicious redirection scams): victim attempts to pay an invoice to a legitimate payee, such as as solicitor or to a builder, but the fraudster hacks in to the email and convinces the victim to redirect the payment to an account they control.
Do you believe there is a need of global collaboration in order to track fraud across multiple jurisdictions?
Of course, there’s a massive need for information and intelligence sharing between banks, credit bureaus, governments, the police and so on to identify and stop organized crime. I would love to see this happening soon, but I think due to cross-country privacy legislations this will remain a long-term ambition. However, fraudsters on the other hand do not mind sharing any intelligence about the weak points of banks and institutions – they run webinars on social media for example on YouTube and share their experiences and show how things can be hacked easily for free or for very little money.
What are some of the challenges with identifying scams conducted through geolocation technology?
Geolocation technology will work for Account Takeover and some payment fraud related cases. When it comes to scams, it’s the customer who transfers the money to the fraudster, so identifying where the customer logs in from or where they send money from is irrelevant to scams – especially for impersonation, romance or investment kind of scam types.
Most fraud tools tend to rely on device, IP, and network-related signals which can’t adequately address challenges and detect scams, especially scenarios where a fraudster convinces a genuine customer to initiate a payment. For those fraud prevention tools and systems, there is no concern as to if the transaction was initiated by the customer/victim. The addition of real-time, tag-free, behavioural biometric data into existing fraud prevention systems leads to the prevention and detection of scams before they take place.
How do current government controls help prevent falsified documents? Do you think there is anything else that can be done to further prevent falsified documents?
Various software solutions exist to detect and prevent document fraud. Governments around the world are trying to adapt technologies like polycarbonate substrates to make tampering with existing documents such as passports, much harder.
Additionally, tamper-proof solutions make things like scratches very transparent. A layered approach to preventing document fraud is key. Governments and financial institutions need to adopt various techniques and tools to spot and prevent document forgery.
The growth of Artificial Intelligence (AI) technology is pivotal to the success of automated software in detecting fraud. By adopting AI, machines continually improve the ability to detect fraudulent activity – including better data checks, contextualisation, and continuous monitoring of data integrity. Combined, this will achieve a greater level of efficiency in the verification of documents.
Why is it difficult to detect falsified information and money laundering within lending products?
The rise of online banks, faster payments, anonymous online payment services, peer-to-peer fund transfers using mobile phones, and the use of virtual currencies make detecting money laundering more difficult for financial institutions.
Organised crime began targeting lenders out of a need to remain unnoticed, along with the increased competition and frictionless customer experience that demanded quick responses from lenders. If a lending organisation fails to improve their due diligence and doesn’t adapt a risk based approach or comply with the AML regulations, criminals take advantage of those gaps in onboarding and ongoing transaction monitoring.
What do you think are some of the factors that have increased the complexity of scams?
Fraudsters are after quick access to money, low risk and easy targets. Fast electronic payments and money transfers are one of the main contributors to increased complexity and the growth of scams.
Covid-19 sent everyone, including vulnerable people and people who were computer savvy, home overnight. Shops shut, banks closed branches, and everyone turned to online services for many aspects of their day-to-day lives – shopping, paying bills and interacting online transactionally in different ways. This opened a huge opportunity for all kind of fraudsters and allowed them to use social engineering techniques. These tactics, by which fraudsters use to trick people into making security mistakes or giving away sensitive information, preyed on fears and uncertainties about the pandemic as opportunities to defraud individuals.
Social distancing restrictions led to a significant increase in online dating and provided an opportunity for fraudsters to take advantage of romance scams. Covid-19 cases of romance scams increased to worrying numbers and financial institutions ill-prepared and unaware of how to fight this kind of scam!
You may also be interested in…
Have you made your free account?