We’ve come a long way in terms of digitisation and the use of technology for greater efficiency and productivity - and so have the types of fraud as a result. Fraudsters have always been savvy but are now getting increasingly creative and quicker at understanding the vulnerabilities of consumers, businesses and their infrastructure as technology advances.
Fraud within the e-commerce space alone sees almost £17.5bn in losses each year, while large digital lenders (over $50mn annual revenue) face 50% more fraud attempts than non-digital ones.
Some methods of fraud are more covert, while others are brash and the opposite to subtle. We’re looking at the five top types of fraud in 2022 so your business can better understand the latest risks and new actions cyber criminals are taking for financial gain.
Account takeover (ATO)
Account takeover (ATO) is a type of identity theft where the cybercriminal gains access to the victim’s credentials to steal money, personal information and sensitive business data, and take control of the account. Often, criminals will use phishing or malware attacks to get the login details however, with data breaches becoming alarmingly common, many can buy these on the dark web.
Fraudsters using this method are keen not to raise the alarm bells straightaway with big fraudulent transactions or credit card fraud. Instead, they prefer to change account information like passwords and notifications settings so that victims remain unaware.
The result can be devastating as huge financial harm is done to both the consumer and the financial institution, as well as reputational damage to the latter.
SIM swapping
SIM swapping is a method used by fraudsters that takes advantage of the weaknesses within two-factor authentication and verification via mobile numbers.
Scammers will speak to the victim’s mobile phone provider to have a SIM card activated using the victim’s existing mobile number. Once done, this means that any messages and calls will go to the scammer’s SIM and phone, and not the victim’s. Where two-factor authentication now heavily relies on SMS for verification in the form of one-time passwords (OTPs), hackers can intercept as they have this crucial entry point to bank accounts.
SIM swapping has been on the rise in the past few years with huge losses to the victims. In 2021, the FBI announced that it received over 1,600 reports of SIM resulting in over $68mn in losses. By comparison, between 2018 and 2020, there were 320 SIM swapping complaints coming to around $12mn in losses.
Automation
Automation has gained huge traction as cloud, AI and machine learning are becoming intrinsic in most technologies today. The beauty of automation is its ability to provide efficiency without compromise to the end result - and scammers are making use of this.
Cybercriminals are using bots to automate a lot of the work they’d previously done manually, meaning they are attempting far more, finding more victims and covering a lot more ground.
Credential stuffing, for example, utilises automation and bots to use stolen credentials on different websites and services at scale to compromise accounts. However, it’s not just real accounts that automation is useful for; fake accounts can be created en masse to abuse discounts and reward programmes.
Essentially though, any type of fraud can use automation to scale up the level of attempts and ultimately, success rates for thieves to access what’s not theirs.
Crypto Attacks
Much like with the advent of automation, there are increasingly more scams taking place in the crypto world as it grows. Fraudsters are taking advantage of the unregulated and unprotected sector, where cryptocurrency payments are often not reversible. In addition, cryptocurrencies are tied to public ledgers, i.e. blockchains, which publicly list all the details of every transaction made on that blockchain. You could say it's a cyber criminal’s dreamland.
Crypto-related attacks can take many guises, including:
- Initial coin offering scams
- Crypto scam websites
- Money laundering
- Hacking crypto wallets
Fraud within crypto has gone even further where scammers are taking advantage of scam websites. Most recently, Water Labbu, a threat actor, targeted third-party scam websites to infiltrate the wallets of its users resulting in over $300,000 in profit, remarkably managing to steal money while piggybacking off the resources of the website - a double fraud.
Synthetic Identities and Application Fraud
Synthetic identities is another rising fraud trend whereby fraudsters create entirely new identities made up of details of real people alongside fictionalised elements. With these entirely made up identities, thieves can apply for loans and credit cards which they max out and never pay back, while the financial institutions will never be able to track them or recoup the losses.
The mix of real and fictitious details makes this a particularly difficult type of fraud to detect as scammers will play the long game; creating social media profiles, paying bills regularly and using bank accounts and credit cards responsibly in order to build up their credit. FinTechs and financial institutions aren’t aware of the possibility of fraudulent identity until payments continue to default and no contact is successfully made.
In a hyper-digital world, particularly with the onset of digital banking and lending, synthetic identities and application fraud is relatively new but rising exponentially. A McKinsey Institute study revealed that it accounts for 85% of all fraud today, while the losses to financial institutions is estimated to be up to $20bn per year.