It is becoming painfully clear that the pandemic is a boon of epic proportions for fraudsters. Between COVID-19 scams targeting consumers, the wholesale theft of government benefits, and playing on the financial worries of the newly unemployed, 2020 will undoubtedly go down as one of the costliest on record when it comes to account take over and identity crimes.
In 2020, every second fraudulent transaction in the finance industry was an account takeover, a Fraud Prevention report by Kaspersky has found.
According to anonymised statistics of events detected by Kaspersky from January to December 2020, the share of such incidents increased from 34% in 2019 to 54% in 2020.
Two schemes to get access to a bank account – ‘the rescuer’ and ‘the investor’ – remain among the most common since 2019.
The importance of digital financial services and e-commerce increased in 2020 with people spending more time at home as a result of the pandemic.
The report suggest that, in turn, it caused a spike in social engineering techniques being exploited by cybercriminals. That’s why it is especially important for both financial institutions and clients to be aware of typical fraudulent schemes and to be able to protect themselves.
In addition to the rise of successful account takeovers, in 12% of fraudulent incidents, legitimate remote administration tools (RAT) such as TeamViewer were misused in an attempt to gain access to user accounts.
The report distinguishes that there were two common types of approach used by attackers to obtain access to accounts – both continuations from similar trends noticed in 2019.
The first tactic sees scammers masquerade as ‘the rescuer’, where they pretend to be security experts and act out scenarios to ‘save’ users. They call bank customers posing as security officers and report suspicious charges or payments and offer their help.
The rescuer may ask customers to verify their identity through a code sent in a text message or push-notification, to stop a suspicious transaction or to transfer money to a ‘secure account’.
They can also ask a victim to install an application for remote management pretending that it is required for troubleshooting. The scammers often introduce themselves as employees of the largest bank in the potential victim’s region and use a spoofed caller ID for incoming calls to pose as a real bank.
The second example is where cybercriminals act as ‘the investor’. This scenario involves fraudsters posing as employees of an investment company, or as investment consultants from a bank.
They call customers offering a quick way to make money by investing in cryptocurrency or shares directly from the client’s account, without having to go to a bank branch.
As a prerequisite for providing the ‘investment service’, the investor asks the potential victim for the code received in a text message or push notification.
“Bank clients always place a high value on ease of access to their accounts and performance of usual financial operations. And now this has become especially important,” explains Claire Hatcher, Head of Business Development, Kaspersky Fraud Prevention.
“That is why we believe that solutions for the financial industry should provide a high level of security measures – including protection against fraud – which are seamlessly integrated into the user experience. And of course, it’s worth regularly reminding clients about fraudsters’ techniques, so that they are likely to notice something.”
Large enterprise-level companies cut cybersecurity spending from an average of $18.9 million last year to $14 million in 2020. And this is despite the fact that the proportion of IT budget spending allocated to security has increased in percentage terms.
Of course, this was expected because almost all companies faced unexpected costs and losses due to quarantine.
The SMB picture is different: security budgets there increased slightly (from $267,000 in 2019 to $275,000 in 2020). A total of 71% of companies plan to increase their investments in security over the next three years.
What’s more, regardless of company size, respondents cited the increased complexity of IT infrastructure and the need to increase employee expertise as the main reasons for the increase.
17% hope to keep cybersecurity outlays at the same level, and only the remaining 12% are considering further budget cuts as part of an overall optimisation or in the belief that past investments have already helped solve the key issues.
The Kaspersky Fraud Prevention report is based on incidents associated with cybercrime and on data detected by Kaspersky Fraud Prevention after thorough analysis of consumer behaviour in the banking sector and e-commerce.
To find out more about the main fraud vectors companies faced, read the full report here.
The post Account take over explosion – incidents increased 20 percent compared to 2019 appeared first on Payments Cards & Mobile.