Connect with us

News

Festive Fraud: How to Avoid Christmas Shopping Fraud this Year

Published

on

Iain Swaine, Head of Cyber Strategy EMEA, BioCatch

The festive season is here. With Black Friday and Cyber Monday having passed, it’s time for Christmas shopping to continue — retailers are hiring seasonal workers, shelves are being stocked, wish lists are being made, and cybercriminals are preparing their favourite tools and tactics.

Wherever money is being spent, cybercriminals are sure to show up. That’s why you need to be on the lookout for shady offers, strange emails or texts, and other possible attacks. Here are four big scams we expect to see (more of) this year.

1. Phishing: The Holiday Bait That Con Artists Are Using

Phishing is an ongoing activity that picks up steam over the holidays. Because criminals know you’ll have a lot more shipments than usual on the way, con artists will send surveys, often at this time of year, posing as representatives of companies and offering benefits in exchange for your participation. One of the most popular phishing scams is called the UPS text scam, where’s the cybercriminal sends out text messages with links that look like they contain tracking information but in reality are malware wrapped up as a holiday gift.

Cybercriminals excel at looking like the real deal and may even try to get you to follow a link to a phishing site or a malware link. That’s why it’s important to make sure you double check anything claiming free rewards or mistakes that involve a payment.

Remember to look for the hook when you receive something dubious. Ask yourself questions like “Would this organisation really need to confirm my payment information?” or “Would this company send an email like this?”

And don’t be afraid to directly contact a business about a sketchy looking message — it might take a couple of minutes, but it’s far better than a fraudster getting your personal information which they can use for all kinds of incriminating purposes.

2. Account Takeover: Shopping On You

The purpose of an account takeover scam is for the fraudster to obtain your login information, pose as you, and then transfer money and make purchases on your credit card.

During this time of year, account takeover artists take a particular shine to e-commerce and retail accounts. Whether they acquire credentials on the dark web or other illicit means, cybercriminals are known to break into user accounts and then order items for themselves using the credit card saved on file.

Make sure you keep an eye on your retail account activity. Be aware of notifications for new orders, new shipping addresses, or other account updates. It’s easy to miss a notification during the holiday rush. If you see a charge that doesn’t look right or get notified about an order you don’t remember placing, it’s worth double checking to make sure your account has not been taken over by a fraudster.

3. Promotion Abuse: Taking it too far

When buying gifts, taking advantage of a good price never hurts (or self-shopping, for that matter). In order to enhance client acquisition during a period when more consumers will be online, many banks and shops will be implementing aggressive promotions. These businesses are dealing with weak account growth and lagging sales. These promotions are taken advantage of by con artists, who frequently do so by utilising other people’s information.

One fintech found this out the hard way after reporting millions of illegitimate accounts had been opened on their platform. In addition to refer-a-friend and sign-up promotions, cybercriminals will open up accounts to take advantage of the Buy Now, Pay Later (BNPL) services that many retailers offer during this time of the year.

Bots are often deployed by cybercriminals to try and open as many accounts as possible to cash in on lucrative promotions. Watch your email closely for confirmation emails indicating you opened a new account. While you might not experience financial losses directly as a result, you don’t want cybercriminals to open accounts in your name with bad intentions.

4. Santa’s Little Imitators: Fake Websites and Seller Accounts

In the same way that phishing schemes try to trick a victim into taking an action by pretending to be a legitimate company, fake websites do the same.

In this scam, the fraudster puts up a webpage that looks like the one you want to be on and tricks you into either entering information or clicking a button that triggers a malware download.

These pages can be built to look extremely authentic, and enterprising cybercriminals have even been known to buy Google ads to make their fake sites show up on the front page. It’s also common for phishing emails to point victims to a fake website.

Similarly, cybercriminals are known to make fake social media accounts (it’s more than a trend for them) and fake seller accounts on retailer sites like eBay. In these cases, cybercriminals might fake a sweepstakes to trick consumers into sharing personal information or “buying” an item, taking their money, and then never shipping anything.

Consumers are advised to use caution while browsing and avoid clicking on promotional links in email and on social media sites. And, as the old adage goes, if something seems too good to be true, it probably is.

Click with care to shop safely this year

The significance of being aware of your online interactions cannot be overstated. Banks and merchants make significant investments in security systems that can detect fraud before it can hurt your wallet. However, con artists are constantly looking for and finding new ways to capitalise on the holiday, season, or shopper event.

Fortunately, as individuals, we are the best line of defence against the majority of these attacks. It is crucial to be aware of the signs of suspicious activity and to report them right away. The security of the internet is a shared responsibility. Don’t let a cybercriminal steal your holiday cheer. May the only holiday surprises you get arrive wrapped up in shiny paper.

News

With big tech firms making massive redundancies, could we see a tech bubble burst in 2023?

Published

on

By

Rhys Merett, Senior Account Director at PHA Group

 

Following the pandemic, the return from lockdown triggered an influx of capital into scaling tech businesses. This massive cash injection resulted in record-breaking valuations, resulting in an unprecedented boom of companies receiving unicorn status. In 2021, there were 85 new tech unicorns created in Europe in 2021 with the UK leading the charge with 41 recently created tech unicorns during that time. To give you an even better understanding of how impressive Europe’s tech unicorn boom was in 2021, the growth rate in 2021 outpaced the rate of other overseas markets by a whopping 100%.

But all good things must come to an end and sadly, this shrap spike in tech unicorns springing into existence proved to be a short-lived phenomenon. By the time 2022 rolled around, the party was over. We started to witness sharp company valuations decline – drastically. For example, Klarna, the Swedish fintech company that started the ‘buy-now-pay-later’ fad, saw its valuation slashed by 85% in 2022.  This decline in valuations directly corresponded with UK technology investment dropping by 22%, which was one of the steepest falls in Europe. Overall, UK tech investment fell by $27.9bn in 2022.

Rhys Merrett

The rise of layoffs

With tech unicorns suffering crippling devaluations and trying to stay afloat in an recession-battered economy, we have begun to see unprecedented job losses as a consequence. First, we had Amazon axing 18,000 jobs early this year, then we had Google cut 12,000 jobs and Microsoft followed suit with 10,000 job redundancies.  

Naturally, employees at tech companies are getting itchy feet. More than half of UK tech employees (53%) are bracing themselves for layoffs according to a survey from CWJobs who interviewed 2,000 UK-based tech workers.

So how reliable are tech company valuations in this day and age?

With impending layoffs and declining investment into tech companies, a question now hangs over whether valuations for tech companies are even worth acknowledging by investors. In such a sketchy economic environment, investors are naturally treading carefully when it comes to investing in promising tech companies.

Gone are the days of fancy brochures or grand pronouncements from tech entrepreneurs about how their tech company is ‘disruptive’ or  a ‘game changer.’ Proof is in the pudding and investors are looking very closely at the pudding.

As a result of the above, investors now have a preference for backing companies that are actually generating revenue and, most importantly, an actual profit. To protect their money, investors are no longer buying into the hype. Profits over promises.

It is no coincidence then that, already in 2023, the UK government has pulled the plug on Tech Nation, a flagship initiative launched by David Cameron, to support investment in UK technology start-ups and bring talent to the UK.  Signalling its weariness in putting too much faith in tech valuations, the government has put the tech investment fund in the hands of Barclays – an indication that the government is no longer taking risks with tech companies, especially during a time where government spending needs to be more justified than ever before .

With private and public investors being more scrupulous in selecting which tech companies to pour their money into, tech startups need to assess and redefine their brand position, ensuring there is a workable and sustainable work model which they can prove to potential financiers.

So, could we see another tech bubble burst? It is not totally out of the question but it would be confined to specific sectors in the tech space that are more volatile in nature, such as the metaverse and cryptocurrency. However, tech startups who understand that the days of hype and grandstanding are over and only sound business models are what will attract investors, will  stand a stronger chance of avoiding any tech bubble burst and receiving the investment they need.

Continue Reading

Business

Defining Fraud in 2023

Published

on

By

Scott Buchanan, Chief Marketing Officer at Forter

Fraudsters are fluid — they constantly experiment with new tactics to find cracks in a merchant’s defenses. In 2023, there are five trends that merchants need to be aware of — we saw each in 2022 and expect to see them with even more frequency in the year ahead.

Human ‘Bot’ Farms

First, let us acknowledge that while “human bots” is an oxymoron, it is also highly insensitive. At present, our industry lacks a better way of describing the practice. It used to be that human ‘bot’ farms referred to sweatshop-style arrangements in which poorly paid workers, often in developing countries, spent their days on brute force attacks, solving things like CAPTCHAs.

Now, though, a new twist on this old theme has arisen. In short, human bot farms use trafficked humans to scale their fraud operations. Often, they behave as bots, conducting brute force (and similar) attacks.

Human bots were widely recognised in fraud manager communities as a driving force behind recent repeated attacks, especially during the holiday rush. For example, human bot farms bombarded merchants that offer limited edition merchandise, decreasing the chances that prized products find their way to (and ultimately frustrating) good customers. These same operations also applied several tactics that follow at a scale that overwhelmed some fraud solution providers and their merchant customers.

Low-tech Address Manipulation

In the past year, fraudsters reverted to old tricks to circumnavigate rule-based fraud prevention as we saw an uptick in low-tech address manipulation. Consider a merchant with a rules set that checks a shipping or billing address against a negative list. And let’s say a noted fraudster has an address of 123 Main Street that is on that list. Therefore, any transaction with a shipping or billing address of 123 Main Street will be blocked by rules.

Fraudsters found an easy workaround. They simply write a variation of the address during checkout that evades the rules but can be easily understood by FedEx, UPS, or any other delivery company. For example, 123 Main Street becomes One-two-three Main Street or 123 Maain Street.

This should be simple to identify and block in theory. Still, fraud managers were frustrated that rules-based solutions — even those that applied artificial intelligence to speed rules application — struggled to spot this manipulation. During the Black Friday rush, more than one vendor threw up their hands and admitted they had no way to stop this tactic effectively. And as a result, fraud teams with these solutions had to manually review a growing queue of transactions.

Triangulation

With the growing presence of marketplaces to exchange goods, fraudsters are using triangulation more. Think about this as ‘stolen to order’ (instead of made to order). A fraudster posts a sought-after item for sale on a marketplace; in 2022, some of the most popular items for triangulation were high-end ‘cozy’ blankets, sneakers, gaming systems, and other electronics.

When a consumer buys an item from a fraudster on the marketplace, the fraudster then steals the item from a merchant. They input a shipping address for the marketplace buyer at checkout, which typically evades address verification checks. The marketplace buyer gets their item; the fraudster gets their money; the merchant gets penalised, and the marketplace is entirely unaware.

Fraudsters prefer triangulation because they don’t make any effort until they have a buyer — they never have to worry about stealing something they can’t sell, and they never have to touch the merchandise (further reducing their operating costs).

Double-dipping

Emboldened cheaters are attempting more brazen tactics. A prime example of that is double-dipping — while this is not new, we did see more attempts (especially from amateurs and previously good consumers) to double-dip in 2022.

Double dipping can take any form where a bad actor wins twice. For example, the bad actor makes a purchase and has the product shipped. They tell the merchant the item was not received and simultaneously file a chargeback with their issuer. Since it may take hours or days for the issuer to inform the merchant of the refund request, the communication gap can mean the bad actor receives money back from both entities and keeps the product.

We’ve also heard examples of bad actors buying and receiving an item, then filing a return, yet failing to return the item. Instead, they send the merchant back a package with rocks (or something else weighted). In one particularly devious example, a bad actor filled a bag with dry ice, which evaded a weight check by the delivery company, and then arrived at the merchant as an empty package.

Friendly Fraud

The best-known form of friendly fraud is chargeback fraud when a customer makes a purchase and receives it but files a fraud chargeback claiming that the purchase was made by a fraudster. This form of friendly fraud has been growing dramatically in recent years. Less recognised is that other forms of friendly fraud — which can also be labeled policy abuse — are increasingly serious.

For example, a consumer buys a sweater as a final sale. When it arrives at their doorstep, they realise it doesn’t fit as they’d hoped. Disappointed, the (previously good) consumer contacts the merchant to claim the sweater never arrived (code = Item Not Received) and demands a refund. The consumer now has the item they can wear (hey, at least the fit is close) or resell on a marketplace for profit.

Friendly fraud can also surface as returns abuse (returning items worn or outside of store policies), promotions abuse (re-using new customer discounts or other voucher codes), and more.

Friendly fraud is difficult to stop since it is often perpetrated by good consumers — they don’t appear on negative lists or fail basic rules. But professional fraudsters get in on the same acts, industrialising the consumer problem by increasing its scale and professionalism significantly. To increase their odds of success, they have gotten pretty systematic about this form of fraud. For example, on the dark web, fraudsters have shared the exact language to use when calling specific large merchants or issuers to nearly guarantee a refund or chargeback.

Parting Thought: The Power of Identity

The above tactics that fraudsters used with some success in the past year generally exploit gaps in rules-based systems (deployed by the merchant and/or offered by a fraud solution provider). These tactics don’t work when you can pinpoint the identity behind an interaction.

When you can be statistically confident that the identity entering an address of “One-two-three main street” is associated with fraud, it doesn’t matter what they enter in the address field; their transaction attempt is blocked. When a known fraudster is attempting to put an item up for sale on a marketplace or purchase an item with a net new shipping address, you stop them. And when they try to re-use promotional codes repeatedly, you reject the attempt.

You cannot pinpoint an identity with rules — instead, you need a massive graph of online identities and as much data as possible on each. While fraudsters always manipulate aspects of their identities, they cannot mask thousands of data points. Next-generation fraud solutions that use machine learning to augment human expertise can pattern match and pinpoint identity.

And to build the largest identity graph, you need a consortium of the largest merchants — collectively, they will ‘know’ the vast majority of online identities. And in this model, an identity — a bad actor or a good customer — known to one merchant is immediately known to all merchants.

And that is why the final trend for 2023 will be merchants abandoning rules-based systems at an increasing rate. That includes the rules-based fraud solution providers masquerading as machine learning (but really just speed up the application of rules). To combat more sophisticated fraudsters, merchants will make decisions based on identity. They will seek out the largest identity graph in order to achieve superior results.

Continue Reading

Magazine

Trending

Business10 mins ago

Shutting off mule accounts to effectively tackle APP fraud

Cleber Martins, Head of Fraud Management for Banking at ACI Worldwide   Authorised Push Payment (APP) fraud is on the...

Business16 mins ago

Want to increase positive customer purchasing experiences? Let’s talk IVR

Andy Watts, Senior Account Director, Financial Services, at Odigo   For many years, debit and credit cards have reigned supreme,...

Finance32 mins ago

Demonstrating fintech resilience in 2023

Melba Montague, Head of Financial Services, Genpact    Despite ongoing economic turmoil and a slowdown in investment, the UK has...

Banking2 days ago

E-commerce marketplaces have become more than third-party platforms

By Luke Trayfoot, CRO, MANGOPAY   E-commerce marketplaces have become an essential driver of e-commerce growth. As found by Ascential...

News5 days ago

With big tech firms making massive redundancies, could we see a tech bubble burst in 2023?

Rhys Merett, Senior Account Director at PHA Group   Following the pandemic, the return from lockdown triggered an influx of...

Finance5 days ago

How can merchants overcome barriers to payment innovation in 2023

Kevin O’Connell, Chief Product Officer at Trust Payments   The payments sector is going through an exciting change. Consumer expectations...

Banking5 days ago

Banking Technologies To Thrive In The Modern World

By Frank Arellano, Founder and CEO of Revolv3.   According to research by Digital Banking Report 2022, 36% of financial...

Business7 days ago

The trends to expect in the future of work in 2023 through the lens of a CFO

By Eliran Glazer, CFO at monday.com   Not a week goes by without significant evolution in the world of work....

Business1 week ago

How ecommerce businesses can retain customer loyalty during a recession

By Olusegun Akande, founder of Samis & S&T Enterprises As the UK’s recession worsens and consumers continue to feel the pinch caused...

Business1 week ago

Top 5 benefits of low-code development in financial services

By Richard Higginbotham, Product Manager at Netcall   Amid the rise of challenger banks like Monzo and Resolut, traditional financial...

Business1 week ago

The top predictions for the year ahead  

David Rosa, General Manager of Wallets, Disburse and FX at Rapyd   Despite the current global economic landscape, the year...

Finance1 week ago

OUTSMART THE TAXMAN BY MAKING THE MOST OF TAX SEASON

By Rita Cool, certified financial planner at Alexforbes The start of the new year brings ‘tax season’ upon us –...

Business1 week ago

Why using Rules-Based technology should not be dismissed

Dr. Ben Larwood, Chief Architect at Facctum   Over recent years AI has grown hugely in popularity and is seen...

Business1 week ago

Data is the key to unlocking investment for emerging markets

By Devin de Vries, CEO, WhereIsMyTransport   Over the past few years, the rapid economic growth experienced by emerging markets...

Banking1 week ago

Digital banking: A necessity, an option or a risk?

By Jonny Williams, partner, and Emma Radmore, legal director, at law firm Womble Bond Dickinson   Banks are at the...

Business1 week ago

The Role of Software Development in Shaping the FinTech Industry in 2023 and Beyond

Paul Blowers, Commercial Director at Future Processing   As another year passes, now is the time for company leaders to...

Business2 weeks ago

How FS organisations can utilise data to boost customer experience

Charles Southwood, Regional VP and GM – Northern Europe and Africa at Denodo We’ve all heard the age-old adage “the customer...

Business2 weeks ago

The Evolution of SoftPoS in 2023

By Brad Hyett, CEO of phos Contactless payments and digital wallets have surged in popularity in recent years. Part of...

Banking2 weeks ago

The Importance of Digital Trust in Banking and Finance

By Maeson Maherry, COO at Ascertia   With the rising adoption of eSignatures and the acceleration of digital transformation, trust...

Business2 weeks ago

Taking Financial Services to the Edge

Authored by Pascal Holt, Director of Marketing, Iceotope   Edge computing, cloud, and AI are changing the competitive landscape for...

Trending