By: Andy Renshaw, SVP product management at Feedzai
Fraudsters are continuing to get more familiar with their targets and dedicating more time to understand their lifestyles, which means highly targeted and personalised scams are becoming the norm. In addition, many banking customers embraced digital banking habits because of the COVID-19 pandemic making them unlikely to switch back to their pre-pandemic practices. This has resulted in a rise in digital interactions, hence leaving increased targets for fraudsters to pursue using social engineering. Armed with personal credentials obtained through the dark web, phishing or even social media, fraudsters can launch account takeover (ATO) attacks and compromise a legitimate user’s account. And if fraudsters can’t breach a customer’s account, they might use social engineering to trick victims into deliberately transferring them money using authorised push payment (APP) tactics. This latter type of fraud has become especially problematic in the UK.
Here’s some other personalised tactics that consumers will have to contend with in 2022:
Fraudsters practice patience: With more effective online security measures in place, fraudsters are thinking bigger to maximise their monetisation opportunities. Instead of quick “smash and grab” attempts that involve breaching an account and quickly transferring money, they will patiently observe a victim’s financial patterns. This includes details like when their paycheck is deposited and where they shop online. With this understanding, they will know when victims receive their pay and when they have the highest amount of money. By conducting layered research using social engineering or personal information obtained from phishing or malware attacks, fraudsters can carefully hone their message to make scams more convincing.
Rise of the narrative: Banks have been working for years to offer more personalised services to customers. Unfortunately, fraudsters are adopting the same strategy by crafting highly tailored narratives to deceive their victims. When a fraudster accesses a victim’s bank account (or email or eCommerce account, for that matter) they can learn important details about their life. For example, if they see their victim recently made payments for a parking violation or paid for a medical procedure, fraudsters can adopt the persona of a municipal employee or a medical office worker and claim a recent payment was not processed correctly. Next, they tell their victim to share their credit card or send money to a bank account they control. Because the fraudster uses such specific details, their scams have a better chance of working. Some fraudsters will craft a portfolio of narratives for a wide range of scenarios.
Taking advantage of FOMO: Want to get rich quick? Fraudsters hope so and they play on well-established human behaviours like the Fear of Missing Out (FOMO). They will use FOMO to lure victims into get-rich-quick schemes. Some scammers will use the same social engineering tactics mentioned earlier to design a scheme specific to their victims’ lifestyle or demographic. Once they familiarize themselves with their targets, the fraudsters will use high-pressure tactics to convince victims that a once-in-a-lifetime, low-risk high-reward opportunity is available to them. Cryptocurrency scams are becoming increasingly popular with fraudsters for these types of schemes, which can cost individuals vast sums of money. Australian Federal Police recently reported a 172% rise in cryptocurrency scams from January to November 2021. Unfortunately, the mystery and newness of crypto makes these scams highly appealing to fraudsters.
Romance Scams: Romance scams proved to be one of the biggest scams of the pandemic, with consumers losing an estimated £68 million in 2020. Scammers approach their victims online using dating sites or apps and pretend to be romantically attracted to them. After they convince their target that their relationship is genuine, they ask them for money for medical expenses, vehicle repairs, or for plane tickets to meet in person. In the end, the fraudsters pocket the money and disappear. This trend is on track to continue as more people turn to dating apps for companionship in 2022.
And it’s not just the personalisation of attacks that will increase, fraudsters will take advantage of new and emerging payment methods that are designed for convenience as well:
B2B Payments: After a long build-up, it’s looking like instant business-to-business payments are on track to finally become a reality in 2022. When instant B2B payments debut, both banks and businesses must apply the lessons learned from consumers real-time payments. Consumers after all, expect to access banking services on a 24/7 basis. Businesses need to prepare for how this enhanced speed of payments leaves them vulnerable to fraud. If a business loses money in real-time to fraud, the organisation will struggle to trust banks that facilitate the transfer. Instant B2B payments opens new opportunities for fraudsters to defraud businesses quickly. That’s why it’s important that banks and businesses both implement the right safeguards.
Connected Commerce Confusion: Gone are the days when consumers have a checking, savings, and credit card account. Now, most consumers have multiple traditional accounts, and a host of digital accounts like Paypal, Venmo, or even WhatsApp. And it doesn’t stop there. Many connected smart internet of things (IoT) devices like Amazon’s Alexa or Google Home can send money using voice commands. And soon it will be commonplace for people to send money through social media platforms. If all this sounds like a dream come true for fraudsters, it is. In a connected commerce ecosystem, we expect to see a spike in attacks on IoT-connected devices and social engineering attacks. A disparate arrangement of finances calls for a new approach for banks to manage their customers’ financial risks.
Challenger Banks: Digital-only and digital-first challenger banks need to attract more customers. One way they’re doing that is by making it easier for customers to quickly onboard. They also specifically want to appeal to younger customers, so they’re marketing their services on social media or partnering with digital influencers like YouTube and TikTok celebrities. Unfortunately, fraudsters are also looking to onboard with challenger banks. They realise many challenger banks have no physical infrastructure to meet customers face-to-face, and want to make onboarding as seamless as possible. Given the combination of these factors, fraudsters see challenger banks as top targets.
Targeting of Millennials & Gen Z: As younger people join the digital banking system, fraudsters will be eager to take advantage of their unfamiliarity with digital banking. While younger people are more tech-savvy in a social context than their older counterparts, fraudsters have found several tactics that have proven effective against millennials and Gen Z customers to take advantage of them from a financial perspective. The latter group is falling for fake check scams at the same rate as senior citizens. Meanwhile, one in five millennial shoppers experienced online fraud during the 2020 holiday shopping season. Fraudsters will also scour these users’ social media accounts for social engineering purposes.