Account takeovers and online banking fraud are two types of attacks on the rise against financial institutions and their customers, says Feedzai.
Amid the coronavirus pandemic, 2020 saw a quick and abrupt transition to digital banking and commerce, a boon for banks and customers alike. But that shift also triggered a host of schemes and scams from cybercriminals eager to take advantage of the new environment. A financial crime report released Thursday by fraud prevention company Feedzai looks at some of the common types of attack and offers advice to financial institutions and their customers.
SEE: Identity theft protection policy (TechRepublic Premium)
One of the most popular types of fraud last year was the impersonation scam, according to the report. With this tactic, scammers contact people by phone, text, or email and claim to be from a government agency or financial institution.
The goal of the scam is simple: Convince the victim to make some type of payment, through which the attackers then gain access to the person's credit card or financial account. This scam may have been common in 2020 because people were isolated and more prone to interact with fraudsters.
Another pervasive type of attack last year was the purchase scam. With the pandemic in full force, masks and medical equipment were in short supply. In response, cybercriminals created phony e-commerce sites hawking products that couldn't be found through legitimate channels. Victims ended up paying for items that they never received.
A third type of scam that's always popular is the account takeover, which saw a 650% jump in the last quarter of 2020, according to Feedzai. In this scenario, criminals snag stolen credentials and other account information from consumers, which they then use to transfer money or buy goods. Feedzai's fraud experts observed an increase in stolen account credentials on the Dark Web last year. This increase along with a jump in online transactions helped scammers blend in with more legitimate activity without being detected.
SEE: Cybersecurity: Let's get tactical (free PDF) (TechRepublic)
Among other types of scams, online banking fraud was popular last year with a 250% rise amid a greater shift to mobile banking. Investment scams were prevalent as they targeted victims with pyramid schemes, Ponzi schemes, and other frauds. Also on tap was the romance scam in which a criminal preys on someone's emotional vulnerabilities as a way to get money or valuable items.
To help banks and financial institutions protect themselves from scams, Feedzai offers the following seven tips:
- Create detailed customer behavior profiles to help you recognize and distinguish real customer behavior from criminal behavior.
- Educate your customers in the best practices for good digital hygiene.
- Implement security measures such as two-factor authentication.
- Monitor inbound and outbound payments, including the movement of payments between account rings.
- Capitalize on existing relationships with e-crime providers, dark web experts, and internal and external cybersecurity professionals to uncover credential testing and check customer scam reporting.
- Participate in the sharing of consortium data at least twice a week.
- Leverage rules, machine learning, and data analytics to detect and prevent fraud and financial crime.
And to help banking customers and consumers protect themselves as well, Feedzai offers the following 10 tips:
- Do your research. Research retailers before you purchase and only shop on secure sites that use "https" in their URLs.
- Use a credit card. Pay with your credit card, not a debit card, and enable two-factor authentication for all online transactions.
- Watch out for incredible deals. If a deal is too good to be true, it's probably a scam. This is also true for jobs promising easy money for little or no effort.
- Watch for typos. Check for typos or unusual URLs in the sender's email address, such as "email@example.com."
- Don't share personal information. Avoid links that ask you to click on them to provide personally identifiable information (PII) such as social security or account numbers.
- Beware scam calls. Do not answer calls from unfamiliar or unknown caller IDs.
- Protect your passwords. If your credentials are stolen or compromised, change all of your passwords and never use the stolen password again.
- Use strong passwords. Choose complex, unique passwords for each account, and change your passwords every few months.
- Beware bank phone calls. Do not provide PII to anyone claiming to be a government official or bank representative. These entities will not call you and ask for this information.
- Don't transfer money from a personal account. Legitimate employers won't ask employees to transfer money in and out of personal accounts.
- How to become a cybersecurity pro: A cheat sheet (TechRepublic)
- Social engineering: A cheat sheet for business professionals (free PDF) (TechRepublic)
- Shadow IT policy (TechRepublic Premium)
- Online security 101: Tips for protecting your privacy from hackers and spies (ZDNet)
- Cybersecurity and cyberwar: More must-read coverage (TechRepublic on Flipboard)