Successful fraudsters pride themselves on staying ahead of the game, using innovative technology developments, and deploying multi-layered attacks to bypass security defenses. Their methods are increasingly sophisticated, and they are using targeted combinations of human-driven and automated fraud to maximize returns. The Covid-19 pandemic has led to erratic customer behavior and a sharp uptick in online activity, making fraud ever more difficult to detect.
It’s not just consumer identities that are being abused. One of the trends we are currently seeing is the takeover of legitimate businesses. Fraudsters steal huge quantities of data to create detailed identities using company logos, real names and addresses to appear legitimate. These often bypass automated detection and drive up fraud or increase manual review rates, putting a strain on in-house fraud departments.
Fraudsters are increasingly taking a ‘low and slow’ approach, profiting from multiple small transactions over a long period of time. This is highly effective as it raises very few red flags, and it isn’t unless something blows the cover that it gets referred for review. Profit from each attack is low but racks up quickly over tens of thousands of small transactions. The sheer volume of attacks overwhelms fraud teams and even where fraud patterns are detected, fraudsters will bide their time, waiting a week or so to try again before moving on to their next victim.
With billions of dollars of government relief checks flowing into banks last week, several major institutions dealt with crashed servers. This had unexpected advantages for attackers, as account takeover attempts increased by 100% during this period. Banks and credit unions who managed to maintain service were overwhelmed by attacks as fraudsters piled on.
The pandemic has bred fraud innovation, using surprising platforms for malicious purposes. A prime example of this is the use of charity donation platforms to test stolen credit cards. Once fraudsters identify working cards they use them for much larger attacks on other platforms.
With the massive increase in online traffic, there has also been a spike in attacks on learning and development platforms. The platforms provide infrastructure and hardware that fraudsters are using for operations including spam, bitcoin mining, and running automated attacks on other sites.
Cybercrime rings are less vertically integrated, taking advantage of the global ecosystem. Automated attacks launched in Russia can be supported by a sweatshop in the Philippines. Fraudsters have instant access to digital toolkits and are communicating through platforms such as Slack to share tips, meaning even beginners can see a high ROI. Fraudsters have kept ahead of the game, leaving businesses playing whack-a-mole as they fight fraud on the fly.
Fraudsters are experienced, sophisticated collaborators. To effectively combat this, businesses will benefit from sharing information across sectors, and communicating with the competition to fight a common enemy.
Covid-19 will drive more fraud than any other single event in our lifetimes. Criminals are targeting groups who haven’t previously used the digital ecosystem, such as the elderly and very young. Our panelists stressed the importance of empowering customers with targeted messaging about how to protect themselves online. Engaging with consumers in this way will protect customer relationships and safeguard businesses for a post-COVID future.
Please find a 1-page LISTICLE summarizing the top 5 insights from the panel Surprise, Surprise: Tales of Fraudsters' Ingenuity here.
NEXT UP: Join us for our next virtual panel “COVID-19: Fraud & Abuse Trends', where we'll have guests from Roblox, SoFi, Chime, Merchant Risk Council, and Arkose Labs to discuss the effect of the Coronavirus crisis on fraud & transaction patterns and how businesses are responding. Register here for our series to collaborate fearlessly!