Feedzai has announced its Quarterly Financial Crime Report, an analysis of over 12 billion global banking transactions from January – March 2021. The report identifies trends in spending and in fraud attempts to show that this past quarter, as consumer activities increased, fraudsters attempted to hide their fraudulent transactions in legitimate banking. In fact, combining all banking fraud – internet, telephone, and branch – attacks grew a whopping 159% in Q1 2021 compared to Q4 2020.
Online banking made up 96% of all banking transactions and it accounted for 93% of all fraud attempts in Q1 2021. This leaves in-branch and telephone banking to make up the remaining 4%. And while the numbers are smaller, in-branch banking did increase by 442% this quarter compared with the last as a result of eased lockdown restrictions as businesses begin to open for trade. In addition, telephone scammers upped their efforts and the report shows a 728% increase in telephone banking fraud.
John Bambenek, Threat Intelligence Advisor at Netenrich, a San Jose, Calif.-based Resolution Intelligence provider, says, "In the last year, governments have engaged in a variety of “free money” type policies (unemployment, consumer stimulus, payroll protection loans, etc.) that, while necessary, created a target-rich environment for criminals to steal money. We may never know to the true scope of unemployment fraud, for instance. Whenever there is more money in the system, criminals will try to exploit. Combined with the fast-changing nature of our early pandemic response and now return to normalcy, it’s hard for behavioral models to determine what is fraud and what is simply changing user behavior. Quite simply, fraud models work when user behavior stays constant and society has been upheaved by the pandemic and fast return to normalcy.
Bambenek adds, "Fraud and cybersecurity teams always need to be mindful of how changes in the world around them can increase risk and how changes in society may impact how we go about detecting malicious behavior."
While many shoppers choose to make purchases from the comfort of their mobile phones, the report also found that Android users are more likely to experience fraud. Of the total volume of fraudulent transactions, 34% were conducted on iOS, and nearly double (66%) were attributed to Android. Despite a disproportionately higher total transaction volume on iOS, Android devices still made up for two thirds of fraud attempts. The report notes that two possible causes for this are Android’s open approach to support third-party app stores, which is more conducive for mobile malware, along with Apple’s penchant for controlling apps on the App store.
Hank Schless, Senior Manager, Security Solutions at Lookout, a San Francisco, Calif.-based provider of mobile security solutions, explains, "Threat actors will always take advantage of uncertain or unstable societal situations to increase the success of their attacks. The pandemic provided the perfect opportunity, and even as people transition back to normal life, there is uncertainty about issues like vaccination access and continued government financial support. Lookout data shows that, globally across all industries, almost 45% of consumers were exposed to a phishing link on their mobile device. Lookout data also shows that over 20% of consumer banking customers encountered a banking trojan on their mobile device. Attackers will frequently use phishing links as a vehicle to deliver malware that can live on the device for a longer period of time and continuously exfiltrate data from the device."
Lookout data shows that, in the first quarter of 2021, 23% of financial services employees were exposed to a mobile phishing attempt, Schless says. "This is almost the same as the first quarter of 2020 when the exposure rate was 26%. This shows that threat actors are taking advantage of the tail end of the pandemic in the same way they took advantage of the uncertainty at the start of it."
Joseph Carson, chief security scientist and Advisory CISO at ThycoticCentrify, a Washington D.C. based provider of cloud identity security solutions, says, "Make sure passwords are not your only security control. One way criminals will steal your identity is by taking over your accounts and do not make it easy for them. Use strong access controls to protect your most important accounts using a password manager and multi factor authentication. Also, limit what personal information you make available on the public internet, the more details you make available the easier it is for criminals to reuse and duplicate your identity. Finally, audit your logs for potential unauthorized access to your accounts.
Hitesh Sheth, President and CEO at Vectra, a San Jose, Calif.-based AI cybersecurity company, agrees. Sheth adds, "It is important to change your passwords regularly and don’t use the same password for multiple financial accounts. Also, read your monthly credit card statements – it’s amazing how many people don’t – and flag purchases you don’t recognize. Most banks make it easy nowadays to dispute a sketchy charge to your card."
Fraud by Numbers – Top 5 Banking Scams
- Account Takeover (ATO) (42%) – Fraudsters gain access to account credentials and take over the account, which often includes changing the password and address.
- Account Opening Identity Theft (23%) – Fraudsters open accounts using stolen identities. Victims often become aware of this type of scam when debt collectors come calling.
- Impersonation Scams (21%) – Fraudsters pretend to be a government official or some type of authority figure to gain access to an account or trick victims.
- Purchase Scams (15%) – In purchase scams, buyers pay for items online that never arrive.
- Phishing (7%) – Typically, scammers use emails that trick account holders into revealing personal information.
Michael Isbitski, Technical Evangelist at Salt Security, a Palo Alto, Calif.-based provider of API security, suggests, "Stick to banks that invest in good fraud detection and prevention services. All banks are required by law under the Fair Credit Billing Act to protect consumers in the event of fraudulent transactions. You aren’t responsible for transactions that are deemed fraudulent. However, you must be diligent about monitoring your own credit. It is very helpful if the bank you choose to do business with also has your back and invests more in proactive fraud detection and prevention.
Isbitski adds, "If a fraudster attempts or succeeds in compromising identity or a credit card information, don’t fault yourself or get overwhelmed with guilt. At some point, every citizen and customer is targeted. Fraudsters are pervasive, persistent, cunning and often well-funded. They will use a large variety of attack methods to obtain and use information for financial gain. There are many services available to you including those provided by the US government, credit bureaus and banks themselves.
Fraud by Region
U.S. consumers are beginning to spend more money in other countries and other states, indicating an increase in travel as pandemic restrictions loosened. Combining the lift in travel with the trend in online attacks may shed light on why fraud hit some states harder than others, with a mix of top travel destinations and the locations of large e-commerce headquarters on the list.
The top five states with the highest rates of fraud were:
- California
- Florida
- Washington
- Arkansas
- New York
Meanwhile, in the UK, the counties that experienced the most fraud were:
- Berkshire
- Warwickshire
- Buckinghamshire
- Nottinghamshire
- Derbyshire
Access Feedzai’s Quarterly Financial Crime Report to learn more about the latest fraud and consumer trends.