COVID-19 Frauds, Scams and Hacks: How fraudsters are surfing the ‘fear-wave’ to attack online commerce and customers
20 April 2020
The disruption and uncertainty of the COVID-19 pandemic has given rise to an unprecedented number of frauds and cyber scams around the world targeting acquirers, banks, merchants and individuals alike. We all are struggling to adapt to the stringency of new regulations imposed on social and commercial life, and finding solutions often involves being online more often and for longer.
The unpredictability of the near future in terms of political, economic and societal landscapes has provided cybercriminals with a golden opportunity to prey on people’s fears as a door into their data and their lives. We asked our team to help us understand the current landscape so we could help the community to identify potential fraud types, modus operandi and attack vectors. We hope this helps all of us to decrease the chances for fraudsters to inflict harm on both the businesses and the public.
Breaking News: Fraud and data hacking is skyrocketing
Despite specialised cyber police forces and government data agencies worldwide warning persistently about fraudulent claims and scams, it is still easy to fall victim to professional fraudsters and data hackers in such moments. Even though the numbers were not alarming at the end of March (USD$ 600 per incident that added up to USD$ 6 million in total as The Washington Post reported), the total claims reported to the FCA in the first two weeks of April is 10 times more than the average weekly claims compared to the first three months of the year. Although the ratio of reported fraud from consumers to actual fraud is as low as 3%, 62% of all claims recorded this year were reported in the first two weeks of April and the trend can further be detected by the 268% increase in the total losses within this period. The Washington Post reported that the total losses equalled to only $5 million dollars in the US at the end of March and in just two weeks that amount increased to USD$ 13.4 million. It is important to recognise that reported figures are usually less than 10-20% of real incidents in the market. Therefore this rise, in only one major market, amounts potentially to USD$ 150 million. This in a period when online purchase fraud is increasing by double digit percentage per year since 2017. In the UK, for example, the rate of CNP (Card-not-present) fraud grew 47% according to UK Finance ‘Fraud The Facts 2019’ report.
As fraudulent activity rapidly increases during the COVID-19 era, non-essential transactions decrease, and this allows for fraudsters to inflict greater damage on organisations and individuals. In an effort to combat cybercriminals, Amazon (who owns the 15% share of global e-commerce market) and other major corporations started applying vigorous new rules and monitoring procedures to battle scammers who abuse their platforms. The Wall Street Journal indicates that the main problem of such platforms arises from opportunistic sellers taking advantage of anxious consumers through promoting fake goods or selling at beyond reasonable prices such as; USD$ 400 for hand sanitisers, £15,000 worth of face masks that were never delivered, falsely labelled protective gear, fake anti-coronavirus toothpaste and fake home tests. Similarly, The New York Times urged people not to fall for ‘miracle cures’ that are published on social media sites.
“Fraudsters are in marketplaces with a promise to sell face masks and what’s worse is then doctors who are in short supply of protective gear due to the current pandemic try to buy masks for themselves or for hospitals and then they become victims of fraud,” said our Co-Founder and CTO Sergey Velts. “Fraud happens at all stages: Fraudsters devise fake suppliers, then merchants cannot deliver and in return customers ask for chargebacks. On the other hand, there are positive but strange examples of responsible behaviour of criminals, one hacker group running ransomware declared that they won’t attack hospitals during the pandemic and if a hospital is attacked (hard drives encrypted) by mistake they will help to decipher. Although particular moral behaviour exhibited by certain criminals is perplexing, it is not to be depended upon.”
This period also is going to be painful for any business that has let down its guard during the COVID-19 disruption. Already hackers have attacked Zoom accounts and raided millions of identities on other platforms. The UK’s National Cyber Security Centre(NCSC)noted that rapidly deployed or public access remote networks without proper installation are a choice target of hackers during the COVID-19 period. The threat to businesses is likewise on the rise. Cybersecurity Ventures in their ‘2019 Official Annual Cybercrime Report’ stated that cybercrime will cost the world in excess of USD$ 6 trillion annually by 2021, up from USD$ 3 trillion in 2015. Further, costs due to ransomware damage is expected to outgrow the illegal drug trade and reach USD$ 20 billion growing more than 57 times from 2015 to 2021 according to the report. The attacks are identified to be targeting the risks imposed by remote working infrastructure reveals a joint advisory issued by the United States Department of Homeland Security (DHS), the NCSC UK and Cybersecurity and Infrastructure Security Agency (CISA).
Fraud and Scam Types
The first step to combatting fraudulent schemes, is to be able to identify them. In their ‘Global Banking Fraud Survey’, KPMG presented the most common types of scams and frauds under the following categories:
<Smishing> scams where criminals send out text messages that mimic trusted organisations such as the WHO or HM Government, in an effort to gain access to personal information or scam people to donate money.
<Spoofing> scams which allow criminals to demonstrate their communications next to or within original messages previously received by trusted organisations.
<Phishing> scams that put urgency on the front line as they attempt to trick people into opening malicious attachments or links that grant criminals access to the victims banking details, personal information, passwords and login details.
<Spear-phishing or Whaling> that impersonates members of the C-suite or company suppliers to get access to confidential data and/or to financially scam businesses and their employees.
<Online Shopping Scams> where people purchase products that are deceitfully promoted to be of a protective nature against the virus that never get delivered to them.
“People started to make more online payments and the cost of online fraud such as stolen data is increasing fast. It is essential to keep good ‘online payment hygiene’ now more than ever by:
Creating separate cards (virtual or others) to use for online payments only
Putting a low spending limit on specific cards relative to your spending on them
Not mentioning or writing about your cards to anyone
Getting and using separate cards with a strong spending limit for each person in your household
Always reading reviews before making a purchase
Only spending in verified stores
If using your mobile for spending especially with cards that are saved – be aware of how the authentication (identity check) is processed – anything out of the usual, make enquiries
Checking the URL of the payment form that is presented so that it is clearly connected to your merchant
These precautions can protect you and your family from falling victim to frauds and scams.”
While threat levels increase on many fronts, the economic crisis escalates everyday in the face of the current pandemic. In the context of the current changing landscape, where fraudsters effectively find new ways to steal, organisations need to be extremely cautious and prioritise fraud prevention and financial crime management within their digital strategies. Private and payment data will be the ‘holy grail’ of hackers as on your business servers. Falling victim to fraudulent payments and scams could bring additional costs and financial losses that would threaten the sustainability of any business.
In order to minimise risk:
Effective communication is key. Increase merchant-client communications and warn your customers on the forms of social engineering adopted by cybercriminals.
Adopt a proactive approach to train employees. While cybercriminals do adopt sophisticated techniques that target flaws in the system, more than 80% of successful data breaches derive from human error (see the report by Cybersecurity Ventures). Therefore, training employees on how to recognise and identify fraud should be an integral part of an organisations security protocol.
Embrace a holistic approach. Envision not only the onboarding stage of a customer but their entire lifecycle and continuously authenticate using real-time monitoring.
Visit our website to learn more about how Cybertonica can protect your business your customers and your personal devices from hackers and fraudsters during COVID-19.
Cybertonica uses Machine Learning and Artificial Intelligence to manage risk and fraud, increasing trust and growing frictionless banking and m/e-payments globally. Cybertonica’s service increases conversion and sales by up to 25% while managing card-not-present and other categories of fraud at world-class compliant standards.
Cybertonica has won numerous distinctions and awards since its product came to market, including the “Best Use of Payments Data Award” at Emerging Payments Awards 2018 and the “Best Data Analytics and Science Award” at Merchant Payments Ecosystem Awards 2018. Visit cybertonica.com to join us and build the future of Trust in Transaction™.