fraud

Financial fraud email attacks are increasing year-on-year at 73 percent, with 44 percent of these representing sophisticated, targeted attacks such as wire, invoice, or vendor fraud, according to a new report from Armorblox.

The research has uncovered two vendor fraud attacks targeting approximately 4,000 inboxes each. In these the attackers used 'Look-alike Domain' attack techniques to bypass Microsoft Office 365 email security and impersonate trusted vendors with emails that looked like legitimate requests for payments.

A Freedom of Information request by identity verification company ID-Pal reveals that complaints to the Financial Ombudsman Service in the UK regarding identity fraud soared over the COVID-19 pandemic, finishing 2020 at 44 percent higher than 2019.

Even as the pandemic came to an end numbers in 2021 were still over 18 percent higher than pre-pandemic levels in 2019. Figures so far this year suggest that if identity fraud continues at the same pace, 2022 will see a 10 percent increase in complaints compared to 2021.

New research from identity verification company Socure looks at patterns surrounding how fraudsters construct synthetic identities to identify factors that may assist in identifying and thwarting this kind of crime.

The study shows that criminals employing synthetic identities do their best to blend them with the overall population. So in the majority of cases, synthetic identities fell into the most common demographics and consumer traits.

Online advertising is big business and it inevitably follows that where there's money to be made the fraudsters and cybercriminals won't be far behind.

We spoke to Jacob Loveless, CEO of eCommerce specialist Edgemesh, to find out more about why ad fraud has become such an issue and what businesses can do to combat it.

As large-scale incidents like the Colonial Pipeline ransomware attack and CAM4 data breach have been increasing, security professionals need to integrate tools that fight fraud into their cyber protection plans. Anti-fraud systems have been protecting cyber environments from account hijacking, identity theft, and fraudulent transactions for many years. However, few people know that there are different types of products with specific characteristics. 

As its name suggests, a fraud prevention system is meant to detect and prevent fraudulent activities. Financial institutions were the first to use these systems at the beginning of the 2010s, following large-scale attacks that targeted e-banking systems. Later, other sectors, including e-commerce, client loyalty systems, gaming services, contextual ad platforms, and insurance, implemented anti-fraud solutions too. Fraud prevention systems are pivotal whenever online transactions and trade take place.

A new study finds that £95 ($105) is lost to fraud every second in the UK. This is according to analysis by fraud prevention specialist Outseer of all the reported incidents of fraud to Action Fraud -- the UK's national reporting center for fraud and cybercrime -- between 1st July 2021 to 30th June 2022.

The data shows one case was reported to Action Fraud every 85 seconds and reported losses totalled over £3 billion ($3.31 billion) during the 12-month study period.

The payments ecosystem is increasingly dynamic and so too is the fraud landscape that threatens it. The UK is the second-largest country for online transactions in 2022; this is set to continue, despite ongoing global supply chain issues and inflationary pressure. At the same time, this increase in online transactions brings another problem: digital commerce fraud.  

Merchants need to have a detailed understanding of their payment profile to manage threats and balance risk. According to the Merchant Risk Council, the amount merchants spend to tackle online fraud increased five-fold between 2019 and 2021. In 2019, eCommerce merchants spent an average of 2 percent of their annual revenue on fraud prevention. By 2021, that share had grown to 10 percent. However, it’s a battle merchants are continuing to lose, especially in the UK. Additional data collected from Merchant Machine suggests that the UK has the highest number of fraud cases per 1,000 inhabitants (123), with €10,414 stolen by fraudsters for every 1,000 citizens. 

Revenue loss from bot-driven account fraud and web scraping continues to increase according to a new report, with 69 percent of companies that have a bot management solution report losing more than six percent of their revenue due to account fraud this year.

Account fraud includes account takeovers and new account fraud, where fraudsters create fake accounts to gain access to loyalty programs and take advantage of promotional discounts.

According to a new study 59 percent US and UK consumers are now more cautious about trusting others online thanks to having watched fraud documentaries.

The report from Onfido looks at the impact of popular shows like Inventing Anna and The Tinder Swindler and finds that 67 percent of consumers admit they have changed their outlook on fraud.

The discipline of fraud prevention has changed dramatically over the past five years and continues to evolve rapidly. Consequently, former truths about fraud prevention are increasingly becoming outdated myths. Legacy vendors propagate these myths to maintain relevance, but industry leaders understand the distinction and are moving forward. 

In this article, the common myth we’ll tackle is that a merchant should buy fraud insurance to cover everything -- this is typically touted in the market as a 'chargeback guarantee.' On the surface, the simplicity is appealing; the vendor is claiming to solve merchants’ fraud problems by taking liability for chargebacks, returns abuse, Item Not Received abuse, and potentially more. But the statement is very much a myth for, at the very least, five important reasons:

Digital identity is the new currency, and adversaries are chasing wealth. Research shows that 61 percent of data breaches are the result of compromised credentials. This is a common fraudster tactic, whereby using legitimate credentials allows them to avoid detection as they gather intelligence and stolen data that will allow them to undertake further fraudulent transactions.

Fundamental to the defense of systems is access control, but it has its limits. Attackers are continuously trying to circumnavigate these systems to access accounts, with login and payment flows frequently targeted. This is why many organizations have invested in anti-fraud technologies to detect and mitigate against such attacks.

When it comes to fraud, you can never be too careful. Especially when you hear about the brass neck of some criminal gangs that are increasingly adopting the persona of legitimate businesses to peddle stolen credit card details and other financial information.

Fraud-as-a-service (FaaS), as it’s known, has become an industry in itself, with criminals able to provide a one-stop-shop for scammers to rip-off customers and businesses. These organized fraud rings -- often manned by career professionals who know how to bypass rules-based systems -- are becoming increasingly sophisticated.

Although we tend to focus on frauds as a result of online account takeovers, more traditional social engineering methods are still a major problem, as are newer threats like deepfakes.

Voice technology company Pindrop is using this week's RSA Conference to launch new features that boost the level of intelligence that can be gained from voice analysis.

We're battling a swell of rogue apps, and companies and consumers alike are struggling to keep their heads above water as these applications quickly become the tool of choice for fraudsters. According to our recent fraud data, rogue apps now make up 39 percent of global fraud attacks, growing at a rate of 50 percent per quarter.

Rogue apps attempt to impersonate a brand's application with the intent of committing financial fraud. They have the ability to wreak havoc on consumers and organizations alike, with financial institutions being a particular target.

OK, so there may not be a pension scheme and a company car, but rookie fraudsters are taking home approximately $18,700 (£15,000) a month with 'cybercriminal CEOs' making up to three times as much as their counterparts in legitimate businesses. According to a new report from Arkose Labs.

The return on investment for launching cyber attacks or committing online fraud is larger than ever before. Some of the highest earning fraudsters are known to be making around $7.5 million (£6 million) a year according to even the most conservative estimates. This is almost three times the amount that FTSE 100 chief executives were paid in 2020, when they earned an average $3.4m (£2.7m).