Coronavirus triggers epidemic of cyber fraud

From complimentary face masks at the corner shop to trillion-dollar stimulus packages, the coronavirus pandemic has necessitated a rapid increase in expenditure at all levels of the global economy. But where money proliferates, so do efforts by criminals to siphon it off.

Since early last year, when the virus began its worldwide spread, there has been a growing volume of losses caused by increasingly sophisticated scams.

Analysis of billions of online transactions by cyber security company Trend Micro found that the start of the pandemic was marked by a significant rise in spam messages, malware attacks and phishing emails. Spam messages multiplied 220 times between February and March 2020, according to the company, while malicious URLs — links leading to malware downloads or scams — increased 260 per cent.

“Fraudsters have leveraged several aspects of the pandemic to trick victims,” says Adam Speakman, head of fraud and investigations at the UK’s Metro Bank.

Companies have paid for protective equipment and not received it, while individuals responding to texts supposedly offering vaccines or access to government loans have unwittingly revealed their bank details to criminals.

Anxious times

Ashley Hart, head of fraud at British bank TSB, says the current social climate can readily be exploited by scammers. “They are used to creating a false sense of emergency,” he says. “These days, people are more likely to be panicked and act irrationally.”

Banks have had to expand their fraud and investigations units accordingly. Hart says his team, which numbers in the hundreds, has grown by 10 to 15 per cent since the start of the pandemic.

Fraudsters use a high level of trust so the victim does not do their due diligence

Efforts to raise customer awareness — by prefacing online banking sessions with warnings about fraud, for example — have gone hand in hand with increased corporate awareness.

“Fraud losses used to be viewed as operational costs a few years ago,” recalls Mark Cordy, a partner in the forensic technology team at professional services firm KPMG. “Now, for all the high street bans a board-level issue.”

According to the industry body UK Finance, British banks paid out £147m in 2020 reimbursing losses caused by “authorised” scams, where customers unwittingly make payments from their accounts to criminals. But roughly double that amount was lost overall to this type of fraud.

Payment comparison site Merchantsavvy estimates that last year’s global losses from payment fraud, where criminals steal someone’s money, personal property, or sensitive information, stood at $32.4bn.

However, in a report published in August 2020, Interpol, the global police body, said the pandemic’s effect on cyber crime had been to cause “a significant target shift from individuals and small businesses to major corporations, governments and critical infrastructure”.

Organisations ranging from Honda to Microsoft and the European Banking Authority are among recent high-profile victims. “It’s not just customers. It’s businesses,” says Speakman. “It’s government departments, too.”

Emerging threats

One area where banks are fighting back is credit card fraud. Safeguards such as two-factor authentication — where a customer must respond to a text sent by the bank to their mobile phone before a transaction can go through — are reducing instances where criminals can access accounts.

In response, fraudsters have moved towards so-called social engineering fraud, a category of scam where the victim willingly makes a purchase, believing it is legitimate.

Greg Ruppert, financial crime detection vice-president at Wall Street regulator Finra, says an increasingly common ploy in the US involves emails purportedly from friends or employers. These ask victims to buy gift cards for friends or colleagues and promise to pay them back later, or claim that the supposed sender is in financial difficulty and needs a wire transfer.

“Fraudsters use a high level of trust so the victim does not do their due diligence,” Ruppert says. The smaller number of face-to-face interactions and higher volume of online purchasing during the pandemic have made this kind of fraud more viable, he adds.

Besides awareness campaigns and two-factor authentication, banks have developed complex algorithms, sometimes based on machine learning and AI, to sift transactions and spot anomalies. In the UK, the banking industry stopped £1.6bn of attempted fraud losses in 2020, according to UK Finance, or £6.73 of every £10 targeted by scammers.

After social engineering, Hart sees investor fraud as the next growth area, as people with savings accumulated — or depleted — during lockdown look for deals. “I think we will see an increase in investment scams as people build up excess liquidity or face job insecurity,” he says. “Pandemic-related fraud will plummet and fraudsters will adapt.”

Their activities are likely to take the form of fake adverts on social media sites and sophisticated replicas of legitimate investment platforms. Hart advises investors to do their due diligence, scan regulatory sites for common scams, and check website addresses carefully.

He also suggests the age-old common sense test for alluring deals. “If it’s too good to be true, it probably is,” he says.