Creatures of habit - Humans and Fraudsters alike

Blog | 24 Aug 2021

Habits of a lifetime were changed over the past 18 months whether it was working remotely, limited contact and travel restrictions, and the list goes on. Communication across all realms moved online during the pandemic which created a perfect storm for cybercriminals to up their game and deploy much more sophisticated and targeted attacks.  

However, despite the advances in technology, humans remain the weakest link in the chain whether it be in the analogue or digital world. They are complex creatures of habit with a web of connections and relationships. Decisions are often based on psychological factors which is why upgrading systems and processes for machines are only one part of the equation in preventing malicious attacks.   

Advanced technology also needs to be deployed to gain a much deeper understanding of human’s past, current and future behavior to detect and block threats in real-time. In other words, financial institutions must apply the same attention, resources and innovation to safeguarding humans as they do to the entire organization.  

Fear may have been one reason why there was a brief respite in activity last year. The economy and consumer spending stalled during lockdown. Even so, fraud cases in the UK were still over 300,000 or one case every two minutes, according to the latest report from Cifas (the UK based, not-for-profit fraud membership association). Now that the growth engine is reviving, overall fraud cases are on the rise, with the first six months of 2021 showing an 11% spike in identity attacks reported to the National Fraud Intelligence Bureau (NFIB) compared to the same period of 2020.  

Playing on people’s expectations  

The same pattern was seen in the aftermath of the 2008 financial crisis when organizations in the UK recorded a 32% hike in identity fraud the following year when growth rebounded, and individuals were more optimistic.  The difference this time though is that more activity is taking place through digital channels and fraudsters often use emails, texts, as well as phone calls to extract valuable information and gain access to accounts, data, financial information, and networks.  

This explains the findings of a separate study by click fraud prevention experts, PPC Shield, which found that malicious hacking, fraudulent use of social media accounts and email scams are the most common form of cybercrime so far this year – accounting for 43% of all reported incidents since 1st January. Also, in the high-ranking categories are reports of malware/viruses, personal hacking and extortion.  

Anyone can fall for it 

There are many variations of social engineering attacks but one of the most common is phishing which employs fear and urgency to scare the individual. The internet may be cut off in 24 or 48 hours, a Royal Mail package is waiting and needs payment or there were inconsistencies in the accounts, and it needs to be fixed immediately. Pretexting, another common ploy, uses the reverse tactic and relies on building a false sense of trust with the victim. The attacker has probably gathered enough information such as full name, contact address, email and phone number, to create a credible story and claim a payment might not have gone through. 

Individuals can also be caught by baiters, which as the name suggests, involves being lured into a highly attractive offer such as free music or movie downloads, for example, to trick users into handing over their login credentials. Unsolicited “Amazon” offers are among the favorite tricks with an email asking for updated payment details. Hand in hand with baiting is quid pro quo which offers a free service such as concert tickets, a T-shirt, or early access to a popular game in exchange for login credentials, account details, passwords, and other important information. 

It is easy to fall prey to these attackers but there is a misconception that it is typically the older generation who are the most vulnerable. Studies show that in fact this is not the case, and their younger counterparts can be just as susceptible. Fear and greed, two of the most common emotions exploited by criminals, can be discovered across the age spectrum. This is why no one should be surprised that a Cifas report saw a large proportion of identity fraud victims between the ages of 31 and 40 years, as well as over 50.  The same is true with data compiled from the NFIB which in fact revealed that those tech-savvy under 40s reported the most incidents overall this year.  

Understanding powered by AI 

While individuals will always be among the weakest links, so too are the manual processes and outdated procedures many companies still operate with. Technology is one solution, but organizations also need to adopt a much more holistic attitude to risk. They should look at their customers with a 360-degree lens. It is not just about their overall interactions but also the behaviors driving them. Artificial intelligence and machine learning along with third party data can be leveraged to better identify patterns and build stronger defenses that stop criminals in their tracks.