There was an 87% increase in social engineering scams during the first quarter of 2021 compared to Q1 2020, according to Ayelet Biger-Levin from BioCatch. In an article for The Paypers, Biger-Levin explains that three-quarters of successful scams involved the attacker using information about the victim in order to lend credibility to the scheme.
“In the financial industry, there are two main types of social engineering attacks: harvesting online banking credentials and/or personal information and real-time scams such as authorised payment scams or remote access tool (RAT) scams,” Biger-Levin writes. “The second type of scam requires little technological sophistication, but scammers do need to prove to victims that they are ‘legit’ so they often spend time harvesting information and learning about their victim prior to committing a crime. In fact, 75% of victims claim that a scammer already had their personal information when coercing them into defrauding themselves, according to a report by the US Federal Trade Commission.”
Biger-Levin notes that a social engineering scam can bypass many technical defenses since it involves tricking a human.
“These scams are difficult to detect since the cybercriminal does not interact directly with the banking platform and instead convinces the victim to execute an authorised payment themselves,” she writes. “Standard fraud detection tools are unlikely to detect these scams since the device is a user’s trusted device, the network connection matches with the user profile, and any step-up authentication check would also be passed as the victim directly receives the OTP code.”
Biger-Levin adds that voice phishing (vishing) also increased last year.
“Due to global lockdowns, isolation of social distancing, and increased use of digital banking from the pandemic, most types of fraud hit record levels last year,” Biger-Levin says. “Specifically, social engineering was a favourite go-to method for cybercriminals. According to BioCatch data, one in four confirmed cases of account takeover last year involved some form of social engineering voice scam, such as authorised push payment (APP) fraud.”
New-school security awareness training can give your organization an essential layer of defense by teaching your employees how to recognize social engineering attacks.
The Paypers has the story.