Surpassing credit card fraud in the U.K., scamming victims into sending money to a fraudulent bank account has taken the lead spot in fraud scams that could cost U.K. residents more than £700 Million in 2021.
Authorized push payment (APP) scams (also known as bank transfer scams) involve tricking the victim into knowingly or unwittingly transferring money from their bank account to one controlled by a scammer. A perfect example is when a scammer pretends to be from your bank’s fraud team and warns that you need to move your money to a safe account but it’s actually a threat actor-controlled account. You provide the necessary verifications (which are then used by the scammer to perform the transfer) and POOF! The money is gone.
According to the 2021 Half Year Fraud Update report from U.K. Finance, no other fraud scam has grown in the last year like APP scams in the U.K. The first half of both 2019 and 2020 saw around the same amount of losses – around £207 Million. But the jump in the first half of 2021 to £355 Million is massive; in part, due to the 60% rise in the number of cases. And with only about a 7% increase in the percentage of funds recovered from H1 2020 to H1 2021, it means that the cybercriminals are winning.
The Fraud Update report also noted that 70% of these scams started on some online platform, making it necessary for users within organization with access to corporate finances should follow the simple process of Stop, Challenge, Protect. From the report:
- Stop: Taking a moment to stop and think before parting with your money or information could keep you safe.
- Challenge: Could it be fake? It’s ok to reject, refuse or ignore any requests. Only criminals will try to rush or panic you.
- Protect: Contact your bank immediately if you think you’ve fallen for a scam and report it to Action Fraud.
The success of these steps comes from a constant state of vigilance within an employee’s mindset when interacting with the web and email. Security Awareness Training is an effective vehicle by which to shift an employee’s thinking from one of taking web and email content at face value (to the betterment of the fraudster) to one of suspicion and scrutiny – which results in a higher degree of Stop, Challenge, Protect.