In 2020, every second fraudulent transaction in the financial industry was an account breach, as a “Kaspersky Fraud Prevention” research reveals.
According to statistics from anonymous sources on events identified by “Kaspersky Fraud Prevention” from January to December 2020, the proportion of these incidents increased from 34% in 2019 to 54% in 2020. Two tricks for accessing banking accounts —the “rescuer” and the “investor”— remain among the most common from 2019 onwards.
The importance of digital financial services and e-commerce increased in 2020, with people spending more time at home as a result of the pandemic. Kaspersky experts say this has led to even greater use of social engineering techniques by cyber criminals. That is why it is so important for both financial institutions and their customers to be aware of typical malicious systems and to be able to protect themselves.
In addition to increasing successful account breaches, in 12% of fraud incidents, legitimate remote management (RAT) tools, such as “TeamViewer”, were misused in an attempt to gain access to user accounts.
The “Kaspersky Fraud Prevention” team found that there were two common types of approach used by attackers to gain access to accounts; both as a follow-up to similar trends seen in 2019.
In the first tactic, scammers disguise themselves as “the rescuer” by pretending to be security experts trying to “save” users; they call bank customers pretending to be security officers and report suspicious charges or payments and offer their help; the “rescuer” may ask customers to verify their identity via a code sent in a text message or “push-notification” to stop a suspicious transaction; or transfer money to a “secure account”. They can also ask a victim to install an application for remote management, pretending to be required for troubleshooting. Scammers often present themselves as employees of the largest bank in the area of the potential victim and use a forged ID for incoming calls to look like a real bank.
The second example is where cyber criminals act as “the investor”. This scenario involves fraudsters pretending to be employees of an investment company, or investment advisers from a bank. They invite customers to offer them a quick way to make money by investing in cryptocurrency, or shares directly from the customer’s account, without having to visit a bank branch. As a condition for the provision of the “investment service”, the “investor” asks the prospective victim for the code he received in a text message, or “push notification”.
“Bank customers are particularly concerned about the ease of access to their accounts and the execution of key financial actions. And now this has become particularly important. That is why we believe that solutions for the financial industry should provide a high level of security measures —including fraud protection— that are seamlessly integrated into the user experience. And of course, it’s worth regularly reminding customers of fraudulent techniques so that they can see if something looks suspicious,’
explains Claire Hatcher, Head of Business Development of “Kaspersky Fraud Prevention”.
(Συνολικές Επισκέψεις: / Total Visits: 14)
(Σημερινές Επισκέψεις: / Today's Visits: 1)