Fraudsters Exploiting COVID-19: Protect Yourself
Bad actors are taking advantage of the upheaval caused by the coronavirus to commit fraud. Learn how to protect yourself and your business.
The coronavirus is on everyone’s minds these days – as employees are urged to work from home, schools and universities are moving to online formats, and public gatherings are canceled by government order – we are all trying to cope with unfamiliar situations while maintaining our health, routines, and habits as best we can.
In a time of upheaval, our patterns change. People are purchasing more, as ‘panic-buying’ leads to stockpiling of supplies. Customers that have been regular brick and mortar shoppers are also moving to online shopping, to overcome current directives to self-quarantine.
These changes – as mercenary as it seems – create situations that can be exploited for fraud. Fraudsters can capitalize on these changes in buyer behavior in a number of ways. Security teams should be on the lookout for increases within the banking and Ecommerce industries and monitor an uptick in the following types of fraud:
People may begin to see requests for assistance and donations for people affected by the coronavirus appear on their social media. While some of these may be legitimate, others are the work of fraudsters. Some scammers may go after cash donations, to a fraudulent GoFundMe account, for example. Others may follow the pattern of the Romance Scam – where a fraudster exchanges emails or messages with an individual with the intent of stealing personal information, credit card numbers, or having products purchased by the victim and delivered to the scammer, who then disappears.
Bad actors have already begun to exploit fears about COVID-19, sending emails that promise to provide information or advice on preventing the disease. In reality, email links provide access to your computer or device, allowing fraudsters to install malware and collect sensitive information that can be sold on the dark web, or used to carry out identity theft.
The UK’s National Cyber Security Centre issued a warning to UK citizens regarding recent phishing attacks that promise information or updates about COVID-19 to lure unsuspecting victims to download malware or ransomware.
There are two industries that are particularly susceptible to fraud at this time: banking and eCommerce.
Banks and financial institutions have been encouraged by the FDIC to help alleviate the financial pressures that the current situation has placed on individuals and companies. This could include granting emergency loans and forbearance for regularly scheduled payments, as well as the temporary alleviation of late fees and penalties so that individuals can access necessary funds during the crisis.
However, this creates conditions ideal for fraud. An increase in the volume of loan applications makes it easier to commit identity fraud; distracted individuals may not be keeping a close eye on their accounts, making account takeover (ATO) easier to perpetrate; and a staff that is working under the pressure of higher volume and demands for quick turnaround may miss signs of fraud, or be unable to complete manual review of applications and accounts.
Similarly, Ecommerce businesses are susceptible to fraud due to the high volume of orders and a lack of scalability in fraud review processes. Fraudsters can turn this to their advantage, using the current chaos to camouflage behaviors that would be flagged as fraudulent in calmer times. Order review and chargeback review processes may be considered less critical than order fulfillment, allowing fraud to pass unnoticed.
To protect your company, and your customers, it is critical to have an advanced fraud process in place. Ideally, features that would help prevent fraud include:
Automation: reducing manual review in fraud prevention is key, particularly in times of upheaval where resources must be channeled to objectives other than fraud prevention.
Behavioral modeling / AI: the behaviors that are prevalent in our current environment – increased online activity, stockpiling non-perishable goods, requests for emergency loans, etc. – can be integrated with an AI/ML solution. Adjusting the analytic algorithm to account for changed behaviors allows a fraud solution to adjust to these changes while still flagging anomalous behaviors that indicate fraud.
Scalability: manual reviews are unsustainable in times of high volume or rapid expansion. An organization needs a fraud prevention strategy that is scalable, so that fraud prevention can continue even during unexpected changes in the business environment.
It is critical at all times, but particularly during a time of crisis, that steps are taken to protect your customers, your business, and your revenues from fraud. If fraud is affecting your business, feel free to contact us. We’d be happy to offer guidance or assistance through this difficult time.