Check out all the on-demand sessions from the Intelligent Security Summit here.
A widespread recession, while not a certainty, seems increasingly likely in the years ahead. A recent Hanover Research survey showed that 85% of financial leaders are planning for an impending recession. Furthermore, one Morgan Stanley strategist says that a recession is already underway in the world’s major economies.
In short, tough financial times are ahead.
History shows that incidents of fraud increase during times of recession and financial shock. The data supports this: During the global financial crisis, the Association of Certified Fraud Examiners (ACFE) conducted a survey of fraud experts. More than 55% said that fraud levels increased during the crisis.
The same happened during the first year of the Covid-19 pandemic. UK Fraud found that some types of financial fraud almost doubled in 2020. Impersonation scams, involving fraudsters posing as “trusted organizations” were a particular problem.
Intelligent Security Summit On-Demand
Learn the critical role of AI & ML in cybersecurity and industry specific case studies. Watch on-demand sessions today.
With a recession almost certainly on the horizon, there’s little doubt that criminals are already hard at work planning ways to exploit widespread financial fear. Some people are inherently more vulnerable to their scams, especially those designed to prey on hope and desperation.
So, what can companies do to protect their vulnerable customers and wider society? Do technology and intelligent use of data provide the answers?
To find out, let’s first let’s look at how fraudsters set out to exploit the vulnerable in times of crisis.
How do fraudsters target the vulnerable?
As mentioned above, impersonation scams were a particular trend during the pandemic. For example:
- Fraudsters posed as health authorities organizing vaccines, “phishing” for personal data and payment details.
- Scammers impersonated government departments, particularly those involved in issuing financial pandemic support to individuals and businesses.
The key theme here is scams that target vulnerability. People were anxious to arrange their vaccines. Businesses were eager to obtain funding that they needed to protect them and ensure that their staff was paid. Individuals were — quite naturally — vulnerable to hurriedly acting on emails and text messages that promised to address the problems they faced.
Businesses already recognize the likelihood of similar scams during times of recession. Experian recently offered advice on fraud trends to watch during a recession. The organization specifically highlighted scams that target the vulnerable and those struggling financially.
For example, those short of money are easily enticed by discounts, offers, and refunds. They’ll show interest in anything that suggests they can quickly earn extra money or make a big return on small investments. People let their guards down in times of desperation — and during a recession, there’s plenty of desperation to exploit.
Fraudsters need do nothing more than turn to their usual favorite methods, such as social engineering, fake job frauds, phishing, mass marketing scams, account takeovers (and more). The financial climate simply gifts them an extra edge of desperation to take advantage of.
What can companies do about this?
How to protect the vulnerable from fraud
Companies need to take a two-pronged approach.
First, they need to empower customers with the information they need to identify and avoid scams wherever possible.
Second, they need to implement systems to detect identity scams, credit card fraud and the various other exploits that can occur once criminals have broken through the human defenses of their victims. This is where technology and data can serve as an additional line of defense.
Let’s look at each part in turn.
The majority of successful scams rely on the exploitation of human error and naivety. Worryingly, people are more likely to make errors of judgment during times of stress — and a recession is a major time of stress for many.
An AARP National Fraud Frontiers report revealed that “specific environmental and emotional factors” can make people more susceptible to fraud. Those include going through stressful life events and having limited social and family support.
With this in mind, organizations can target advice to the particularly vulnerable. For example, those with high or growing levels of personal debt would benefit not just from financial assistance, but from advice to protect them from scams.
Virgin Media’s Fraud Fighting Tips guide is a good example of customer communication that can alert people to the kind of scams they may encounter. Every customer that doesn’t click a link, respond to a text or reveal details following a fraudster’s phone call reduces the total number of successful scams.
Technology and data
Unfortunately, even with perfectly pitched communication and customer education schemes, scammers will still succeed in extracting plenty of personal details and credit card numbers from their vulnerable victims. New methods emerge constantly, with criminals continually finding different social networks and digital channels to target.
That means that businesses must bolster their technical defenses to increase their chances of catching criminals in the act. It is here that AI, data enrichment and other technical solutions can pay dividends.
Below are a few examples.
Data and device fingerprinting
Device fingerprinting collates a wide range of data that’s readily available when somebody connects to a website. Among other things, this includes browser configuration, operating system, installed plugins, TCP/IP details, time zone and screen size.
Analysis of this fingerprint can help a company identify when a fraudster attempts to log on to a victim’s account, even if they’re in possession of a password or other details obtained through phishing or other means. If the fingerprint doesn’t match one usually seen from the genuine user, systems can flag the user for manual checks or additional authentication.
Data enrichment takes a simple data point, such as a phone number or email address, and cross-references it against a wealth of related information. For example, analysis of a phone number can reveal the network it’s linked to, and whether it’s a genuine number or a “throwaway” virtual number.
Even more can be gleaned from an email address. A good fraud prevention solution can review which social networks and online accounts an email address is linked to. It can establish how long the address has been active and whether it’s been caught up in historical data breaches. Most well-established email addresses are linked to numerous online accounts and have been caught up in historical breaches. Email addresses that don’t fit this profile raise a red flag.
By automating such checks within online systems, digital footprinting with data enrichment can help to raise the alarm when fraudsters use “burner” phones and “throwaway” accounts.
AI and machine learning (ML) are increasingly used in fraud prevention. ML can spot patterns of fraudulent behavior that humans can miss, and share such patterns between multiple organizations.
ML can be particularly useful when monitoring login behavior, which can help detect account takeover fraud. The technology can also spot patterns in popular items targeted for purchase by fraudsters.
All of these methods can prove extremely valuable as an extra line of defense when some vulnerable people unwittingly (and inevitably) provide criminals with personal data to work with.
Fraud is consistently on the increase, even in the absence of a recession that will see criminals work even harder to target the desperate and the vulnerable.
The damage is profound and goes well beyond the financial. A recent Which report found that 63% of fraud victims reported a “harmful effect on their mental health,” with 39% feeling the effects on their physical health too.
In these tough times, the vulnerable need protection. Technology doesn’t provide a complete solution, but it does form part of it — and can reduce financial losses not just for individual victims, but the companies that serve them.
Desperation breeds desperation during times of financial crisis. Criminals know exactly which emotional buttons to push to make potential victims more susceptible to their scams. The chance of a loan, a prize, a refund, or anything that makes life easier, will always be enticing to somebody who is struggling financially.
Communication around risks does help, but fraudsters work hard to make their texts, phishing emails and other approaches seem legitimate and convincing. Technology and intelligent use of data can go a long way to catching cyber criminals and their scams.
PJ Rohall is head of fraud strategy and education at SEON Fraud Fighters.
Welcome to the VentureBeat community!
DataDecisionMakers is where experts, including the technical people doing data work, can share data-related insights and innovation.
If you want to read about cutting-edge ideas and up-to-date information, best practices, and the future of data and data tech, join us at DataDecisionMakers.
You might even consider contributing an article of your own!