Uncovering Emerging Fraud Types
As the digital landscape rapidly transforms, so do the tactics of online fraudsters.
In this article, we explore the emerging fraud types uncovered by experts at the ThreatMark Fraud Summit.
In a dynamic digital environment, the fight against online fraud occurs in real-time. As fraudsters, driven by the prospect of significant profits, come up with new schemes, financial institutions must react swiftly and adapt their anti-fraud measures.
However, keeping up with increasingly sophisticated fraud is a challenging task for banks and payment service providers. Threat actors adapt new tactics and utilize the latest technologies, such as generative artificial intelligence, to identify potential victims and security weaknesses, develop financial malware, or create convincing content for phishing or impersonation scams. At the recent Czech & Slovak Fraud Summit held in April 2024, Marek Macháček from Komerční banka (Société Générale Group) noted that it takes fraudsters approximately two weeks to overcome new anti-fraud security measures.
In a fast-paced world of fraud, what are the latest schemes banks should be prepared for?
SIM Swapping
SIM swapping is an old trick in the book for fraud fighters, yet its prevalence is on the rise. While the modus operandi varies, experts at the ThreatMark Fraud Summit most often encountered the following scenario.
A victim is first contacted by a fraudster impersonating an employee of their mobile network operator, often using a spoofed phone number to appear legitimate. The customer is then prompted to install an application to administer the operator’s services. This application allows users to manage their SIM card settings, tariffs, and other features. At this point, everything seems legitimate, as many users actually use such apps. This way, the fraudster earns the victim’s trust.
But then comes the twist. The fraudster asks the victim for a code from the authorization SMS received during the installation process as a second login factor. By providing this code, the user grants access to their account, allowing fraudsters to tamper with the settings and make major changes, such as replacing a regular SIM with an eSIM (a SIM swap).
The SIM swap instantly deactivates the original SIM card, giving the fraudsters full control of the victim’s phone number. This opens up a wide range of possibilities for attackers: they now have access to the victim’s valuable personal data and other services that require phone number verification, including social networks, bank accounts, email, and more.
With this in hand, it is then easy for fraudsters to exploit a false identity, for example, in communication with a bank. There have also been cases where SIM swapping has been used to compromise the X (formerly Twitter) accounts of high-profile individuals.
Voicebots combined with vishing and smishing
Scammers have recently started using voicebots extensively, employing them for one of the most time-consuming phases of the scam: the initial pre-selection of victims. Automated voicebots lure victims into scam traps with false information about changes in legislation, the need to update bank details, overpaid taxes, and more.
Once the victim falls for the lure, the smishing part of the scam follows. The victim receives a text message with a phishing link designed to extract sensitive information, usually online banking logins. The scam is then completed by a call from a fraudster posing as a bank representative.
In some cases, fraudsters increase the victim’s phone credit to gain their trust. This makes the subsequent call from a supposed bank security officer about an account breach more convincing. With the “proof” of unexpected money flow, victims are more likely to believe the “security officer” and provide their login credentials.
Innovative NFC Wormhole
NFC Wormhole is yet another emerging fraud tactic. It all starts with a user unknowingly downloading a malicious app that steals sensitive data. The victim is then contacted by a fraudster impersonating their banker, who instructs them to hold their credit/debit card near their phone. The installed fraudulent app uses NFC technology and a reader in the phone to transmit data from the card to the attacker’s device, resulting in unauthorized cash withdrawals at ATMs, often from abroad.
Deepfakes
Deepfake videos often impersonate well-known and trusted personalities in politics, show business, and sports, or exploit the reputations of established banks and other successful companies. These videos aim to gain the victim’s trust and are widely used in impersonation scams (romance, investment, CEO scams, etc.). Depending on the scam, attackers may convince the victim to authorize a payment, share personal information, or click on a phishing link.
Read more about AI-driven fraud
How to defend against new types of fraud?
New types of fraud show that to protect their customers against fraud, banks must constantly respond to the evolving tactics and technologies of fraudsters. This requires a holistic approach that considers all factors exposing fraud. ThreatMark’s Behavioral Intelligence Platform is proving to be a useful tool in this regard, as it is the world’s first full-stack fraud prevention platform built on behavioral intelligence.
Combining transaction risk analysis, threat detection, and user behavior profiling capabilities in one integrated solution, the Behavioral Intelligence Platform is designed to detect modern fraud types seen in digital banking these days, both unauthorized and authorized, including SIM swaps, APP scams, and AI-driven schemes.
Additionally, behavioral intelligence gathers information about the entire fraud ring and its infrastructure, identifying and blocking phishing sites, attack tools, behavioral patterns, and payment infrastructure. This comprehensive disruption prevents fraudsters from adapting, making it the most effective way to combat sophisticated fraud and protect bank customers at scale.