Redefining Scams: Why It’s Important
In today’s digital landscape, various types of scams – both old and new – are targeting every day consumers on a regular basis.
But what are we defining as a scam?
A scam is no longer an poorly-written, mass email from a Nigerian prince, nor are we talking robo-callers and extended car warranties.
Modern scams are highly sophisticated and targeted attempts to steal personal information, money, and often times trust and brand reputation. They involve cutting edge technology combined with a massive amount of leaked data on the web and dark web. They use the latest trends and tactics to trick consumers, and often times, the tricks being used are quite clever and hard to identify as fraudulent.
Here’s an example of a modern scam:
Step 1: Fraudster calls an elderly person from a spoofed phone number pretending to be with a financial institution. The call shows up on caller ID as the legitimate phone number of the financial institution. The customer thinks this is a legit call and through various methods exploits customers either for their login credentials or a one-time passcode (OTP).
Step 2: Fraudster now has the login credential and OTP. They have now performed a successful account takeover. From here, it can get dangerous quickly with the bad actor having access to make profile updates (phone number/email address) or directly transfer money out of the FI by means of mule accounts, P2P transfers, Zelle, Bill Pay, or even Bitcoin
This method is used for a variety of common scams, such as the all too common IT Support Scams, Romance Scams, Call Center Scams, and so on.
Often times when we hear the word scam we may think of a guy with a neckbeard living in a basement running these attacks on his own or a person with a heavy foreign accent that is easy to identify as suspicious or not someone from your bank. However, Bad Actors are no longer working in silos with limited technology or data.
Working in highly organized groups with the latest tech at their fingertips, scammers are contin improving their methods. Based on a deep understanding of the technology and methods being used by the FI to prevent these attacks, prevention is becoming a more difficult task every year.
Traditional systems and rules-engines are not equipped to handle today’s modern scams. Simply, they can’t keep up with the real-time nature of these scams. So, we’re all doomed and there’s nothing that can be done to stop modern scams, right? Wrong!
Technology must evolve to detect and deter these social engineering scams in real-time, while being sure to not add unnecessary friction or unpleasant customer experience to the process. How? By leveraging a real-time platform that can detect when a scam is happening and shut down a session or impose step-up authentication based on the level of risk being observed.
So, how does it work?
By combining real-time payment monitoring with device intelligence, behavioral biometrics, and phishing/malware detection, FIs are able to put a stop to this problem in real-time – usually before any financial or reputational loss occurs.
Behavioral biometrics is the key.
Behavioral biometrics is the understanding of how an individual interacts with their specific device. For example, the speed in which a person types their username and password or the keystrokes that are strung together as someone is typing. Combine behavioral biometrics with advanced device intelligence and you have a solution that can detect and stop these scams as they’re happening in real-time.
Here’s what this process can look like:
Step 1: Understanding the “normal” components of an individual such as the type of device they use, the geolocation the person typically banks from, the IP address, the Internet Service Provider (ISP), and most importantly, the biometric behavior of an individual.
Step 2: Recognizing deviations from the norm and being able to call those out and make a determination of risk based on the variables being measured mentioned in step 1.
Step 3: Having technology in place that can continuously evaluate these risks, in real-time, and take appropriate action based on the level of determined risk.
Example: An FI has technology in place that can recognize that a session is happening outside of the parameters of what’s considered normal, such as the IP address, geolocation, ISP, and the biometric behaviors all being abnormal. This combination of risk is a major red flag, and an indication an account takeover in progress. Without any human intervention or manual review/disposition of an alert, technology can determine the level of risk and shut down a session, stop a payment, or require additional step-up authentication.
In summary, it is essential to have advanced technology such as behavioral intelligence in place to signal deviations from “normal” behavior. As the volume and global losses of scams increase every year, not only identifying those risks but take action on behalf of the FI, is vital.
Contact ThreatMark today to learn more about stopping social engineering scams in real-time before financial and reputational loss occurs.
Garrett Sadler, ThreatMark Fraud Fighter & Account Executive, is passionate about fighting fraud and preventing financial loss. Garrett works closely with leading banks and credit unions across North America to implement innovative solutions that reduce fraud and consumer friction while enhancing security.