Subscribe

Identity a cornerstone of effective fraud – and its prevention

In modern economies, data is the one of the most valuable commodities - more treasured than oil, gold and diamonds. Wealth creation, business growth, our social lives, increasingly depend on copious, judiciously managed, data.

Click image to zoom Tap image to zoom

But over time, criminals have also realised the value of this data, in particular how it relates to the ability to commercialise crime.

"Fraudsters were able to change their operating model very quickly and efficiently to take advantage of the crisis situation as it was unfolding.” – Peter Malvaso

Indeed, the commoditisation of data and the supply chain reflects not only how easily criminals have been able to leverage technology to access data but more importantly how they can leverage exactly the same technology advancements for illicit activity.

Dark Web Market Price Index 2020

Category

Compromised Account

Cost (US$)

Personal Finance

Bank Details

$99.25

 

Credit Card

$31.43

 

Paypal

$10.99

Communication

Skype

$6.80

Shopping

Ebay

$14.48

 

Amazon

$14.41

Travel

Airbnb

$13.57

 

Uber

$7.91

Health and Wellness

Headspace

$3.71

 

Fitbit

$4.10

Social Media

Facebook

$7.79

Entertainment

Amazon Prime Video

$13.42

 

YouTube Premium

$7.59

 

Apple

$6.41

 

Netflix

$6.35

Email

Gmail

$6.00

 

.edu Student Emails

$6.00

Security

Antivirus

$6.00

 

VPN

$5.65

Source: Top10VPN

Digital and gig economies and the COVID-19 pandemic have expedited online use and with it data-driven criminal commerce. Unlike major industries who continue to seek ways to value data, criminals have had no problem effectively commercialising data, using the same tools of ecommerce as mainstream business.

COVID in particular has opened new fields of opportunity for crime. According to IdentityForce, increasingly common COVID-19 themed scams include:

  • Fraudulent e-commerce vendors for masks, sanitisers and test kits
  • Fraudulent investment sites
  • Phishing and vishing through update emails, texts and voicemails
  • Spoofed government and health organisation communications
  • Fake vaccines or “miracle cures”
  • Scam employment posts
  • Phony charity donation offers

According to ANZ New Zealand Senior Manager Fraud Strategy and ABAC, Natasha McFlinn, the move to digital channels because of COVID-19 restrictions has meant there are a whole new range of individuals online who haven’t been previously.

“Many of these new users haven’t been aware of the types of online fraud they might encounter, which has led to increased fraud,” she explains. “Many people moved to doing their banking, shopping and socialising online and many will not return to their old habits post-COVID.”

ANZ Australia Retail & Commercial Fraud Advisory Lead Peter Malvaso adds the speed at which fraudsters were able to shift to pandemic-related crime was unbelievable.

Fraudsters were able to change their operating model very quickly and efficiently to take advantage of the crisis situation as it was unfolding and when people were at their most vulnerable,” he says.

The use of the deep and dark web are testimony to the adaptability and use of innovative technologies to leverage data-driven illicit activity in a way that many companies would be envious of. Similarly, the increased use of electronic data and computer networks to conduct day-to-day operations has seen growing pools of personal and financial information being transferred and stored online. This can leave individuals exposed to privacy violations.

As more and more individuals moved to working from home throughout 2020, cybercriminals began shifting tactics to target new working arrangements. Even more concerning was the increase in fraudsters targeting people who were out of work because of the pandemic with scams designed to look like government support programs.

In Australia as governments imposed stricter restrictions on movement, Malvaso says ANZ had to adjust and implement processes very quickly to continue to service customers.

“Within days of adjusting these processes or providing alternatives to customers physically attending branches to complete tasks or to be identified, we started to see COVID-related phishing emails requesting customers send in selfies of themselves holding identity documents,” he says.

Malvaso explains once fraudsters have either stolen the information or duped an individual into providing it through a phishing attack, they can then start to build an individual profile with a view to submitting fraudulent lending applications or, if they have enough information, to attempt to perform an account takeover.

McFlinn says social engineering is an important part of the fraudster’s weaponry and that they will often seek to impersonate a reputable organisation such as a government department employee or an employee of a large corporate entity like a bank or telco.

“It’s worth remembering many of these fraudsters do this professionally so they have the time and resources to research a potential victim in order to make themselves sound more plausible,” he warns. “The ultimate goal of social engineering is to manipulate the victim to provide personal information that can ultimately be used for fraudulent purposes.”

Synthetic identities

For individuals, concerns are growing about the increasing rate of synthetic identity fraud. Unlike traditional third-party fraud where an entire identity is stolen and used to defraud enterprises and victims, synthetic fraud often has no specific consumer victim. As a result, detecting and stopping such fraud is very difficult as the normal consumer alert is missing.

A recent survey by the Australian Institute of Criminology found identity crime impacts 1 in 4 Australians and provides a foundation for many other forms of serious crime. These types of fraudulent schemes are getting more complex and sophisticated as technology continues to advance and society becomes more dependent on devices for shopping, social interactions and work.

A recent report by McKinsey also found active social media users are 30 per cent more likely to become the victim of identity theft. Repeat victims are also common in this type of fraud with more than 20 per cent of those who have fallen victim to identity fraud experiencing it more than once.

McFlinn says retail customers don’t often think their identity is worth stealing so aren’t as cautious of their personal information - which is in fact incredibly valuable.

“According to NZ Police, identification documents are the most commonly stolen items in a household burglary,” she says. “Things like passports and driver’s licences, rather than TVs, can be sold for a lot more to those who can use it to commit fraud.”

Security, education, awareness

Against this backdrop of increased fraud, increased use of personal data and increased use of technology what are companies like ANZ doing to protect customers from fraud?

McFlinn says the bank has three key focuses: security, education and awareness.

“ANZ promotes security and education for all customers on our website and if we see a new type of fraud emerge we publish it on our website and also issue social media alerts,” she says.

“ANZ has good industry partnerships, especially amongst the main banks. Fraud is not a competitive issue and the aim is to drive fraudsters out of the market completely, not to kick them down the road to a competitor. We collaborate in education campaigns, share what we’re doing that’s working (or not) and meet regularly to come up with new ideas to combat fraud.”

McFlinn says the bank also meets regularly with government organisations like the Computer Emergency Response Team, sharing intelligence and developing education materials for the public.

Kim Downs is Fraud and Anti-Bribery and Anti-Corruption Lead and Warren Brown is Fraud Policy Lead at ANZ

The views and opinions expressed in this communication are those of the author and may not necessarily state or reflect those of ANZ.

editor's picks

12 Nov 2020

Preparing for the fraud pandemic

Carol Chris | Regional General Manager Australia, GBG

Digital acceleration has pushed financial institutions to re-evaluate the resilience of their fraud management strategies.

14 Sep 2020

Are fraudsters really that clever?

Steve Worthington | Professor at Swinburne University

Modern fraudsters are digital, agile and flexible. Are they actually the epitome of a successful business model?