To that end, a new white paper from Informa and ThreatMark illustrates how new phishing and vishing scams are threatening the digital fintech space as well how individuals can identify and combat those scams.
“Driven by accelerated digitalization no business is immune from modern digital fraud. Among them—the financial industry and online, digital banking are a prime target for fraudsters around the world,” according to the paper. “And the fraudsters never sleep. Seemingly every day fraudsters develop new methods and vectors to scam both banks and users for their own nefarious goals.”
And the stakes have never been higher. According to information from PricewaterhouseCoopers, digital banking is an enormous emerging sector, and they report a substantial 73% of all financial executives expected consumer banking to be disrupted by new financial technology. Naturally, the more information circulating online the more there is to take.
The new white paper points out the three most prevalent grifts plaguing the digital banking industry are vishing, phishing and mobile malware. In general, phishing involves contacting individuals by phone, email or text with the hopes of duping the customer into thinking the scammer is a legitimate institution. Generally, phishers are looking for passwords, personal information and credit card numbers.
The prevalence of phishing is enormous, as more than one-fifth of all data breaches last year involved some form of the grift, according to the Verizon 2020 Data Breach Investigations Report (DBIR). More precisely, 22% of the 3,905 breaches were phishing-related.
Interestingly, the Verizon report also indicates 96% of phishing attacks are levied via email, yet the open rate on those emails is a record low 3.4%. However, the more clever the customer, the more devious the fraudster needs to be.
“What is worth noting that beyond technical prowess, fraudsters are demonstrating skillfulness when it comes to social engineering,” according to the Informa-sponsored paper. “As we discovered, the goals of fraudsters go beyond acquiring credentials, but to acquire as much information as possible in order to persuade the victim do what they want in the most elaborate ways.”
One new way scam artists have gone about upping their game involves using “voice phishing” or vishing. “We’ve investigated several cases where the fraudster called the victim, early in the morning; with background noises from the bank and perfect accent, to scare the victim in sending the money to the fraudster,” the paper notes.
These scams are big business, too, as a recent study from Forbes cited in the paper reports the attacks, globally, have cost unsuspecting consumers close to $50 billion.
From Twitter
"Banks & credit unions share a goal with #FinTech. A simple customer experience where #fraud is minimized. #FinTech has been at the forefront of #AI implementation. Discover seven benefits of implementing #AI in the banking & credit union industry, here: https://bit.ly/3Ak0BBN"
Vishing scams are similarly engineered to their online counterparts, notes the white paper. In these cases, attackers try to use fear or greed to get customers to give sensitive information to the scam artist—except these attacks rely on the relative comfort of a human voice. Often, they target the elderly or “technophobic” individuals who are unfamiliar with the scams.
Finally, the last growing threat cited in the paper comes from increased use of malware, which is designed to attack devices and collect sensitive, useful information. “A smartphone gets infected once a person downloads an unauthorized application or file. It is often designed to look like an update or a simple app; but hiding a virus with nefarious objectives,” reads the paper.
Among some of the suggestions from the paper include avoiding using unexpected or unidentifiable links, avoiding disreputable sources for app downloads, using strong, secret passwords and two-factor authentication and installing anti-malware software.
“Of course, fighting fraud is not the ultimate responsibility of the end-users. Their cybersecurity infrastructure is usually not that impressive,” it adds. “Companies should invest in continuous education of their users about the threat, details and presentation of trending scams. Conversely, businesses can invest in an advanced technological solution that can detect and mitigate frauds at scale.”
