Online bandits are decreasing their schemes against businesses but increasing COVID-19 scams aimed at consumers, according to a report released Tuesday by TransUnion.
Suspected fraudulent digital transactions against businesses worldwide dropped nine percent from the lockdown phase of the pandemic (March 11 to May 18) to the reopening phase (May 19-July 25), noted the quarterly report on global online fraud trends by the Chicago-based transaction security solutions provider.
That contrasts with surveys done by TransUnion for the weeks of April 13 and July 27, which found a 10 percent jump in consumers targeted by digital COVID-19 scams.
“With the rush for businesses to go digital, as many were forced to go completely online almost overnight, fraudsters tried to take advantage,” Shai Cohen, senior vice president of global fraud solutions at TransUnion, said in a statement.
As those businesses ramped up their digital fraud prevention solutions, he continued, the fraudsters took their scams elsewhere.
“Conversely with consumers,” he added, “fraudsters are increasingly using COVID-19 to prey on those persons who are facing mounting financial pressures.”
Rejecting Layups
TransUnion’s findings suggest that there may not be as much low hanging fruit among businesses for scammers as there used to be.
“Businesses have become a bit more vigilant regarding cybersecurity at the present time,” observed Adam Laub, CMO of Stealthbits, a cybersecurity software company located in Hawthorne, N.J.
“What were layups for bad actors previously perhaps don’t work with the same degree of success because cybersecurity has become more top of mind,” he told TechNewsWorld.
Nevertheless, he cautioned that most organizations still suffer from the same vulnerabilities and exploits they had previously.
“It’s just a little bit harder to get through the front door,” he said. “Once in, however, attackers will traverse networks, escalate privileges and execute their missions with relative ease.”
Weaponizing Fear and Uncertainty
On the other hand, Laub continued, the closing of physical locations for shopping has increased e-commerce activity. “That makes consumers — just from a sheer numbers perspective — an easier target than business at this point in time,” he said.
“When businesses don’t have their eye on the ball, they are by far the more attractive target,” he added, “but when they do, they’re a much tougher nut to crack for the average cybercriminal.”
Melody J. Kaufman, a cybersecurity specialist for Saviynt, an application and infrastructure security provider in El Segundo, Calif. explained that businesses have quickly adapted their security measures to accommodate remote workers over the last few months.
“This security shift has improved processes and procedures in many areas over organizations including phishing training and awareness,” she told TechNewsWorld. “This level of awareness makes businesses harder targets now.”
That’s not the case with consumers, she continued, who — whether they’re savvy with technology or not — are generally not familiar with the wide varieties of phishing campaigns that exist such as smishing and vishing.
“Bad actors find it easier to weaponize the fear and uncertainty of national events, including COVID-19, and this helps their attacks and scams yield valuable results,” she said.
“Fraudsters enjoy times of uncertainty,” added Trace Fooshee, a senior analyst with the Aite Group.
“They flourish in times of crisis,” he continued. “They take advantage of crisis because crises tend to introduce a level of heightened emotion when people lower their guard a little bit. People can be more gullible when their emotions are being preyed upon.”
Whack A Fraudster
Governments may also be contributing to COVID-19 scams aimed at consumers, maintained Chris Clements, vice president of solutions architecture at Cerberus Sentinel, a cybersecurity consulting and penetration testing company in Scottsdale, Ariz.
“The transition from business to consumer targets is likely due to COVID-19 stimulus efforts from national governments,” he explained.
“Because consumers are primed to expect contact of some sort relating to the matter, it gives cyber criminals targets primed to interact with financial information,” he told TechNewsWorld.
The TransUnion report found that the biggest declines in suspected fraud were in the telecommunications (-60 percent), healthcare (-18 percent) and financial services (-13 percent) industries, while there were big increases in the travel and leisure (47 percent), logistics (27 percent) and insurance (8 percent) sectors.
“This shows us that fraudsters initially targeted the hottest industries with the most money to be had early in the pandemic in order to hide behind the rush of transactions, but have now made an obvious shift once they experienced the fraud controls those industries had implemented,” said Melissa Gaddis, senior director of customer success for global fraud solutions at TransUnion.
“Fraud is a constant game of whack a mole and when fraudsters aren’t successful in one area, they move somewhere else,” she told TechNewsWorld.
Avalanche of Disruptions
Increases in transaction volumes probably contributed to the increases in suspected fraud incidents in the logistics and insurance industries.
“Logistics and insurance organizations have seen a surge of business due to the pandemic and as their workloads increase, they are more prone to failing to identify fraud as they attempt to manage a flood of legitimate requests,” Clements explained.
Meanwhile, in the travel industry, there was an avalanche of disruptions. “That caused the overall number of transactions between consumers and their travel companies to increase exponentially,” Fooshee explained.
Travel companies also had to make many concessions to consumers for canceled trips, he continued. “Whenever large scale concessions like that are being granted — effectively giving away money — the fraudsters are going to pounce on that,” he said.
Gen Z Targeted
As part of its report, TransUnion surveyed 8,265 adults in Canada, Colombia, Hong Kong, South Africa, the United Kingdom and the United states the week of July 27. It found that more than three out of 10 respondents (32 percent) said they had been targeted by digital fraud related to COVID-19, with Gen Z (age 18-25) being the most targeted at 36 percent.
“A common assumption is that fraudsters target older generations who are perceived to be less digitally capable,” Gaddis observed.
“However,” she continued, “a potential reason that we found the opposite is the fact that younger consumers are more apt to conduct more digital transactions. Fraudsters tend to go where the transactions are.”
“Furthermore,” she added, “our analysis found younger generations are more strained financially during the pandemic so fraudsters could be trying to take advantage of people in more dire financial situations.”
Covid is a fraud