If 2021 proved anything, it’s that fraud isn’t going anywhere. Between 2019 and 2021, there’s been a 44% rise in fraud rates. Back in 2019, the average ID fraud rate was 4.1%, jumping to 5.9% in 2021.
So with this in mind — how do you ensure your business stays one step ahead of the fraudsters in 2022?
This article will examine the top five trends that we expect will continue to pose large threats in 2022, and what you can do to combat them.
Social engineering and coercion scams
Social engineering and coercion scams will remain a go-to method for fraudsters.
During this type of scam, a fraudster uses information obtained on the dark web or otherwise to convince the victim they are speaking to their bank or an official organization. In fact, 75% of victims claim that fraudsters already had their personal information when coercing them.
These attacks require little technological sophistication. But if successful, fraudsters can then gather more information about a victim, or convince them to make a payment that will end up in the fraudster’s hands.
These scams are difficult to detect with standard fraud detection tools because fraudsters don’t interact directly with the business. Instead, scammers convince victims to defraud themselves. These payments are authorized by the victim, so the network connection will match with the user profile. Plus victims would also pass any authentication steps.
Educating victims against these forms of attacks is the best way to prevent them. For example, fraudsters will often use pressure or create a sense of urgency to try and persuade victims to move money out of their accounts. It’s important for businesses to communicate the types of behavior fraudsters might exhibit when trying to coerce them out of their money.
Network compromise attacks
If your network isn’t secure, fraudsters can employ a range of attacks to get around its defenses.
Mobile malware data scraping is an issue that affects many types of organizations across various industries. Malicious hackers use scraping to collect intel on companies. They’ll then use this information when targeting them with more significant attacks. Businesses should audit their websites to make sure they aren’t exposing sensitive information.
Ransomware is another form of cyber-extortion that fraudsters will continue to leverage. Fraudsters restrict access to sites or information, before forcing users or businesses to pay a ransom to re-access their data. According to Sophos, the average bill for recovering from a ransomware attack was $1.85 million in 2021. That figure includes downtime, people hours, device costs, network costs, lost opportunities, as well as any ransom paid.
Your best bet at preventing this type of attack is to keep operating systems patched and up-to-date and never install software without knowing exactly what it is.
Data breaches aren’t new. We’re all used to reading the headlines about the latest breach. However, they also aren’t going anywhere. Data breaches in 2021 far surpassed the number we saw in 2020 — the number of data breaches in mid-2021 was already 17% higher than throughout the whole of 2020. We expect that trend to continue into 2022.
Data breaches are why so much of our personal information ends up online or for sale on the dark web. They can compromise anything from a customer’s address, their date of birth, passport number or driving license number, or even images of a customer’s ID.
Once fraudsters get hold of an individual’s personal information, this empowers them to go on and commit other attacks such as:
Phishing or spear-phishing attacks: Fraudsters impersonate a business and encourage users to perform a specific action. Phishing emails cost UK businesses a staggering £6.91 billion
Business email compromise: Fraudsters access business email accounts and imitate the owner’s identity. Their goal is to defraud the company, its employees, customers or partners.
Account takeover fraud: If they have access to enough personal information, fraudsters can impersonate genuine customers to access an account before making unauthorized transactions.
Social engineering or coercion: As mentioned earlier, with the right information fraudsters can pose as a legitimate business and try to convince victims to defraud themselves.
Synthetic data attacks
With the information gained via data breaches, fraudsters can also leverage synthetic data attacks. For this type of attack, fraudsters merge real and fake information in an attempt to go undetected. For example, using a real name but fake document number, or vice versa. It’s harder to detect than using all fake information.
Synthetic identity fraud is particularly prevalent in the US. This is because identity verification in the US often relies heavily on personally identifiable information (PII) such as SSNs. However other forms of synthetic data attacks, such as deepfakes and voice fraud, are growing in popularity, and could pose a bigger threat in the future.
As a sector, crypto is highly volatile and has seen a large amount of public interest. Crypto transactions are also irrefutable and irreversible by design. This creates a very strong incentive for fraudsters. If they can successfully commit fraud, then that cryptocurrency is theirs and it’s extremely difficult (if not impossible) for the victim to retrieve it.
As you can see in the graph below, our crypto customers see almost double the amount of fraud than all the other sectors we serve (this includes financial services, gaming and transport).
Average fraud rates by industry
The attractiveness of crypto means fraudsters will continue to target the industry into 2022. One of the ways fraudsters target the sector is through cryptojacking. Fraudsters use someone else’s computer to mine cryptocurrency by getting victims to click on a malicious link. This then loads cryptomining code onto the computer. They can then steal cryptocurrency from other digital wallets or use the hijacked computers to mine valuable coins.
Fraudsters will also target victims directly with investment scams. This type of attack aims to get unsuspecting people to hand over money. They can be difficult to spot because the investment opportunity will often look legitimate.
Fraud prevention strategies
There are several best practice approaches businesses can put in place to help protect them against fraudulent attacks, including some of the ones we discussed in this article.
Layer up identity verification and signals
Layering identity processes, for example combining a person’s ID with their physical biometrics, helps businesses build strong assurance in their users’ real identities. Document Verification is the first line of defense against fraud. Adding Biometric Verification helps protect against stolen IDs, and can deter fraudsters who don't want to put their face to a name. For the most sophisticated fraud, consider using deduplication features like Onfido's Known Faces.
Forrester’s Total Economic ImpactTM of Onfido study found that businesses who use Onfido’s identity verification solution see on average a 27% increase in fraudulent accounts detected.
Leverage deduplication technology
We’ve found that criminals are increasingly opting for organized fraud attacks where they re-use the same information. For example, they submit hundreds of documents with the same face or similar document numbers. With this type of attack, fraudsters are essentially trying to brute force your system by submitting the same illegitimate credentials again and again.
Onfido Known Faces can help protect your business from these attacks by recognizing the identity of repeat fraudsters. Known Faces enables your teams to see when a duplicate face has entered their system, and follow the trail of breadcrumbs in real-time.
Employ robust authentication methods
It’s no use simply protecting your customers at onboarding. Fraudsters employ various tactics throughout the customer lifecycle in an attempt to gain access to accounts via false account recovery requests.
It’s tempting to get customers through the door using weak identity verification and then later patch this up with more vulnerable authentication processes such as usernames, passwords and knowledge-based authentication (KBA). But this exposes your business to fraud, kills conversion, and leads to frustration for you and your customers.
Businesses need to have robust authentication methods in place to ensure that it’s the legitimate account owner attempting to regain access or perform a high-value transaction. Onfido’s Face Authenticate, powered by FaceTec, allows you to verify your customers against a government-issued identity document and facial biometrics at onboarding, then use those same biometric signals to enable seamless and secure repeat access later in the customer journey.
To find out more about the latest fraud trends and techniques and how your business can stop them, read Onfido’s Identity Fraud Report 2022.
About the Author