Published: Thursday July 23, 2020
In the latest of our Collaborate to Disrupt webinar series, GBG sat down with Citi Bank’s Nic White and Group-IB’s Nicholas Palmer to talk about the current fraud landscape and some of the most common scams to watch out for.
In fraud prevention, huge advances in technology mean it’s getting increasingly difficult to spot bad actors if you’re using the right tools. And so fraudsters are moving more towards social engineering scams for one simple reason: it’s getting much easier to hack a person than a machine.
During the webinar, Nic White outlined the four most common types of fraud and how to defend against them.
A variation of business email compromise, Nic White describes this as the “most problematic, endemic and successful of the cyber scams.”
Supplier fraud sees a fraudster pose as one of your suppliers and request payment to a new bank account. In some cases, they will use a near-identical email address and hope that victims aren’t paying enough attention to spot it, but fraudsters are also increasingly inserting themselves into existing email conversations you’re having with suppliers, where complete trust is already established, and redirecting the payments.
Explaining the technology at play, Nicholas Palmer said: “Cyber criminals are inherently lazy. They like to do things in an automated fashion. So they actually write different parsers to look for keywords like invoice or payment or something that's of interest to them.”
Traditionally, a fraudster poses as a senior person within a business – perhaps a CFO or CEO – and emails a more junior person asking them to transfer money urgently.
It relies on the junior feeling pressure to act and being uncomfortable in challenging the request from their superiors.
But as technology has moved on, so too has the executive fraud scam. Some fraudsters are now using deepfaked audio built with machine learning technology to create synthetic voices that match an executive’s voice so well that it convinces the junior they’re dealing with the real person. In 2019 a British company lost 220,000€ to a deepfake executive scam.
Procurement fraud exploits situations where people need something and are under pressure to deliver it.
For example, during the early days of COVID-19 where supermarkets saw supply shortages for in-demand products, a fraudster would pose as a middleman or broker who could arrange to deliver a product under an expedited timeline.
While such an offer might raise a red flag in normal times, victims can be convinced to act out of character when they’re desperate.
While each of the three types of fraud so far have involved a degree of impersonation, this final type of fraud involves criminals posing as you or your organisation, which can be very damaging to your reputation.
Nic said: “In one of the recent supplier cases, the company compromised and its actual email infrastructure was compromised.
“And so the payment requests that went out actually came from a genuine email from that company. And the fraudster actually persuaded the victim to send $8 million to a different bank account. And so you can imagine the reputational damage associated with this can be quite catastrophic.”