According to Kaspersky's research, 2020 was a profitable year for online scammers, with account takeovers ruling as the preferred method. Their research is based on reports generated by their Kaspersky Fraud Prevention division from January to December 2020. The report states that in reviewed transactions, 54% of those transactions were fraudulent, up from 34% last year. Their research shows that the growing number of digital financial transactions and users working remotely, due to COVID-19, resulted in online fraudsters targeting a much higher number of online accounts and users through social engineering attacks.
The researchers at Kaspersky observed two commonly reoccurring tactics used by cybercriminals- ‘the rescuer’ and ‘the investor’ to gain access to accounts. In the former, fraudsters impersonate security professionals and call customers, or users, to report fake payments or charges and offer their ‘expert’ help. The imposters will even ask customers to verify themselves by using fake push notifications and verification codes. They will gain access to accounts under the premise of stopping faulty transactions or transferring funds to ‘secure accounts.’ The scammers may also ask users to download applications for remote management for false troubleshooting purposes. They do this all through spoofed phone numbers and under false identities as players from local and even global banking institutions.
While in the latter ‘the investor’, the online scammers pose as an investor, calling customers to scam them into invest in shares or cryptocurrency directly from the client’s account. The scammers persuade victims by offering an easy way to invest or trade shares without making trips to the bank. To provide the investment service, the fraudsters ask the victim to share the code received via push notification or SMS.
The research also noted that remote administration tools, namely Team Viewer were exploited to gain access to 12% of online fraud.
Phishing and scamming attacks like these rely heavily on social engineering rather than any technical skill. Cybersecurity experts have witnessed a surge for some time now, and they most likely won't stop being a threat any time soon.
What can you do about it?
Kaspersky, backed by its research, recommends some measures retailers and online services can take to stay protected from these fraud methods.
- A dedicated team of fraud analyst should be in place to find and analyze the latest methods scammers use
- Spread awareness and educate customers on potential methods used by fraudsters. Keep them regularly updated on how to identify scams and the best approach to handle tricky situations.
- Enable multi-factor authentication to reduce the chances of account takeover
- Lessen the number of attempts to make any transaction
- Conduct penetration tests and annual security audits to recognize any security threats in the company’s network
For more news and updates, visit https://blog.excellimatrix.com/
For any questions, reach us out on Facebook, & LinkedIn or Contact us. You can also drop a mail at sales@ExcelliMatrix.com for any discussion