The financial fraud epidemic | ABA bank journal
By Karen Epper Hoffman
AAs the COVID-19 pandemic has increased over the past year, forcing millions of Americans to stay locked up, work from home, and often lose their jobs, financial fraudsters have found a fertile playing field, working their schemes against the two banks and their desperate, isolated customers.
According to financial institutions and federal agencies, since the onset of COVID-19, fraud attempts have tripled, with a wide variety of new scams emerging that prey on those who have been hit hard financially by the pandemic and subsequent closings and closings, people who have isolated themselves, as well as good Samaritans who want to help those in crisis. Indeed, the pandemic has provided a new opportunity for cybercriminals, who play with the concerns of bank customers over job loss, financial health and community safety.
Kathleen Darroch, senior vice president and head of security business partners for PNC Bank, said much of the fraud perpetrated over the past year has been linked to “stimulus packages, unemployment [payments], crooks send text or e-mail [with the promise of receiving]an earlier payment. All of these changes are forcing bank employees (and customers) to “adapt” during this pandemic, she adds. Elderly customers, more likely to suffer from this virus and generally more isolated from others, are targets of cybercriminals, Darroch explains.
“Most of the time, these people aren’t going to talk,” she says. And, more recently, with a vaccine available, many scams target the desire of older bank customers to be protected from the COVID-19 virus, and potentially “to avoid long lines,” according to Darroch. Much like after Hurricane Katrina in 2005, Darroch points out that this recent crisis has online villains playing on the emotions of compassionate bank customers and desperate business customers.
Chris McCulloch, senior vice president and head of corporate fraud and physical security for St. Louis-based Enterprise Bank and Trust, says his $ 9.1 billion bank of assets has driven up the bar on fraud mitigation, increasing customer and employee awareness and adding more auditing. services to ensure better security. “We are constantly educating our direct customer contact staff so they can help detect possible fraud,” she said, adding that Enterprise provides business customers with a positive payment service for checks and ACH. .
“With the onset of the pandemic and in large part due to the large number of employees working and doing business from home, I have seen an increase in wire transfer scams,” said Andrew R. Lee, group partner. Jones Walker’s Litigation Practice. “These usually start with social engineering cyber breaches, [such as] Phishing emails that allow hackers to access emails from a bank or customer-employee. In this scenario, Lee says the hacker accesses the user’s email system, discovers a routine or special electronic transaction, and then redirects the destination institution for the transferred funds.
“The banking industry has long been a primary target for cybercriminals,” said William Shortt, director of cybersecurity and mergers and acquisitions advice at Aon. “Cybercriminals are looking for money and personal information. Cyber risk is always heightened when institutions undergo operational changes. Employees are no longer sitting together in desks. Any lack of communication between employees is an opportunity for hackers to exploit, and “COVID-19 was the perfect storm,” he adds.
Phishing attacks, long the drug carrying cybercrime, have increased since the start of the pandemic in March. Phishing attacks have increased by more than 667%, according to KnowBe4, says Mark Scholl, director of consulting firm Wipfli. Currently, he estimates that nine out of 10 data breaches involve email scams, and “ransomware has increased sevenfold. [in the first half of 2020] with more sophisticated and destructive malware, and with higher ransom demands.
“Many workers are distracted by home work environments and staff shortages,” says Scholl. “We’ve also seen a significant increase in email scams masquerading as someone inside the bank, like IT support, to trick victims into giving up their credentials. Stimulus control phone or email scams are also a problem. Threats that cause victims to verify financial and identity information to ‘qualify’ them for payment or funds. ”
Fight new threats
The pandemic has changed the way bank workers operate and the way bank customers conduct their transactions. Checks that relied on face-to-face engagement, such as a supervisor monitoring employees in the office or a bank teller verifying someone’s identity by matching their photo ID to the person standing in front of them, are become obsolete. Now, with remote working, banks have less control over the physical environment, which could introduce new risks to privacy and data security, according to James Ruotolo, senior director of fraud risk mitigation and analysis at Grant Thornton.
“Fraud actors have taken advantage of the confusion and surge in stimulus funds resulting from the pandemic and the subsequent pandemic relief provided by the government to commit frauds of all kinds. Unemployment insurance fraud, small business loan fraud, and business email compromise have all increased dramatically over the past 11 months, as banks continue to deal with the same fraud threats that existed. before the pandemic, ”explains Ruotolo.
But the answer to this increasingly dangerous landscape has not been simple, nor necessarily straightforward. For many banks, it’s simply a matter of providing more and more layers of education, authentication, observation, and mitigation. “Since fraud attempts have increased over the past year, we have added additional measures to further protect our customers,” says McCulloch.
“Banks are also seeing the proceeds of these crimes pass through their institutions through mule accounts. One area where the US Department of Justice has identified a slight increase in fraud activity is financial abuse of the elderly, due to the isolation that individuals have endured as a result of the pandemic, says Sepideh Rowland , Managing Director and Head of Outsourced Financial Crime Risk Management for K2 Integrity. .
Rene Perez, financial crimes consultant for Jack Henry and Associates, adds that “the pandemic, the lockdown that followed and remote working has created a disastrous playground for fraudsters. Overnight, the number of card-less versus card-present transactions skyrocketed as consumer behavior shifted in-store to primarily online, rendering most fraud models completely ineffective.
Adding even more complexity to the mix, unemployment officials across the country who were accustomed to processing a few hundred unemployment claims a week were tasked, in parts of the country, with processing thousands of claims a day – and mostly in a new job. home format – something many staff have never done before. “This new remote environment has removed a lot of the human checks and balances. “
Karen Epper Hoffman is a frequent contributor on topics related to technology and security at ABA bank journal.