Financial security authorities have issued a warning that most online banking fraud nowadays is the result of users being tricked into paying cybercriminals.
Authorised push payment (APP) fraud happens when a scammer acts as a trustworthy person and fools the victim into moving money to a bank account under their control. Examples include romance frauds and cryptocurrency fraud.
Banks in many countries won’t refund damages made in this way because, legally, it is the victim that requests the payment. A recent 1H 2022 analysis from Outseer states that these scams now account for 75% of all online banking fraud determined by monetary amount.
In an attempt to bypassing the security features built into the banking system, criminals trick people into authorising transactions to them via fake websites, social engineering, and phishing emails.
Social engineering is an “essential tool in the fraudster’s inventory,” according to the company’s head of product, Mark Crichton, when it comes to such attacks.
Mark Crichton further said:
We’ve all seen the news stories about APP fraud, but the fact that these attacks are getting more frequent, more sophisticated and make up three-quarters of fraudulent transactions should sound the alarm bells for banks. Technologies like AI and machine learning help recognize unusual patterns in payments and prevent fraud at the source.
After years of pressure from consumer rights organisations, bankers in the UK must now display a fraud warning notice before clients register new payments. They must also notify users if the beneficiary’s name and bank information don’t match.
According to UK Finance, there were 195,996 instances of APP scams in 2021, resulting in losses of more than £583 million. There was a 72% increase in APP fraud in the first 6 months of 2021, reaching £379m. During the same period, payment card fraud dropped by 9% to £282m.
One important method of APP fraud is identity theft. According to Outseer, it was responsible for 65% of cyberattacks discovered in the first half of the year. In the first half of 2022, phishing that targeted US clients jumped by 42%, while attacks coming from Russia increased by 25%, according to the report.
According to Outseer, 87,000 attacks on users were uncovered in the first six months of 2022. Averaging 20 attacks every hour, that’s what it came to. In an effort to reduce banking fraud, the financial services sector invests billions in cutting-edge technology. To trick clients into transferring payments straight to them, however, criminals are taking advantage of vulnerabilities outside of the banks’ control.
Help your colleagues spot these phishing emails by starting your Phishing Tackle security awareness training today with our two-week free trial.