Cyber fraud is now a common way that threat actors take advantage of people and businesses. There are several fraud trends at any given time, leading to an increasing number of victims.
Australian businesses self-reported losses of over $98 million last financial year to just one kind of attack – Business Email Compromise (BEC), a tactic where a threat actor compromises an organisation by accessing an employee’s login credentials.
Reported losses may even be a drop in the ocean, as actual losses are expected to be much higher, and do not include the cost to the customers of victims, nor the capital and recurring costs of cyber security incident remediation.
During International Fraud Awareness Week, we pay special attention to the importance of creating awareness around emerging fraud trends to help businesses take the necessary steps to prepare for and protect against these attacks.
Types of cyber frauds
Cyber criminals use several strategies to commit cyber fraud. The most utilised methods for engaging victims are email, SMS and instant messaging services. Threat actors will use these methods to attempt to spread malware, steal sensitive data or further deploy even further targeted phishing scams.
Cyber fraud can be broken down into key types of attacks, including:
- Phishing and Spear Phishing
- Data breach
- Denial of service (DoS)
- Business email compromise (BEC)
Over 80,000 phishing emails have been reported in Australia so far in 2022, with a loss of $43.33 million. This is likely only a small part of the overall number of phishing emails generated yearly and only focuses on emails that attempted to gain sensitive information.
With the advancement of technology and new ways of working remotely, cyber fraud is becoming more sophisticated.
In order to understand these emerging cyber fraud trends, users need the knowledge and expertise to identify them and stay protected.
Here are 5 of the most common cyber fraud trends that are reeling in businesses around the world.
1. Business Refund fraud
As the name suggests, this scam is centred around a fake refund.
Refund policies that don’t have any fraud checks can lead to losses for the business if the cybercriminal aims to take advantage.
Refund fraud will generally involve the non-return of goods or software subscriptions, even sending back different items than the ones that were originally purchased. This can create a grey area for merchants since customers who make genuine requests for refunds may:
- Have no time to send back the item resulting in non-delivery
- Be returning an item because it isn’t what they ordered
With so-called ‘professional refunders’ emerging in the market and promoting themselves as experts in a certain merchant’s return policies, they can lure unsuspecting customers with false promises of helping them get their refunds approved.
They may charge a fee that’s equal to a multiple of the value of the item once the refund is complete and advise you to refrain from targeting the same merchant more than once a year making it difficult for merchants to anticipate such fraudulent activities.
2. Fraudulent business emails
While cyber fraud trends are on the rise, the most successful are not those created to compromise sophisticated technology, rather, they prey on the humanity of the user.
In the years since the pandemic, businesses have opted to move to a more virtual landscape to enhance communication and connectivity with each other and employees within the business.
This has resulted in an increase in remote access to business systems and employees regularly working from remote locations. Without conducting regular security checks and some employees' susceptibility to connecting to public Wi-Fi networks, employees are falling victim to phishing emails that appear to be authentic.
In order to protect your business, you need to have cyber security protocols that are fit for purpose, as well as the right people who can be educated about how to keep your business safe.
It is crucial to review your business framework and regularly analyse existing or proposed systems to identify vulnerabilities and potential glitches.
Giving your employees the training they need to identify fraudulent emails and what steps need to be taken in the event of receiving a fraudulent email should be at the top of your agenda as online fraud trends increase.
3. Friendly fraud
Arguably the leading fraud attack, friendly fraud occurs when a customer requests a chargeback from their bank even though they have received the goods or services.
Businesses of all sizes report that friendly fraud is one of the leading attacks that they deal with today.
One reason behind the increase in friendly fraud is buyers’ remorse – customers purchase products on impulse only to regret their purchase.
Addressing friendly fraud before it occurs can be difficult. This is why you need to ensure that you have a robust process in place to identify such frauds and take action once it’s happened.
Implementing solutions like customer notifications, return policies, payment policies, verification measures, and a rigorous chargeback process can help identify and discourage friendly fraud.
People use cryptocurrency for many reasons — quick payments, to avoid transaction fees that traditional banks charge, or because it offers some anonymity. Others hold cryptocurrency as an investment, hoping the value goes up.
Blockchain technology allows for the secure transfer of funds from one digital wallet to another, however, there are some differences from traditional banking.
Cryptocurrency accounts do not come with legal protections, they are typically irreversible and despite common knowledge, some information about the transaction remains public.
Cryptocurrency scams are on the rise in a number of ways. It’s important to remember that no legitimate business is going to demand you send cryptocurrency. Only scammers demand payment in crypto.
This can also include investment scams. If someone is promising a quick and easy profit in the crypto market, it’s likely a scam. Scammers will guarantee profits or big returns for ‘small’ investments.
Investment scams, including cryptocurrency, accounted for over $292 million lost in 2022, with over 7,000 reports. Just under half of these reports resulted in a financial loss.
Always be wary before transferring funds to someone via cryptocurrencies of any kind.
5. Business Email Compromise (BEC)
One of the most popular types of cyber fraud is business email compromise, otherwise known as account takeover.
This scam uses impersonation tactics where criminals attempt to impersonate C-Suite level executives or IT personnel who attempt to trick employees into providing them sensitive information, approving payments or providing access to systems.
Another type of business email compromise scam is where an account of an employee within the business has been compromised and the scammer begins contacting employees within the organisation from the compromised account.
The problem is these kinds of BEC attacks bypass legacy email solutions. As the email comes from a trusted source, it is able to pass rule-based security controls without detection.
In 2020 – at the height of the pandemic – account takeover fraud increased by 282% with losses totalling over $30 billion globally.
Scammers do not rely solely on the information obtained through data breaches. With the increase in automation, bots have broadened the scope for scammers to attempt fraud across thousands of accounts quickly.
Scamming through loyalty schemes is also trending as cyber criminals may target loyalty program accounts that are dormant.
Loyalty points are just as good as cash and are less protected, providing cyber criminals with the opportunity to steal them, make purchases, and either sell the goods or exchange them for gift cards.
What can businesses do to face the threat of cyber fraud?
The net has been cast wide when it comes to cyber fraud. With the increase in fraudulent activities, businesses must prepare themselves and their employees to know more about fraud trends that are on the rise and take the necessary steps to prevent them.
The best way to prepare your team is to support them with top-of-the-line training which will help them fight cyber criminals at an individual level, protecting your organisation, themselves, and their communities.
View our available courses here >
Phriendly Phishing is here to support you on your cyber security journey.
If you would like a confidential in-depth chat about how we can help you, please reach out to our team today on 1300 407 682 or firstname.lastname@example.org. Alternatively, fill out this form to request a free demo.