Financial fraud has increased since the onset of Covid-19 and the resulting uplift in digital banking and hybrid-based remote working, says Leonard McAuliffe, Partner, PwC Ireland Cyber Practice. “According to PwC’s Global Economic Crime and Fraud Survey, among companies having global annual revenues over €9 billion, 52 per cent have experienced fraud and nearly one in five reported that their most disruptive incident had a financial impact in excess of €45 million. The share of smaller companies – those with less than €90 million in revenues – affected was lower; 38 per cent experienced fraud, of which about one in four faced a total impact of more than €1 million.”
A bouquet of scams
Phishing, identity theft, money laundering, investment scams, business email compromise, invoice redirection, smishing, crypto and romance scams are some of the most common scams says McAuliffe. “Of these, the most successful scams are those using phishing as the initial attack vector. Smishing [fraudulent text messages] scams have significantly increased with text messages misrepresenting postal, banking and tolling services being particularly common in Ireland.
“Business emails compromise and invoice redirection are common attack vectors used to orchestrate and fraudulently transfer funds to accounts controlled by fraudsters. These succeed on the basis of urgency, and legitimacy where the recipient believes the request has come from a supervisor or manager.”
Keeping up with the (technology) Joneses
Scammers are using new technology bought on the dark web to deliver their scams, says Carol Lawton, AIB’s head of financial crime. “However, they still use phones and emails to deliver them and need what’s called a mule account that they can withdraw the stolen funds from. The criminals would not be successful if they could not recruit people to transfer the funds through their accounts and act as so-called money mules.
“This is an increasing issue, with people as young as 15 being recruited to these scams and committing criminal offences by allowing their accounts to be used for money laundering.”
Staying safe
Lawton says to stay safe treat every unsolicited message with suspicion. “Everyone should keep the phrase ‘don’t click on the link’ in their minds. Take a moment to ask yourself ‘Is this legitimate?’ before reacting to a call or message. If you want to invest your money, ensure the company is regulated and seek independent financial advice.
“Businesses should ensure that all staff are aware of current scams and that no payments are made without a robust approval process involving several people. Any unexpected or unusual requests for payment must be treated with extreme caution. If you think you have been a victim of fraud, contact your bank immediately and report it to the gardaí.”
One of the most effective protections from financial fraud is awareness and education, says McAuliffe. “Raising awareness of the risks and indicators, and creating a means for reporting to resolve cases when they occur helps to keep customers safe and informed.
“Businesses are also responsible for safely and securely storing required information in compliance with applicable legal and regulatory requirements and to limit the access and use of stored information. Additionally, businesses should monitor and identify abnormal patterns of behaviour that may indicate a customer has become a victim of fraud.”
All about AI
The use of artificial intelligence (AI) can mimic real conversations and instil a false sense of trust, says McAuliffe. “AI chatbots may masquerade as customer service representatives, asking for payment details, personal information or access to the victim’s devices.
“The use of AI in adversarial cybersecurity used, for example, to create phishing attacks, presents additional overhead in identification. Common giveaways such as grammar and spelling mistakes are now largely eliminated. AI can create an accurate narrative that appears to be legitimate and bypass immature controls. When used against non-experienced individuals, such attempts are increasingly likely to convince victims to interact with the fraudsters.”
On the other hand, as fraud scams become more sophisticated, AI can help by better targeting unusual and suspicious behaviours, says Lawton. “The benefit of AI is that our fraud prevention systems can learn and adapt to the ever-changing fraud techniques used by criminals, which means we’re improving our ability to respond to new scams much faster. AI is also contributing to fraud with evidence of deepfake links and voiceovers being used in scams. Examples include investment and text message fraud.”