The Changing Shape of Online Fraud
When I joined MarkMonitor, nearly ten years ago, and first started looking at crime and deception on the Internet, one of the most prolific issues was the “phishing” of consumers’ credentials for online financial services accounts. The UK high street banks were virtually under siege from fraudsters distributing tens of millions of emails demanding the recipients to “click on this link and urgently update their password” or some such scam, and many of them suffered significant losses as a result.
Over the subsequent few years, most of the targeted organisations took steps to mitigate the problem – hiring organisations such as our own to remove the offending sites and collection points, educating their customers to be vigilant and not to respond to links in emails. In many cases they also added some form of dual factor authentication (essentially a second password or code, generated in real time via a keypad or one’s phone) to make it much harder for criminals who had obtained access to an account to actually withdraw money. Today, consumer phishing in relation to the banking and finance sector still exists, but it is a much less lucrative business for the criminals and the target enterprises consider it a “bread and butter” problem to deal with.
However, just consider how our daily lives have changed over those same 10 years – how many times a day do we each log in to some website or application to do everything from booking travel and posting on social media to viewing a utility bill or ordering the weekly grocery shopping?
Username and password management has become an onerous but necessary task for pretty much everyone, and in providing us with the joys of self-service (aka organisational cost savings) most consumer facing organisations have opened themselves up to the same risks that the banks were facing ten years ago. Look at what is behind some of those user IDs – credit card details, online wallets, cash balances and entire identities that could be hijacked and used for subsequent online fraud, such as opening a fake bank account or applying for a loan. Consider, also, that a hijacked social media account is worth more on the Dark Web than a set of stolen credit card details!
What does this mean for today’s online consumer and, indeed, for the many businesses that thrive on the Internet? First and foremost it means that vigilance is key – with the Internet being a great source of anonymity, as well as providing global access for a network of technologically savvy criminals, it is pretty much the perfect place to commit crime without being traced or caught. Most scams rely on the victim acting on impulse and responding to some sort of call to action without due diligence so, as a consumer, take those extra few seconds to validate the source of an incoming request and determine how likely a given request is to have come from its purported source.
As a business that trades on the Internet, ensure your customers know exactly what you are and are not going to communicate electronically, display a “report suspected fraud” button prominently on your home page, and work with a professional provider of online brand and fraud protection solutions to make certain you take both preventative measures and have resources at hand to deal with an issue, should it occur.
In today’s highly connected online business world, the opportunity that the digital economy offers is matched only by the risks to reputation and revenue that lie in wait for those that do not take adequate steps to protect themselves and their customers.