Cyber criminals have ditched big money scams in favour of ‘silent stealing’ during pandemic, according to a report from the Royal United Services Institute (RUSI) think tank. The paper said a phenomenon dubbed “silent stealing” – where threat actors con people out of as little as £10 – has begun on a mass scale as criminals are “going down market” from big money scams. Individual victims are less likely to report the loss of a small sum of money, while it is difficult for police and banks to know whether they are dealing with a single fraud or a big criminal operation worth millions of pounds, according to the research. Sneha Dawda, one of the authors, said silent stealing has become so popular because the high level of breached data available online makes it easy for criminals to buy people’s personal details and use them for fraud. RUSI last month warned fraud has reached “epidemic levels” and called for the crime to be prioritised as a national security issue with a greater role for the intelligence services.
<p>Cybercriminals exploit confusion and uncertainty. The pandemic has been a case in point with a huge rise in scams and new approaches to exploiting the general public. ‘Silent stealing’ tactics, including unauthorised access to accounts and low level anomalous activity in paystreams are on the rise. But the success of these scams needn’t be inevitable.</p> <p><br /><br />We know the scams and hacks are coming, so we must all understand what is at stake. Personal data is worth more than ever – bank details, passwords, even shopping basket history, and it can be used in many ways to steal money from bank accounts. </p> <p> </p> <p>We must prevent cybercriminals getting hold of the data which allows them to carry out silent fraud. On an individual level, weak passwords and human error – including trusting emails about your order or calls from your bank – will let the hackers in. Organisations that hold customer data also have the responsibility to deploy fully up-to-date cybersecurity that tracks and defends against new threats created by those looking to steal this data. Together, we must all make the job of cyber attackers as difficult as possible. How? By improving cyber hygiene through constant vigilance and exercising zero trust.</p>
<p>Today’s report from the<a href=\"https://rusi.org/publication/occasional-papers/uk-response-cyber-fraud-strategic-vision\" data-saferedirecturl=\"https://www.google.com/url?q=https://rusi.org/publication/occasional-papers/uk-response-cyber-fraud-strategic-vision&source=gmail&ust=1614075939448000&usg=AFQjCNH3wivLZsL_IKsb1OD0SDfbHaN7Iw\"> Royal United Services Institute (RUSI) should</a> come as no surprise. Fraudsters don’t stop their crimes because of a pandemic. In fact, they often seize the immense change that comes with an event like this to ramp up their activity – changing tactics and targeting individuals and businesses whilst they are at their most vulnerable and least protected in order to manipulate their data and steal their personal information.</p> <p> </p> <p>This is why biometrics such as voice and behavioural recognition, fingerprints, and eye scans are critical to a secure online presence. Thanks to years of interacting with smart devices, customers often already feel comfortable with fingerprint ID and facial recognition. Unfortunately, most of these <em>device-side</em> biometric authentication methods don’t have any real impact on stopping fraudsters. This is because, firstly, it is challenging to determine who has created the biometric print, and secondly, the prints are limited to a specific device, making them difficult to leverage across multiple channels and impossible to port from one device to the next. It is therefore server-side biometrics, such as voice biometrics, that will have result in both significant fraud prevention and frictionless, secure, convenient customer experiences.</p> <p> </p> <p>When it comes to fraud, prevention is always better than a cure. In today\’s landscape consumers are more aware than ever of the importance to protect their own information, and they will hold accountable the organisations that don’t do enough to protect the information they share with them. Without question, we need to be one step ahead and education around the most effective security solutions- like biometrics- is key.</p>
<p>When people are scammed out of a small amount that isn’t life-changing, there is little chance it will be reported to the authorities. Some people may not even notice the withdrawal, which is similar to some forms of credit card fraud: a small amount is taken to test the transaction, going unnoticed by the victim, before a larger amount is extracted. However, if criminals have enough card details from unsuspecting victims, they have the potential of withdrawing the same high values across multiple victims.</p> <p> </p> <p>Aiming low, beneath the radar, is a typical tactic used by malicious actors – especially those new to cybercrime. This is particularly prevalent due to the sheer amount of peoples’ financial information spread across dark web markets and underground messaging platforms. However, awareness remains key to preventing this from occurring. Checking bank statements daily and making sure all passwords are unique both help to protect against con artists getting away with our cash.</p>