Prioritize the Fraud Epidemic Arising from the Pandemic

Written by

In the Royal United Services Institute’s (RUSI) recent report on the state of the UK’s fraud posture, The Silent Threat: The Impact of Fraud on UK National Security, the defense and security think tank succinctly concluded that fraud is considered “everyone’s problem but no-one’s priority.” It evolves without a clear definition or response. The reality is that an instance of fraud is no longer an isolated incident with an isolated response — and there’s a knowledge gap on how we (the private sector, together with law enforcement) collectively map crime and account for poly-criminality.

 RISU’s report goes on to state, “the largely reactive nature of the fraud response has resulted in a limited understanding of the organized fraud threat and in turn, a lack of operational prioritization of fraud within serious organized crime (SOC) resourcing, leading some respondents to label fraud the ‘Cinderella of crime.’” Simply put, what was once a pesky distraction for payment services and bank security teams is now a matter of national security. The problem is that we cannot view an instance of fraud as only a one-off PR nightmare with an isolated loss of funds; it demands a strategic response integrated into business-as-usual processes globally.

 For some context, fraud has long been a problem for the public and private sectors alike, even prior to the pandemic. In February 2020, for instance, Experian found that 57% of businesses surveyed experienced rising year-on-year fraud losses. COVID-19 has certainly exacerbated this fraud epidemic, with the change in the e-commerce landscape and opportunistic threat actors, among other reasons. In June 2020, Citizens Advice reported that 36% of British adults had been the target of a scam since the lockdown began (a number that has surely gone up since the poll was conducted). Further, the Telephone-operated Crime Survey for England and Wales (TCSEW) revealed that in February 2021, there were 4.4 million fraud offenses in the last year alone.

 In the US, the Internet Crime Complaint Center (IC3) received a staggering 791,790 complaints last year, a nearly 70% increase from 2019, involving more than $4.1bn in reported losses. Major categories of complaints related to the pandemic include:

  • Targeting CARES Act funds.
  • Impersonating government officials to solicit money or sensitive information.
  • Exploiting public interest in a vaccine.

Threats actors are leveraging encrypted messengers — the real Dark Web — to facilitate these schemes.

 At the 2021 Virtual Fraud Conference, Graeme Biggar, director general at the National Economic Crime Centre with the UK’s National Crime Agency, said, “There is an enormous amount of data out there, and if we use it intelligently, then we can make a really big difference. If we could also begin to merge this with bank transaction data — as banks are getting much more sophisticated in their transaction monitoring — we will be better able to spot individual frauds or money muling.”

Together, businesses and governments must begin to intelligently review internal datasets (like transactions) and external datasets (in the public domain). However, it’s becoming harder to determine the difference between what lies inside and outside a business. No longer are we referring to only brick-and-mortar exterior walls. Instead, we must consider all brand engagements. The lines are continuously blurring around a brand’s security perimeter.

Importantly, finding the root cause of fraud involves offensive counter-fraud, as opposed to playing whack-a-mole. Counter-fraud initiatives include proactively leaving no stone unturned to identify where an attack, impersonation or leak has happened before anyone else does, providing an opportunity to control the narrative. This means adjusting your perimeter wall to ingest how the outside world mentions, trades and steals data relating to your businesses. By monitoring the entire digital risk spectrum, you can eliminate the impact and source of fraud. This gives enterprises the gift of time, a critical factor in mitigating the fallout from financial, reputational and strategic perspectives.

What’s hot on Infosecurity Magazine?