Fraudulent transactions owing to account takeover increased significantly in 2020: Report

Hemani Sheth Mumbai | Updated on February 10, 2021

From January to December 2020, the share of such incidents increased from 34 per cent in 2019 to 54 per cent in 2020.

Cybersecurity incidents of fraudulent transactions owing to cybercriminals taking over a user’s account increased significantly in 2020 as compared to 2019 according to a report by cybersecurity firm Kaspersky.

As per the report by Kaspersky Fraud Prevention, every second fraudulent transaction in the finance industry in 2020 was an account takeover incident i.e. when a cybercriminal gains access to user accounts and takes over.

From January to December 2020, the share of such incidents increased from 34 per cent in 2019 to 54 per cent in 2020.

“The importance of digital financial services and e-commerce increased in 2020 increased in 2020 with people spending more time at home as a result of the pandemic. Kaspersky experts suggest that, in turn, it caused a spike in social engineering techniques being exploited by cybercriminals,” Kaspersky said.

Also read: Data of nearly 23 million users of online children’s game Webkinz leaked on the dark web: Report

Cybercriminals leverage two primary tactics to gain access to a user’s bank account – ‘the rescuer’ and ‘the investor’ as per the report.

“The first tactic sees scammers masquerade as ‘the rescuer’, where they pretend to be security experts and act out scenarios to ‘save’ users. They call bank customers posing as security officers and report suspicious charges or payments and offer their help,” explained Kaspersky.

The scammers may ask customers to verify their identity through a code sent in a text message or push-notification, to stop a suspicious transaction or to transfer money to a ‘secure account’. They may also asked the targeted user to install an application for remote management pretending that it is required for troubleshooting.

“The scammers often introduce themselves as employees of the largest bank in the potential victim’s region and use a spoofed caller ID for incoming calls to pose as a real bank,” Kaspersky explained.

In the second tactic, cybercriminals act as ‘the investor’.

“This scenario involves fraudsters posing as employees of an investment company, or as investment consultants from a bank. They call customers offering a quick way to make money by investing in cryptocurrency or shares directly from the client’s account, without having to go to a bank branch,” as per the report.

“As a prerequisite for providing the ‘investment service’, the investor asks the potential victim for the code received in a text message or push notification,” it added.

Also read: Cyber threats disguised as popular learning platforms up 60% in H2 2020: Report

Apart from successful account takeovers, in 12 per cent of fraudulent incidents, legitimate remote administration tools (RAT) such as TeamViewer were misused in order to gain access to user accounts.

“Bank clients always place a high value on ease of access to their accounts and performance of usual financial operations. And now this has become especially important,” said Claire Hatcher, Head of Business Development, Kaspersky Fraud Prevention.

“That is why we believe that solutions for the financial industry should provide a high level of security measures - including protection against fraud - which are seamlessly integrated into the user experience. And of course, it’s worth regularly reminding clients about fraudsters’ techniques, so that they are likely to notice something,” Hatcher added.

Follow us on Telegram, Facebook, Twitter, Instagram, YouTube and Linkedin. You can also download our Android App or IOS App.

Published on February 10, 2021