I don't know anyone who hasn’t received at least one scam call already this year — I received two yesterday alone. In the past two weeks, I've had scam phone calls from Belgium, Uganda, Senegal, Cuba, and Estonia and multiple from Australia. It’s not surprising, then, that phone scams are receiving increased mainstream media coverage, and increased focus from regulatory bodies.
Scams are one of the largest fraud issues facing both consumers and providers of financial services. In my 15+ years in fraud prevention, financial scams are the most awful type of fraud I’ve seen. The victim is typically (but not always) from a vulnerable demographic, and there are thousands upon thousands of heartbreaking stories.
Common Types of Scams Used by Criminals
Financial scams are known by different names, such as Authorised Push Payments (APP), social engineering and vishing, but the core of the attack scenario is as follows:
- A victim receives an unsolicited contact (often a phone call) from an attacker, who pretends to be a well-known and trusted third party (e.g. bank, telco, government, or tech company).
- The victim is led through the scam scenario, often one of the following:
- Tax. You have an overdue tax bill and will go straight to jail if you don't pay immediately
- Unexpected windfall. You’ve received a prize or inheritance, but need to pay to unlock the riches.
- Computer problem. Your computer is infected with a virus and needs to be fixed ASAP.
- Romance. You’ve met the love of your life, but they need some money to meet you.
- Investment. You’re being offered a once-in-a-lifetime investment opportunity, but must send money to secure the deal.
- Typically, the victim then either:
- grants remote access of their computer to the attacker, or
- is coached through making a payment themselves to a mule account.
In reality, scams are just another variation of social engineering. In the age of very effective email spam filters, the bad guys have had to diversify back to the ‘old school’ phone channel — hence the explosion of scam calls. The cost of making a VOIP call is effectively zero, so therefore equally as efficient as email for mass distribution of attempts.
Solving the Scam Problem
The costs of financial scams are growing rapidly. In the UK, £354 million in APP fraud was reported in 2018. More than $10 million AUD is reported per month in Australia. I strongly suspect that this is only the tip of the iceberg, as many people are too scared or embarrassed to report what has happened. The actual figure could easily be two to three times the reported amount.
However, there is hope. There is a growing movement to protect victims and improve how scams are managed. Initiatives include:
- Metrics. “Make what you measure” is a concept that I am a strong advocate for. Reporting and publishing statistics quantifies the magnitude of the problem and gathers far more attention than anecdotal evidence. The UK and Australia are two great examples.
- Industry initiatives. The best example of this is the UK-based APP Scams Steering Group, which has published a new “Contingent Reimbursement Model” for APP banking scam victims. The UK is leading the way, and it will be interesting to see how other countries follow.
- Technology. Detecting vulnerable customers and protecting them from scams is possible, it’s just hard to do. Correlating in-session activity (with solutions such as BioCatch), with payment behavior and customer profiles is a powerful combination to detect scam events.
- Education. Proactive education by governments, industry bodies and banks help to make the public aware of different types of scams. The use of both mainstream and social media channels is becoming commonplace, and something that most banks are actively involved in.
Scams are a really difficult problem, but they are solvable. For banks that have the privilege of managing a consumer’s financial life, protecting customers is a core obligation. It’s great to see banks putting a genuine focus on how to improve the problem.
Learn more about how BioCatch uses behavioral biometrics to detect financial scams here.