Today, inboxes, messaging channels, and social media are overwhelmed by a horde of malware, social engineers, and scammers who are keen to separate you from your money. In the United States alone, they fire off more than 300B emails a year and >400MM text messages a day. At this volume, the success rate could be measured in basis points, and yet, clearly, it is still economically viable for the attackers to have scaled up and industrialized the attack.
But it’s not insurmountable for us to overcome this spam tidal wave. We simply need to focus our efforts where they will be most successful and accurately engage the right parties at the critical moment.
Don’t I know you? The accidental text
Consider the 'accidental text' message, which may seem harmless but is part of the scamming tactics.:
I regularly receive messages on WhatsApp addressed to names I've never used.
Or consider those seemingly innocuous 'new phone, who's this?' messages sent via conventional SMS."
I’m sure you see these come through your channels with some frequency and rapidly disregard them. Or, if you’re bored, you might toy with them a little bit, understanding their modus operandi. There’s a whole subreddit (r/scambait) dedicated to some of the finer ways that would-be victims turned the tables or wasted their time. . . and it’s cathartic, if not overtly obscene.
Recently, our guest blogger, Al Pascual, did a few pieces on why these matter to financial institutions, which is worth a read in itself. So, let’s get a sense of what the scammers are after with this approach.
You take the bait and get a pitch
What comes after you correct this person on your identity and interests? Consistently, it’s an apology for the misunderstanding and a good-natured ‘nice to meet you, sir/madam!’ They keep the conversation going around what you do, perhaps sending a picture, and then the inevitable ‘let’s get an investment in crypto’ pitch quickly follows.
The vehicle for making the investments is frequently under the bad actor’s control, but this is almost irrelevant, as inevitably, they simply want to separate you from your money.
Investment Scams: The Promise of Riches
You likely already know this is called pig butchering, as in, scammers fatten up pig (victim) by promising a high rate of return on investment and then ghosting (butchering) them after taking their cash. And these scams are remarkably effective. Just last month, an indictment was revealed for just four individuals who scammed victims for approximately $80MM.
This is just one typology in the investment scam universe. Let’s explore the romance scam side of the house a bit more.
Romance Scams: The Promise of Love
Moving on to romance scams, which often promise love, the Netflix documentary 'The Tinder Swindler' provides a compelling depiction of this type of fraud. I’d recommend it if you haven’t seen it yet, as it does an excellent job of highlighting the human side of fraud and the lure of true love. And wouldn’t you know it: The investment scam typology also extends into this space. These are both tried and true methods of getting a victim to make an authorized push payment (APP) and thus avoiding conventional detection or prevention controls.
Protecting Victims from Scammers—and Themselves
Love—and the love of money—is a powerful force and can often override self-preservation. Despite awareness campaigns and direct communications from financial institutions to their customers that their new love or investment partner is actually a bad actor, people are still victimized daily.
Institutions are aware they need to protect their depositors and customers from themselves as a core competency. A layered, defense-in-depth approach to scam detection can transform a scam or fraud event, from a lost customer to a brand ambassador. And there is good news: there are now emerging methods to initiate a defensive posture. Consolidating a few innovations and novel approaches can yield a shift in outcomes that are favorable to both the financial institutions and the consumers they serve.
To that end, what is needed are smarter and novel types of additional controls deployed to fill this gap… these are new actions that are complementary and in parallel to the ones we have been historically using for fraud management; I’m specifically referring to our tried-and-true internal alert triggers and payment declines to respectively detect and prevent losses from occurring.
With Behavioral Biometric Intelligence, we can synthesize novel data elements and deploy new detection models that bring fraud and scam capture opportunities back into the crosshairs. The best part of this is that it can serve romance and pig butchering use cases, as well as many more APP-scam typologies. But this is only one side of the equation: where to take this signal and properly leverage it is the missing piece.
Quite a few institutions have embraced a method of having their customers have direct interactions in an online session based on the relative scam risk of an online banking session. A pop-up, sometimes called an interstitial, can be triggered during an online banking session based on the assessed risk of a scam can be triggered based within an online banking session, relative risk of a possible scam. It can be customized to be as intensive and friction-enabling as desired, based on the scenario. Best of all, these controls can be automated and often require no additional staffing to provide the customer with just the right amount of detail to enable their protection and your institution's risk appetite.
Some examples of these types of controls are already in production at forward-thinking institutions and new technologies are starting to emerge with the potential for wrap-around services and demonstrate the capabilities for further protecting end users. BioCatch’s behavioral biometric-based scam detection models tied to customer-centric services that help the end-user determine the potential risk of them sending a payment to a bad actor/suitor or pig farmer are a solid path forward to inoculate your institution and your customers.
Win the Hearts of Your Customers
So, as we approach February and Valentine's Day, remember that romance and investment scams are solvable. We don't need to eliminate spam entirely if we can effectively adapt our customer and system responses to these threats.
Ultimately, despite the liability shifts and network compliance mandates that we are all realizing in today’s environment, we can do what’s right for all stakeholders and align it under an umbrella of controls innovation to realize a positive outcome.
Contact us today to request a briefing and learn more about protecting against scams.