Remote access scams are circumventing traditional fraud controls, including device identification, IP geo-location and two factor authentication. In this article, we explore the attributes of these scams, the size of the problem, trends in scam losses and the new mitigation controls that are helping solve the problem.
What is a remote access scam?
Remote access scams are a unique scenario where victims are socially engineered to provide remote access to their computer via a legitimate remote access tool, such as TeamViewer, Go-To-Meeting or VNC. Sometimes called a tech support scam, the scenario typically involves a caller pretending to be from a trusted technology, finance or telecommunications brand reaching out to solve a fictitious computer problem (e.g. 'virus').
Once the attacker has control of the victim’s device, they use the access to circumvent traditional fraud prevention controls (e.g. trusted device, IP address, etc) and steal money from the victim's bank accounts. Over 80% of these computer scams originate via a phone call, and 70% of the victims are aged 55 and over.
How big is the problem?
Remote access scams are now the fourth largest scam type in Australia. As of September, the total reported losses via the ACCC are $3.5 million, yet this only represents reported losses. We can safely assume that total losses run well into the tens of millions per annum. The losses are on the rise as well, with August 2019 representing the second largest single month of reported remote access scam losses in Australia.
What is the impact to victims?
From a trust and emotional perspective, all victims are materially impacted by scams. From a loss perspective, the amounts can vary from a few thousand dollars to someone's entire life savings. Different banks have different approaches in terms of reimbursing customers — that is, at what stage is the bank liable for protecting the customer vs. the victim being responsible. However, the momentum continues to swing toward victims being reimbursed through initiatives such as the new contingent reimbursement model that was adopted by many of the UK banks in May 2019.
How can we protect victims?
Educating consumers and businesses about tech support scams, computer scams and any new tactics is the starting point. There is a lot of great work completed in this space by entities such as Scamwatch as well as by banks, including NAB, CBA, ANZ and WBC. However, this is not an issue that can be addressed in isolation, as the sophistication of scams continues to improve.
What can banks do to detect remote access scams?
From a technical perspective, remote access scams can be detected with the right solution. BioCatch is extremely effective at identifying an active remote access session through in-session behavioral analysis and identifying key risk indicators. There are other techniques to detect remote access, such as port scanning, but these may be circumvented by using remote access tools that utilize standard http/s network ports (80/443), so that the remote access session is blended with general internet traffic.
For this reason, BioCatch behavioral biometrics technology is a unique and effective way to provide real-time alerts of remote access scams without interfering with the user experience. BioCatch continuously monitors a user’s physical and cognitive behaviors to detect scams, so even if a remote access attack takes over a trusted device, it can be stopped before damage is done.
If you would like to know more about BioCatch’s solution for remote access attacks, get in touch with our team.
This post was originally published on by Tim Dalgleish LinkedIn. Read more here.