Cybercrime is opportunistic, and there is no time like the present for criminals to adapt their tactics, old and new, to defraud online customers. Remote access scams are one of those tactics, and the number of attacks has grown during the COVID-19 pandemic. Cybercriminals are using the unstable environment to their advantage to take over digital accounts. We’ve seen remote access used more frequently by both legitimate users and criminals as more of everyday life shifts online.
In this article, we explore the attributes of these scams, the size of the problem, trends in scam losses and the new mitigation controls that are helping solve the problem.
What is a remote access scam?
Remote access scams are a unique scenario where victims are socially engineered to provide remote access to their computer via a legitimate remote access tool such as TeamViewer, LogMeIn, Go-To-Meeting, or a similar remote desktop software. Once given permission to take over the computer, the scammer is able to steal personal and financial information which can later be used to defraud the victim.
Over 70% of these computer scams originate via a phone call, and 82% of losses are against victims aged 65 and over.
How big is the problem?
In Australia, remote access scams are now the sixth largest scam type. As of September, the total reported losses via the ACCC are $4.7 million, yet this only represents reported losses. We can safely assume that total losses run well into the tens of millions per annum. The losses are on the rise as well, with September 2020 representing a new record, with over $1.1 million lost and in excess of 1000 cases reported.
What is the impact on victims?
From a trust and emotional perspective, all victims are materially impacted by scams. From a loss perspective, the amounts can vary from a few thousand dollars to someone's entire life savings. Different banks have different approaches in terms of reimbursing customers — that is, at what stage is the bank liable for protecting the customer vs. the victim being responsible. However, the momentum continues to swing toward victims being reimbursed through initiatives such as the new Contingent Reimbursement Model Voluntary Code, or simply “the Code” to some, that was adopted by many of the UK banks in May 2019.
How can we protect victims?
Dubbed the “call that could wipe out your life savings,” four in ten consumers have not heard of remote access scams. Protection begins on the front lines, and raising awareness about these scams with consumers and businesses is a starting point. There is a lot of great work being done in this space by entities such as Scamwatch and UK Finance as well as by the banking industry itself. However, this is not an issue that can be addressed in isolation, as the sophistication of scams continues to improve.
What can banks do to detect remote access scams?
Most authentication and fraud prevention solutions rely on known device and IP location parameters to measure fraud risk. While these controls can be effective, RATs, by design, circumvent traditional fraud detection tools that look for the presence of malware, bots, and blacklisted devices, or IP addresses.
Instead of relying on static controls, BioCatch uses machine learning to model behaviors and can differentiate a genuine user from a cybercriminal in real-time. Using behavioral biometrics, banks are able to protect customers after login and by detecting unusual behaviors that are indicative of RAT activity or social engineering. When a user accesses their online banking site, BioCatch monitors a user’s actual behavior and compares it to their historical profile. This detects anomalies and characteristics that are indicative of fraud as they occur. For example, hesitation on the part of the user may be observed through intuitive actions such as clicking on the Submit button. In a remote access scam and other social engineering attacks, it has been shown that there is a statistically significant increase on average in the time it takes users to perform simple actions.
In a recent example of a top 5 UK bank, BioCatch was able to put the brakes on a sustained cyberattack involving the Dridex malware, which was capable of taking over customer accounts. By removing the blind spots, BioCatch enabled the bank to detect 81% of fraudulent transactions with less than a 0.05% alert rate. In one of the most notable cases, the bank was able to prevent an attempted £1.6M fraud transaction that involved a remote access attack.
This post was originally published on by Tim Dalgleish LinkedIn. Read more here.