Tips for Fraud & Security Teams Working Remotely During COVID-19

Apr. 2, 2020 | by Ayelet Biger-Levin

Fraud and security teams are facing an uphill battle as the COVID-19 pandemic continues to spread around the globe, including the need to secure a remote workforce and protect customers from coronavirus security risks and threats as well as everyday financial fraud, while working remotely themselves. The rapid spread of the virus left organizations little time to prepare, and much has been written about the security concerns of the large-scale shift to a work-from-home world.

At the same time, coronavirus-related cyberattacks are introducing a whole new arena of risks to monitor and respond to. Further, the number of people accessing online services, and how they access them, is changing dramatically. As shelter in place orders take effect around the globe and non-essential businesses shut their doors, people are wisely staying in to play their part in slowing the spread of COVID-19. Since we can’t go out, we go online.

Already, BioCatch has detected a new trend of individuals using remote access tools to log in to banking services. Many people who normally access their online banking account from a secure computer — located at their office, for example — can’t do so anymore and are finding new ways to operate. With such shifts in behavior, it will be difficult for fraud and security teams to tell the difference between genuine users changing their activity versus security incidents and fraud situations that need immediate attention.

"How do I tell what's normal and what's not when nothing is normal?” questioned Craig LaCava of Optiv Security. Here are a few tips for your team.

Tips for Distributed Fraud Teams

  • Stay in constant communication: Set up ways for team members to easily and quickly get in touch as needed. This is true for any remote set up, but even more crucial for fraud teams as questions about alerts and other activity require immediate response.
  • Document: Document how your fraud team should address new situations and threats as they occur. Because teams can’t take a hands-on approach to resolve concerns, documentation will be key to provide a single source of truth in addressing issues as they arise.
  • Acknowledge the need to shift rapidly: Right now, everything will look different — new patterns, new activity, new attacks. Existing controls will likely need to be adjusted to take into account evolving factors, particularly as customers are changing their patterns and cybercriminals are launching new attack methods.Make sure that the controls you have in place go beyond solving a specific pattern and cover a wide variety of threats, leveraging machine learning and AI to detect anomalies.

Top Attack Vectors to Monitor


Phishing and malware have been the primary source of scams and cyberattacks since the outbreak of COVID-19. Cybercriminals are exploiting the situation, but they aren’t afraid to lie in wait within an organization. Both methods allow criminals to hunt down sensitive data that can be used for future attacks or fraud.

The World Health Organization (WHO), the U.S. Health and Human Services Department, hospitals, testing centers, and other health-related organizations have been primary targets, but the risks extend to all organizations. Financial institutions are at particular risk of social engineering schemes, whether through phishing to harvest bank account information or voice scams that trick customers into making authorized, yet fraudulent, transactions as a scammer walks them through a money transfer.


Staying Safe in the Days Ahead


The best advice is to continue to encourage employees to follow cybersecurity best practices and to be on even higher alert for suspicious phone calls, emails, links, URLs, social media posts, and more. Be vigilant when dealing with payment requests via email, calls from “healthcare officials,” or requests for money to help relatives. All are likely to be forms of social engineering scams. Though we want to believe the best in humanity, especially in a time like this, cybercriminals have proven time and again they are not afraid to capitalize on fear and misinformation to gain access to our sensitive information.

Our work and personal lives have been altered in countless ways, and there are many unknowns on the horizon. In the days and weeks ahead, BioCatch will continue monitoring for emerging patterns in both criminal and genuine user behavior to support fraud teams as they adjust to the new realities.

Our global team is on standby to address your questions. Please be in touch if we can be of help.