sb-as logo
Story image

Financial account takeovers on the rise - Kaspersky

Every second fraudulent transaction in the finance industry during 2020 was an account takeover, according to a new report by Kaspersky.

Anonymised statistics of events detected by Kaspersky Fraud Prevention from January to December 2020 found the share of such incidents increased from 34% in 2019 to 54% in 2020. Two schemes to get access to a bank account – ‘the rescuer’ and ‘the investor’ – remain among the most common since 2019.

The importance of digital financial services and e-commerce increased in 2020 with people spending more time at home as a result of the pandemic. Kaspersky experts suggest that, in turn, it caused a spike in social engineering techniques being exploited by cybercriminals. That’s why it is especially important both for financial institutions and clients to be aware of typical fraudulent schemes and to be able to protect themselves, the company says.

In addition to the rise of successful account takeovers, in 12% of fraudulent incidents, legitimate remote administration tools (RAT) such as TeamViewer were misused in an attempt to gain access to user accounts.

Kaspersky Fraud Prevention team distinguishes that there were two common types of approach used by attackers to obtain access to accounts – both continuations from similar trends noticed in 2019. The first tactic sees scammers masquerade as ‘the rescuer’, where they pretend to be security experts and act out scenarios to ‘save’ users. They call bank customers posing as security officers and report suspicious charges or payments and offer their help. 

The rescuer may ask customers to verify their identity through a code sent in a text message or push-notification, to stop a suspicious transaction or to transfer money to a ‘secure account’. They can also ask a victim to install an application for remote management pretending that it is required for troubleshooting. The scammers often introduce themselves as employees of the largest bank in the potential victim's region and use a spoofed caller ID for incoming calls to pose as a real bank.

The second example is where cybercriminals act as ‘the investor’. This scenario involves fraudsters posing as employees of an investment company, or as investment consultants from a bank. They call customers offering a quick way to make money by investing in cryptocurrency or shares directly from the client's account, without having to go to a bank branch. As a prerequisite for providing the ‘investment service’, the investor asks the potential victim for the code received in a text message or push notification.

“Bank clients always place a high value on ease of access to their accounts and performance of usual financial operations. And now this has become especially important," says Claire Hatcher, head of business development, Kaspersky Fraud Prevention.

"That is why we believe that solutions for the financial industry should provide a high level of security measures - including protection against fraud - which are seamlessly integrated into the user experience," she says.

"And of course, it’s worth regularly reminding clients about fraudsters’ techniques, so that they are likely to notice something."

To help individuals and businesses stay protected from ever-changing fraud techniques, Kaspersky recommends online services and retailers adopt the following measures:

  • Limit the number of attempts to conduct a transaction; cybercriminals may try several times to enter correct credentials
  • Educate your customers on possible tricks malefactors may use. Regularly send them information on how to identify fraud and the best way to behave in this situation
  • Conduct annual security audits and penetration tests to find security issues in a company’s network
  • Have a dedicated fraud analysis team capable of finding and analysing the emerging methods fraudsters are using
  • Implement multi-factor authentication to minimise the chance of accounts being taken over
  • Install a fraud prevention solution that can be quickly adapted for identifying new attack schemes and methods