What is Cyber Enabled Fraud?
Internet fraud (or cyber enabled fraud) is a type of fraud or deception which makes use of the Internet and could involve hiding of information or providing incorrect information for the purpose of tricking victims out of money, property, and inheritance. Cybercrime is expected to cost the world $6 trillion annually by 2021 – up from $3 trillion in 2015.
What are examples of Cyber Enabled Fraud?
· Credential replay – An attack that uses automation to test billions of stolen usernames and passwords from data breaches, old malware campaigns, and old phishing campaigns to identify valid credentials that work at a particular company. The identified valid credentials are then sold to fraudsters who use them to commit financial crimes.
· Malware – A malicious code designed to allow a hacker to make use of an infected system. The hacker can use the system to cause extensive damage to data on the infected systems, damage to other systems, gain unauthorized access to a network, collect information from the system, or use the infected system to remotely impersonate the device’s owner. Malware is deployed to customer desktops, laptops, smart phones, and tablets and covertly sends PII and other sensitive information which is collected and sold to fraudsters who use them to commit financial crimes.
· Active Malware - Malware which tries to change or create interactions between an infected system and an online resource such as online banking to actively commit financial crimes.
· Passive Malware – Malware which collects information from an infected system's interactions with online resources without making or modifying the system’s interactions with the online resources. Passive malware on customer devices cannot be detected be company-focused network security technology making fraud-prevention extremely difficult.
· Phishing - Criminals send emails purporting to be from reputable sources in order to induce individuals to reveal PII, such as passwords and credit card numbers.
· Dark Market activity - The Dark Market or Dark Web is a part of the internet that isn't indexed by regular search engines where credit card numbers, access to bank accounts, all manner of drugs, guns, counterfeit money and other illegal merchandise is bought and sold. Online resource access, financial data, and personal information stolen through the above attacks are often posted for sale in dark markets for hackers and criminals who specialize to illegally gaining access and collecting sensitive information. Fraudsters use these marketplaces to buy the access and data they need to commit fraud for financial gain from the hackers and cyber access criminals.
Who is affected by Cyber Fraud?
Companies who facilitate on-line commerce and/or require PII (Personally Identifiable information), a user name and password to use a company’s digital channel, hold digital assets of value or financial information like credit card or bank account information. All people who live in the digital world are targets for cyber enabled fraud.
· Financial Services (retail banks, online banks, brokerage, trading platforms, cryptocurrency exchangers, payment services, etc.) – Citi, Ally, PNC, JP Morgan, Truist, BofA,
· Credit Cards – Visa, Amex, MasterCard, Capital One
· Streaming services (Netflix, Disney, ESPN, etc.)
· FinTech (Plaid, Yoddle, Mint, Quicken, PayPal, etc.)
· Online retail (Amazon, Target, BestBuy, Walmart, Wayfair, eBay etc.)
· Transportation (FedEx, UPS, American Airlines, United, Delta, USPS)
· Telecommunications (Verizon, Sprint, AT&T, etc.)
· Commerce Apps (Uber, Lyft, etc.)
· Online gaming (Microsoft, Sony, etc.)
What are the impacts of Cyber Fraud to a company?
· Damage to systems and ability to operate either internally or online
· Decrease in customer trust in the digital service resulting in loss of market share
· Enterprise financial statement impact
· Loss of reputation and headline risk for companies impacted
· Fines or other regulatory actions
Who in a company is responsible for protecting against Cyber Fraud?
· Global Head of Fraud
· Chief Data Scientist
· Head of Analytics and Machine Learning
· Head of Fraud and Compliance
· Chief Security Officer/Head of Intelligence and Investigations
· Chief Technology Officers
· Chief Information Officers
· Innovation centers – Chief Innovation Officers
· Chief Risk Officers / General Counsels