Banking Attacks Surge Along with Post-COVID Economy

For many, COVID-19 has been a crushing catastrophe. But for bank scammers, it’s shaped up to be a nice little money-making opportunity.

As the post-pandemic economy roars back to life, cybercriminals are using a new whirlwind of transactions as cover to launch an extraordinary number of bank fraud attacks. In just the past quarter, the number of attacks on banks ballooned by 159 percent.

As the U.S. passes the halfway mark for the number of adults getting at least one dose of the COVID-19 vaccine, economists at Feedzai said overall spending has heated up in parallel. The stimulus is helping quite a bit too, they added. Their latest Financial Crime Report found that compared with January 2021, March 2021 saw a 21 percent jump in spending across state lines and a 410 percent increase in spending across borders, amounting to a 383 percent jump in the dollar amount spent. Notably, the number of transactions grew by 410 percent in just a handful of weeks.

More Bank Transactions, More Bank Fraud

“Good economic news is a global story: Transaction volume for all tracked regions is now greater than pre-pandemic levels,” Feedzai’s latest Financial Crime Report said. “And the APAC region, which has recovered faster and more consistently than other regions, continues to see strong transaction volume. Unfortunately, fraud and financial crime kept relative pace with consumer spending.”

Card Not Present (CNP) transactions were a sweet spot for fraudsters, Feedzai said, making up only 18 percent of credit card transactions, yet accounting for 83 percent of the total fraud attempts. The report advises banks to shore up fraud detection, prevention and mitigation in order to “stop what is only going to be an increasingly substantial problem.”

Old Tactics, New COVID Opportunities

The report goes on to list the most common tactics, and there’s really nothing new there. Most bank scams — 42 percent — are account takeovers, followed by stealing credentials to open fake accounts (23 percent), impersonating a government official or authority figure to get account access (21 percent), selling people stuff online that never arrives (15 percent), and even tried-and-true phishing (7 percent).

One piece of the puzzle that is novel: the chaos brought on by a global pandemic. Once again, cybercriminals are finding social engineering the easiest way to scam people into handing over their data, money and more.

First, no one is behaving normally. Who can even remember what normal was? That makes it hard for FinTech security’s behavior models to figure out what’s fraud and what’s just users’ new normal, explained Netenrich’s John Bambenek.

“Quite simply, fraud models work when user behavior stays constant, and society has been upheaved by the pandemic and fast return to normalcy,” Bambenek told Threatpost by email. “Fraud and cybersecurity teams always need to be mindful of how changes in the world around them can increase risk and how changes in society may impact how we go about detecting malicious behavior.”

The pandemic has also created a haze of confusion, in addition to seismic shifts in consumer behavior and a flurry of new post-pandemic financial activity.

The rise in bank fraud also follows repeated, despicable, yet predictable, attempts to exploit COVID-19 to help pull off fraud.

Hank Schelss from Lookout pointed out that his company’s research shows the number of financial services employees exposed to a phishing attempt held fairly steady between Q4 2020, which was 23 percent, and Q1 2021 (26 percent), which tells him that rather than a focus on banks specifically, this financial fraud surge is tied more closely to attackers trying to cash in on COVID-19.

“This shows that threat actors are taking advantage of the tail end of the pandemic in the same way they took advantage of the uncertainty at the start of it,” Schless said, referring to attacks on everything from vaccine makers, vaccine distribution, hospitals and even trying to steal the identity of people looking for information on their stimulus checks.

Attackers have also set their sights on people returning to offices after more than a year of work-from-home by sending fake CIO communications about new company COVID protocols.

COVID-19 has been a big fat payday for cybercriminals and the economic recovery certainly isn’t immune, as Feedzai’s report outlines.

“Consumers aren’t the only ones making moves, fraudsters are too,” the report said.

Join Threatpost for “A Walk On The Dark Side: A Pipeline Cyber Crisis Simulation”– a LIVE interactive demo on Wed, June 9 at 2:00 PM EDT. Sponsored by Immersive Labs, find out whether you have the tools and skills to prevent a Colonial Pipeline-style attack on your organization. Questions and LIVE audience participation encouraged. Join the discussion and Register HERE for free.