The first lesson taught to anyone working with classified data is that if someone can get all the little pieces of the picture, they’ll eventually have the whole picture. Unfortunately, many users of social media are learning this lesson the hard way.
Cifas, a leading group in fraud protection, recently released its report on the fraud landscape for 2016 and the numbers are staggering. According to Cifas, its members alone prevent £1.1 billion in fraud losses in 2015! And that’s just the tip of the digital iceberg. According to the report, 62 percent of all fraud and 86 percent of all identity theft is made possible through the internet.
The Cifas report cover a number of fraud types and it is worth reading the full report if you’re an asset manager. For cyber security professionals, there are two numbers that should be glaringly disconcerting. Between 2014 and 2015, identify fraud rose 49 percent while bank account fraud rose 59 percent over the same period. It should come as no surprise.
Identity theft is a known enabler of bank account fraud and as social media continues to grow, it is becoming easier and easier for criminals to piece together the personal information of its users. In 2011, 10.6 percent of identity fraud involved the use of fictitious identities as compared to only 3.6 percent in 2015, indicating criminals are getting better at reconnaissance of their intended targets.
Punctuating the problem with identity theft, a short film on the ease at which hackers can steal your personal information was released on the same day as the Cifas report. The short clip on YouTube, a little over a minute and half, takes place a local coffee shop. As customers buy their double lattes, a nondescript van sits outside the shop collecting the personal data coffee shop patrons as they surfed their phones while waiting for their cup Joe. It’s a compelling video and hits its target audience, twenty-somethings, square on their social media feeds and iPhones.
According to Cifa’s research some 24,000 identity fraud victims were under the age of thirty, a 52 percent increase over 2014 and more than doubling since 2014. At the same time, 49 percent of first party fraud was committed by people under the age of thirty. It’s this last statistic that shows how pervasive the problem is. Being creatures of opportunity, fraudsters are likely to take advantage of the easiest targets that they are most familiar with, reducing the risk of being caught targeting unknown territory. This number suggests that there needs to be more education focused on our youth as to what fraud is and how to prevent it. Let’s face it, the internet generation is also the most likely group to publish more details about their personal lives making reconnaissance all but a breeze rather than a chore for criminals.
Being creatures of opportunity, fraudsters are likely to take advantage of the easiest targets that they are most familiar with, reducing the risk of being caught targeting unknown territory. This number suggests that there needs to be more education focused on our youth as to what fraud is and how to prevent it. Let’s face it, the internet generation is also the most likely group to publish more details about their personal lives making reconnaissance all but a breeze rather than a chore for criminals.
Fraudsters are also adapting to the changing economic conditions. The Cifas report shows that the gender gap between males and females is closing with a 4 percent shift between the sexes. However, forty-year old men, 60.5 percent, remain the most likely targets of fraud. According to Cifas, this is likely due to the perception that men in that age bracket are more likely to have access to lines of credit making it lucrative for criminals to target. This shift in behavior may indicate a change in the perception as men being the breadwinners as governments continue tackle problems of the pay gaps associated with gender inequality in business.
Fraud isn’t just increasing among individuals. The U.S. Federal Bureau of Investigation (FBI) has been warning businesses about so-called Business E-Mail Compromise (BEC) campaigns for well over a year. The attack is simple, criminals target C-level executives with well-crafted emails, enticing wire transfers of funds. The emails are real enough, including actual signatures over company seals in some cases, to trick unsuspecting victims to transfer large sums of money. On average BEC victims lose $130,000 according to the FBI’s Internet Crime Complaint Center (IC3).
Both the Cifas report and the FBI’s warnings are just pieces of a much more global phenomenon. Fraud and attempted fraud is finding its way into some of the very underpinnings of the global finance infrastructure. Once believed to be stalwart of fraud, SWIFT, the global financial network use by banks to transfer billions of dollars, has recently come under attack resulting in an attempt of stealing over a billion dollars from the Central Bank of Bangladesh. Fortunately, the attack only resulted in losing US$81 million but has placed increased scrutiny on the SWIFT network, the integrity of its software, and protection of its infrastructure.
Though fraud is likely to remain a concern for the developed world, emerging markets are also becoming a favorite for criminals. Perhaps, there is no greater example of this than Brazil. The up-and-coming country now ranks second worldwide in online banking fraud and financial malware, according to cyber security firm Kaspersky. According to CERT.br, security notifications ballooned to 197 percent in 2014 over 2013! Moreover, there was a whopping 80 percent increase in fake online banking and e-commerce pages and 40 percent increase in fraud attempts. With the Olympics just around the corner, these numbers are likely to increase significantly.
Sadly, fraud is likely the new normal as we Facebook, Instagram, and Tweet our lives out for the world to see. As the old saying goes, “security is not convenient.” That said, buy a cup of coffee shouldn’t mean we sell out our bank accounts to criminals either. It’s all about balance, and if we as a community can’t figure it out, getting a cup of coffee is likely going to cost us more than what’s listed on the menu.
Written by: Rick Gamache
Rick Gamache is a freelance writer with 25 years’ experience in the cyber security field. His past work includes the Managing Director of Wapack Labs, CIO of the Red Sky Alliance, and lead FISMA auditor for the US Navy’s destroyer program. Rick has written several high-level cyber and general risk reports with an emphasis on the Nordic countries, India, Russia, and Ukraine and has traveled extensively, speaking on strategic cyber threat intelligence matters as they relate global supply chains.
Twitter – https://twitter.com/thecissp
(Security Affairs – identity theft, fraud)